Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/eb83K2stk3QKzANzZorTqsu5Tdk.roa
File: eb83K2stk3QKzANzZorTqsu5Tdk.roa (raw, json)
Hash identifier: eLBI52O5FO0agAwIeI7IcLhmYkRACivnLkkzOIP8OZk=
Subject key identifier: 79:BF:37:2B:6B:2D:93:74:0A:CC:03:73:66:8A:D3:AA:CB:B9:4D:D9
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018C8882C397A88788258AD8DAE6FADD395C
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/eb83K2stk3QKzANzZorTqsu5Tdk.roa
Signing time: Wed 20 Dec 2023 18:35:20 +0000
ROA not before: Wed 20 Dec 2023 18:35:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.36.231.0/24 maxlen: 24
89.42.213.0/24 maxlen: 24
84.247.20.0/24 maxlen: 24
89.37.106.0/24 maxlen: 24
46.102.174.0/24 maxlen: 24
89.42.40.0/24 maxlen: 24
89.34.171.0/24 maxlen: 24
93.114.69.0/24 maxlen: 24
89.40.43.0/24 maxlen: 24
188.211.249.0/24 maxlen: 24
94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:88:82:c3:97:a8:87:88:25:8a:d8:da:e6:fa:dd:39:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Dec 20 18:35:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=79bf372b6b2d93740acc0373668ad3aacbb94dd9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:55:ab:42:e3:17:17:93:bb:41:e7:2a:e1:fb:
8e:38:b2:ff:2d:73:02:b6:68:c1:55:81:ba:7d:16:
b0:a8:60:88:52:34:0a:35:a1:a6:55:f8:f0:22:fe:
91:6b:a0:d9:9d:fa:8c:b7:6b:e5:0c:7b:b3:e6:50:
ef:c7:ad:b8:49:42:9c:01:3d:3d:bb:a5:45:9f:77:
a9:e4:a5:4a:fb:4b:61:23:fd:c6:3b:5f:80:da:dc:
21:1c:17:b6:2f:a4:63:8c:4e:bc:79:6c:6a:11:a0:
cb:de:72:60:e6:13:a8:9a:46:bc:bc:15:b0:ca:a9:
f0:8c:e6:8e:50:16:d8:f6:43:51:c4:29:a1:fa:c9:
ec:c6:33:57:c4:9c:dd:92:6b:01:f1:7a:cb:ae:2a:
e5:15:40:a4:ad:c3:ed:95:c2:70:a8:32:3e:17:21:
4d:0b:dc:b3:86:a3:6e:62:51:ee:a4:f4:ca:8a:90:
4b:5b:8f:9f:04:06:16:12:ed:bc:67:ee:5e:2d:f7:
23:41:5f:f5:17:58:db:6f:5b:0b:a2:cd:fb:0b:70:
85:fd:c3:cb:b2:0f:42:5b:c5:6a:89:0a:29:2d:db:
f8:8b:45:c5:12:29:c6:0b:3d:c5:0c:fa:ae:a9:5e:
f5:5e:09:46:08:03:3a:5c:41:1a:a4:fb:61:b8:d1:
6b:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:BF:37:2B:6B:2D:93:74:0A:CC:03:73:66:8A:D3:AA:CB:B9:4D:D9
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/eb83K2stk3QKzANzZorTqsu5Tdk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.102.174.0/24
84.247.20.0/24
89.34.171.0/24
89.36.231.0/24
89.37.106.0/24
89.40.43.0/24
89.42.40.0/24
89.42.213.0/24
93.114.69.0/24
94.177.113.0/24
94.177.118.0/24
188.211.249.0/24
Signature Algorithm: sha256WithRSAEncryption
40:7c:25:3a:ae:dd:43:96:90:0d:38:08:1c:8a:80:bd:5b:0b:
f3:1c:9a:9d:67:a7:02:31:78:53:9f:18:81:26:1f:32:b8:05:
55:a9:51:e3:8b:76:df:48:b3:b0:51:83:0d:c0:cb:92:2e:65:
4c:5e:0b:fe:ad:eb:cd:f4:a7:98:aa:c2:e6:80:5b:d5:b4:0f:
da:cf:ae:35:2d:50:56:af:b0:34:72:d5:94:7e:e9:bd:f8:5c:
a9:2a:4c:6a:d6:1e:a4:5b:53:3a:61:b3:a8:4b:b0:06:31:6d:
31:67:48:4f:29:e2:a1:e7:7d:48:e7:a4:52:9a:f4:8e:78:79:
25:43:61:e7:00:90:51:4b:a8:1e:e0:4e:30:ee:d6:c7:50:de:
2c:e6:f8:ee:55:94:05:10:ed:4f:06:6d:bf:86:f5:d7:ea:04:
22:bb:e2:e3:22:ef:6e:5d:f7:97:fa:29:1c:e6:8d:c8:7c:8e:
b9:91:39:c7:9b:b1:e4:63:b5:70:15:a2:6e:28:03:44:62:fa:
0d:67:20:23:4e:46:d3:9a:6f:79:b5:48:e4:a2:de:ad:95:9e:
f0:a8:53:ce:8c:bd:b5:00:0b:47:4b:5a:5b:64:d0:89:f4:f8:
f8:21:52:da:16:e2:3e:ba:4d:3d:6c:67:61:2a:a0:75:7c:5a:
10:bf:43:0d
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYyIgsOXqIeIJYrY2ub63TlcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMjIwMTgzNTIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWJmMzcyYjZiMmQ5Mzc0MGFjYzAzNzM2NjhhZDNhYWNiYjk0ZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1WrQuMXF5O7Qecq4fuOOLL/LXMC
tmjBVYG6fRawqGCIUjQKNaGmVfjwIv6Ra6DZnfqMt2vlDHuz5lDvx624SUKcAT09
u6VFn3ep5KVK+0thI/3GO1+A2twhHBe2L6RjjE68eWxqEaDL3nJg5hOomka8vBWw
yqnwjOaOUBbY9kNRxCmh+snsxjNXxJzdkmsB8XrLrirlFUCkrcPtlcJwqDI+FyFN
C9yzhqNuYlHupPTKipBLW4+fBAYWEu28Z+5eLfcjQV/1F1jbb1sLos37C3CF/cPL
sg9CW8VqiQopLdv4i0XFEinGCz3FDPquqV71XglGCAM6XEEapPthuNFrTQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFHm/NytrLZN0CswDc2aK06rLuU3ZMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvZWI4M0syc3RrM1FLekFOelpvclRxc3U1VGRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALmauAwQA
VPcUAwQAWSKrAwQAWSTnAwQAWSVqAwQAWSgrAwQAWSooAwQAWSrVAwQAXXJFAwQA
XrFxAwQAXrF2AwQAvNP5MA0GCSqGSIb3DQEBCwUAA4IBAQBAfCU6rt1DlpANOAgc
ioC9WwvzHJqdZ6cCMXhTnxiBJh8yuAVVqVHji3bfSLOwUYMNwMuSLmVMXgv+revN
9KeYqsLmgFvVtA/az641LVBWr7A0ctWUfum9+FypKkxq1h6kW1M6YbOoS7AGMW0x
Z0hPKeKh531I56RSmvSOeHklQ2HnAJBRS6ge4E4w7tbHUN4s5vjuVZQFEO1PBm2/
hvXX6gQiu+LjIu9uXfeX+ikc5o3IfI65kTnHm7HkY7VwFaJuKANEYvoNZyAjTkbT
mm95tUjkot6tlZ7wqFPOjL21AAtHS1pbZNCJ9Pj4IVLaFuI+uk09bGdhKqB1fFoQ
v0MN
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org