Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Yz1L-vGLFBcr-UNMos0gLjPjG1s.roa
File: Yz1L-vGLFBcr-UNMos0gLjPjG1s.roa (raw, json)
Hash identifier: DXuFGDKadTRtQJBcDqchflvGPdzIBexXLtYXjuRTjuI=
Subject key identifier: 63:3D:4B:FA:F1:8B:14:17:2B:F9:43:4C:A2:CD:20:2E:33:E3:1B:5B
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018A4FA8E979A90F4654ACCB3A817FDA18E6
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Yz1L-vGLFBcr-UNMos0gLjPjG1s.roa
Signing time: Fri 01 Sep 2023 07:33:04 +0000
ROA not before: Fri 01 Sep 2023 07:33:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 85.204.148.0/22 maxlen: 22
5.35.192.0/21 maxlen: 24
84.234.16.0/20 maxlen: 24
194.88.96.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
93.113.184.0/21 maxlen: 24
194.88.112.0/20 maxlen: 24
91.232.136.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:4f:a8:e9:79:a9:0f:46:54:ac:cb:3a:81:7f:da:18:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Sep 1 07:33:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=633d4bfaf18b14172bf9434ca2cd202e33e31b5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:8d:bb:cb:4b:68:54:ca:64:93:9a:06:23:49:
7c:0a:4d:98:5e:41:82:2b:01:6a:25:48:4a:e4:b8:
fd:06:78:05:7b:0d:0d:bc:13:4b:47:76:8a:e0:3b:
b8:0f:7f:cd:4f:06:a5:79:0f:be:12:02:77:70:52:
60:06:98:f3:88:68:3a:6b:be:30:7f:7c:00:8d:5e:
5a:24:cd:c8:c0:f4:8f:b7:54:76:a0:0a:71:24:9a:
2b:20:21:f6:b1:9d:8b:67:64:b7:d1:a3:89:f7:ee:
fc:29:90:84:83:c2:7e:69:8a:59:e5:d8:75:1f:38:
4b:ad:5f:8c:38:b8:d1:7a:b8:0e:cb:51:c4:d2:cd:
fa:72:48:e6:8b:d9:08:45:f8:59:5e:9b:2d:a8:c7:
ff:cd:fd:75:cb:a5:df:97:b2:fb:32:7c:75:aa:b3:
eb:fd:81:b1:70:23:55:6f:10:85:5c:a9:3c:f1:11:
bb:57:df:d7:d9:c8:7b:28:42:1f:8c:95:69:11:5b:
a9:66:40:45:52:b5:ee:9b:1d:06:dc:a5:26:2b:43:
2b:ef:0f:bb:32:9d:fc:5e:57:5b:b5:db:da:88:1f:
3b:a6:ef:f9:c3:9a:c0:b5:09:ed:ce:17:10:11:e7:
48:37:2e:f6:b8:3c:b7:f5:9a:98:48:48:b5:b5:03:
d5:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:3D:4B:FA:F1:8B:14:17:2B:F9:43:4C:A2:CD:20:2E:33:E3:1B:5B
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Yz1L-vGLFBcr-UNMos0gLjPjG1s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
84.234.16.0/20
85.204.148.0/22
85.204.160.0/22
91.232.136.0/22
93.113.184.0/21
194.88.96.0/21
194.88.112.0/20
Signature Algorithm: sha256WithRSAEncryption
16:4d:90:de:0f:32:5a:28:68:07:9e:cb:a6:cc:c2:08:08:6d:
a8:ca:f2:3c:6c:a4:55:6c:b8:c3:92:55:18:1b:4f:2b:a7:b1:
e6:15:14:a3:b7:7c:7c:fc:df:e0:6c:fa:c3:5c:2e:17:1d:7c:
db:96:f7:96:a1:bb:b7:17:e3:18:25:80:a8:00:5a:8e:b2:d1:
1f:4b:79:a2:98:41:c3:25:ef:6d:c9:10:39:92:52:f9:db:cd:
5f:6a:fc:99:c2:bf:2d:31:10:7a:5f:6f:53:d5:e6:16:71:a6:
e2:a4:13:33:11:f1:54:a6:28:4f:62:a4:53:bd:f6:a2:c5:df:
46:42:a3:34:e5:57:95:4a:c3:25:36:b1:3f:9d:dc:87:bd:6b:
b5:0e:b5:7a:b4:c0:75:8f:c4:36:d2:19:1a:d5:88:40:a6:10:
4d:db:70:65:d4:a8:51:77:17:25:8a:9c:5d:f2:a9:2d:f4:58:
5b:91:f8:12:e5:49:d6:59:a0:70:2c:94:c8:b4:2a:65:f6:91:
a5:82:6c:86:e5:d6:51:fb:0e:7a:66:30:ec:04:76:eb:7a:15:
98:06:a3:7e:1c:39:1a:b4:1a:02:1c:b8:1e:08:06:d8:85:de:
6d:f2:02:db:55:0e:6b:b1:87:bb:dc:c7:71:26:77:01:fa:39:
ef:18:b2:ee
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYpPqOl5qQ9GVKzLOoF/2hjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwOTAxMDczMzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzNkNGJmYWYxOGIxNDE3MmJmOTQzNGNhMmNkMjAyZTMzZTMxYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho27y0toVMpkk5oGI0l8Ck2YXkGC
KwFqJUhK5Lj9BngFew0NvBNLR3aK4Du4D3/NTwaleQ++EgJ3cFJgBpjziGg6a74w
f3wAjV5aJM3IwPSPt1R2oApxJJorICH2sZ2LZ2S30aOJ9+78KZCEg8J+aYpZ5dh1
HzhLrV+MOLjRergOy1HE0s36ckjmi9kIRfhZXpstqMf/zf11y6Xfl7L7Mnx1qrPr
/YGxcCNVbxCFXKk88RG7V9/X2ch7KEIfjJVpEVupZkBFUrXumx0G3KUmK0Mr7w+7
Mp38XldbtdvaiB87pu/5w5rAtQntzhcQEedINy72uDy39ZqYSEi1tQPViQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGM9S/rxixQXK/lDTKLNIC4z4xtbMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvWXoxTC12R0xGQmNyLVVOTW9zMGdMalBqRzFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQDBSPAAwQE
VOoQAwQCVcyUAwQCVcygAwQCW+iIAwQDXXG4AwQDwlhgAwQEwlhwMA0GCSqGSIb3
DQEBCwUAA4IBAQAWTZDeDzJaKGgHnsumzMIICG2oyvI8bKRVbLjDklUYG08rp7Hm
FRSjt3x8/N/gbPrDXC4XHXzblveWobu3F+MYJYCoAFqOstEfS3mimEHDJe9tyRA5
klL5281favyZwr8tMRB6X29T1eYWcabipBMzEfFUpihPYqRTvfaixd9GQqM05VeV
SsMlNrE/ndyHvWu1DrV6tMB1j8Q20hka1YhAphBN23Bl1KhRdxclipxd8qkt9Fhb
kfgS5UnWWaBwLJTItCpl9pGlgmyG5dZR+w56ZjDsBHbrehWYBqN+HDkatBoCHLge
CAbYhd5t8gLbVQ5rsYe73MdxJncB+jnvGLLu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org