Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/bAn3OiTgrnCJ751PO3YMX4zC-Kc.roa
File: bAn3OiTgrnCJ751PO3YMX4zC-Kc.roa (raw, json)
Hash identifier: IG9CIjJc9k8cpuUiuQJcEtuKRrot2kJhMs3ahL0JRRU=
Subject key identifier: 6C:09:F7:3A:24:E0:AE:70:89:EF:9D:4F:3B:76:0C:5F:8C:C2:F8:A7
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018797ACE0CA3B68F0377AB47F7A4F47AE69
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/bAn3OiTgrnCJ751PO3YMX4zC-Kc.roa
Signing time: Wed 19 Apr 2023 04:01:42 +0000
ROA not before: Wed 19 Apr 2023 04:01:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 188.240.83.0/24 maxlen: 24
5.35.192.0/21 maxlen: 24
84.234.16.0/20 maxlen: 24
62.112.0.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
93.113.184.0/21 maxlen: 24
194.88.112.0/20 maxlen: 24
89.37.128.0/24 maxlen: 24
91.232.136.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:97:ac:e0:ca:3b:68:f0:37:7a:b4:7f:7a:4f:47:ae:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Apr 19 04:01:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6c09f73a24e0ae7089ef9d4f3b760c5f8cc2f8a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:f9:64:3a:14:f6:bb:43:7b:1e:35:b6:57:01:
1a:9b:19:af:0c:9b:aa:dd:af:90:ae:ca:9f:72:b9:
2f:4b:d0:b7:69:1c:b7:49:7c:3d:39:d8:75:c3:03:
70:37:58:be:fa:25:b0:0b:92:25:f4:cb:29:75:3f:
ba:9e:1c:b9:55:12:81:ec:0a:ed:f3:fd:2f:b4:8d:
46:e1:0b:44:91:81:35:0e:45:47:ed:c8:0b:f8:ab:
cf:26:2e:bd:07:ef:07:a3:04:d9:10:3e:a1:f6:40:
c8:ca:f1:68:47:b3:9b:f3:e5:8b:63:9a:03:ac:54:
2a:b6:98:98:34:fe:7b:0a:a7:25:44:ec:1e:ef:4e:
7b:05:a4:e4:ad:88:c0:57:46:86:a0:d4:fe:3f:b3:
c9:52:49:27:0f:79:8d:c1:8c:04:63:7e:0d:b8:31:
52:06:92:33:20:8d:00:56:32:62:2e:20:9a:1c:28:
2d:e6:15:97:91:a9:df:81:a2:7f:e7:cf:b8:74:51:
12:5d:e6:68:54:38:b0:15:cf:8b:ca:a5:2f:cf:99:
51:08:52:ec:7b:0d:7d:27:8c:b4:f1:ff:29:6f:ba:
81:6c:48:08:11:63:59:cc:f9:02:d7:aa:c4:1b:63:
40:48:d2:09:fe:71:4a:9f:77:61:11:38:49:12:11:
da:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:09:F7:3A:24:E0:AE:70:89:EF:9D:4F:3B:76:0C:5F:8C:C2:F8:A7
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/bAn3OiTgrnCJ751PO3YMX4zC-Kc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
62.112.0.0/21
84.234.16.0/20
85.204.160.0/22
89.37.128.0/24
91.232.136.0/22
93.113.184.0/21
188.240.83.0/24
194.88.112.0/20
Signature Algorithm: sha256WithRSAEncryption
15:1e:b4:4d:56:f0:d1:a2:c7:75:c5:d5:3a:44:13:31:2e:9b:
2c:23:0f:4a:3e:de:b8:5e:c8:f6:62:74:e5:46:c4:e1:67:79:
b5:45:5f:ef:19:b2:69:e6:69:2f:a3:bf:eb:67:39:0e:bd:c9:
36:6a:23:0b:22:5c:0a:41:0f:1c:fa:f0:67:6a:80:6b:02:52:
db:ff:f3:7e:2c:d8:75:b7:fb:6f:4c:80:d1:4f:20:0c:2a:9b:
9d:a7:cd:fa:69:2a:64:5a:5a:19:d9:ab:99:92:6d:db:cb:1f:
59:61:93:b0:ce:be:74:51:fe:d2:44:32:02:f3:fd:b0:ae:1d:
e1:94:af:7d:93:cd:db:ad:7d:36:58:26:26:1f:09:fe:72:fa:
90:29:12:2f:1e:f8:07:89:92:5e:00:86:08:86:9f:88:6c:6e:
bd:25:24:23:74:e4:ae:bd:f4:cf:3d:f3:f8:92:c0:da:69:fd:
2b:42:77:14:d2:59:90:1f:34:1e:f2:a1:bc:67:f2:7b:39:64:
c6:26:58:f1:90:64:8a:0d:81:83:03:a0:ce:3f:8b:ae:7f:6a:
e8:ba:3c:7e:ee:fb:c3:74:ea:5f:13:47:7a:42:8c:a5:fc:c6:
2f:1b:06:b3:e3:d7:16:20:bf:d5:4e:0f:54:59:3c:19:ac:97:
bc:3a:79:16
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYeXrODKO2jwN3q0f3pPR65pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDE5MDQwMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzA5ZjczYTI0ZTBhZTcwODllZjlkNGYzYjc2MGM1ZjhjYzJmOGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPlkOhT2u0N7HjW2VwEamxmvDJuq
3a+QrsqfcrkvS9C3aRy3SXw9Odh1wwNwN1i++iWwC5Il9MspdT+6nhy5VRKB7Art
8/0vtI1G4QtEkYE1DkVH7cgL+KvPJi69B+8HowTZED6h9kDIyvFoR7Ob8+WLY5oD
rFQqtpiYNP57CqclROwe7057BaTkrYjAV0aGoNT+P7PJUkknD3mNwYwEY34NuDFS
BpIzII0AVjJiLiCaHCgt5hWXkanfgaJ/58+4dFESXeZoVDiwFc+LyqUvz5lRCFLs
ew19J4y08f8pb7qBbEgIEWNZzPkC16rEG2NASNIJ/nFKn3dhEThJEhHaEQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGwJ9zok4K5wie+dTzt2DF+MwvinMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvYkFuM09pVGdybkNKNzUxUE8zWU1YNHpDLUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQDBSPAAwQD
PnAAAwQEVOoQAwQCVcygAwQAWSWAAwQCW+iIAwQDXXG4AwQAvPBTAwQEwlhwMA0G
CSqGSIb3DQEBCwUAA4IBAQAVHrRNVvDRosd1xdU6RBMxLpssIw9KPt64Xsj2YnTl
RsThZ3m1RV/vGbJp5mkvo7/rZzkOvck2aiMLIlwKQQ8c+vBnaoBrAlLb//N+LNh1
t/tvTIDRTyAMKpudp836aSpkWloZ2auZkm3byx9ZYZOwzr50Uf7SRDIC8/2wrh3h
lK99k83brX02WCYmHwn+cvqQKRIvHvgHiZJeAIYIhp+IbG69JSQjdOSuvfTPPfP4
ksDaaf0rQncU0lmQHzQe8qG8Z/J7OWTGJljxkGSKDYGDA6DOP4uuf2roujx+7vvD
dOpfE0d6Qoyl/MYvGwaz49cWIL/VTg9UWTwZrJe8OnkW
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org