Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/fzlmkVvQakt46i6clxM6Xt-AZrg.roa
File: fzlmkVvQakt46i6clxM6Xt-AZrg.roa (raw, json)
Hash identifier: INQ2UsPmGJr28fOvMiyEnww4CTbIuo37fRzl3dh9DXY=
Subject key identifier: 7F:39:66:91:5B:D0:6A:4B:78:EA:2E:9C:97:13:3A:5E:DF:80:66:B8
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018BCE0B2A449F5DE831C013189C06FA6FD1
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/fzlmkVvQakt46i6clxM6Xt-AZrg.roa
Signing time: Tue 14 Nov 2023 13:35:20 +0000
ROA not before: Tue 14 Nov 2023 13:35:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209706
IP address blocks: 89.37.188.0/22 maxlen: 24
89.36.236.0/22 maxlen: 24
185.172.20.0/22 maxlen: 22
185.64.100.0/22 maxlen: 22
89.37.228.0/22 maxlen: 24
89.37.236.0/22 maxlen: 24
62.112.12.0/23 maxlen: 24
86.105.104.0/22 maxlen: 24
188.212.104.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ce:0b:2a:44:9f:5d:e8:31:c0:13:18:9c:06:fa:6f:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Nov 14 13:35:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7f3966915bd06a4b78ea2e9c97133a5edf8066b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:07:1b:92:8b:82:c8:af:16:a3:d6:90:09:7c:
9a:37:69:e5:b7:20:ae:24:6d:cb:bf:fc:5b:67:73:
b0:81:7c:f3:b7:82:01:01:52:65:f4:d7:fd:5e:d9:
33:2b:a7:b1:3c:39:9b:ac:ff:2a:bf:bc:49:4a:06:
b5:c7:c0:57:4f:da:c4:0b:29:d8:2f:ce:e6:58:09:
2c:19:b6:70:94:5a:a4:c4:b3:31:7d:2b:dd:30:99:
23:af:2d:8f:d5:f8:df:b9:82:f1:d8:23:58:be:41:
1d:ed:da:3f:bb:e2:19:9d:9c:59:ef:18:e4:ec:23:
13:41:b6:a7:fc:3b:d7:21:2d:c1:42:9d:92:91:7d:
78:2e:08:5e:ff:5b:1f:fd:01:aa:cf:45:06:57:66:
91:a8:c0:d5:04:9a:16:e0:96:31:7a:ec:0d:8a:de:
de:cb:05:30:28:d2:c9:d4:f8:0f:fa:81:7c:73:4a:
99:d6:34:5f:ca:23:07:55:3a:e8:c7:c3:e5:4b:51:
d6:1d:29:d6:31:cd:54:ce:ec:44:b3:da:a3:74:c0:
62:df:94:43:f8:21:c3:45:31:52:f6:07:bf:e9:3c:
b7:5e:76:39:f6:ea:0d:91:f3:e5:a2:77:5a:cf:aa:
26:1f:40:ec:95:7f:54:ab:97:82:a3:0a:a8:b2:45:
72:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:39:66:91:5B:D0:6A:4B:78:EA:2E:9C:97:13:3A:5E:DF:80:66:B8
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/fzlmkVvQakt46i6clxM6Xt-AZrg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.12.0/23
86.105.104.0/22
89.36.236.0/22
89.37.188.0/22
89.37.228.0/22
89.37.236.0/22
185.64.100.0/22
185.172.20.0/22
188.212.104.0/22
Signature Algorithm: sha256WithRSAEncryption
6b:e2:24:84:7a:82:3b:51:6b:8b:4d:2c:3d:da:bc:97:91:f1:
c3:f2:a3:b0:08:8a:7e:9a:1d:cd:88:05:f7:2f:cf:77:c9:53:
0e:6b:e3:97:5f:15:3e:7e:04:42:8a:f6:24:6e:b9:e4:0d:e1:
a8:c1:5a:7f:7d:b5:84:76:bc:75:3d:7c:6d:54:53:49:de:1c:
82:d5:59:15:91:ff:05:cc:8d:51:53:96:0b:04:0f:36:7e:1e:
e8:d8:ea:09:7b:a8:05:1a:06:60:64:f2:43:42:0e:2f:31:46:
72:47:62:f2:95:f2:5b:73:79:ae:35:5b:6f:fb:70:63:0f:35:
f9:00:23:cd:24:17:a3:fc:4c:54:99:2e:87:c0:aa:23:8a:bc:
88:8e:ff:8c:fa:0a:62:13:1e:47:06:eb:75:aa:19:1a:f7:b7:
f6:65:e2:66:70:ca:22:29:d5:b6:79:c6:b8:56:86:47:e0:89:
f8:6a:78:0a:08:ac:e3:ae:06:5f:fa:d9:b2:65:63:d7:6a:d2:
34:c6:67:b1:1a:d7:ba:9a:59:c9:31:90:a7:f5:e2:39:fd:50:
77:1b:6c:33:45:5f:4c:d9:e6:31:93:cf:f8:77:7a:58:1c:35:
fa:93:57:1d:e8:3a:a5:a9:68:84:bb:d8:4b:85:7e:9b:9a:89:
ce:17:ca:78
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYvOCypEn13oMcATGJwG+m/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMTE0MTMzNTIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM5NjY5MTViZDA2YTRiNzhlYTJlOWM5NzEzM2E1ZWRmODA2NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgcbkouCyK8Wo9aQCXyaN2nltyCu
JG3Lv/xbZ3OwgXzzt4IBAVJl9Nf9XtkzK6exPDmbrP8qv7xJSga1x8BXT9rECynY
L87mWAksGbZwlFqkxLMxfSvdMJkjry2P1fjfuYLx2CNYvkEd7do/u+IZnZxZ7xjk
7CMTQban/DvXIS3BQp2SkX14Lghe/1sf/QGqz0UGV2aRqMDVBJoW4JYxeuwNit7e
ywUwKNLJ1PgP+oF8c0qZ1jRfyiMHVTrox8PlS1HWHSnWMc1UzuxEs9qjdMBi35RD
+CHDRTFS9ge/6Ty3XnY59uoNkfPlondaz6omH0DslX9Uq5eCowqoskVyjwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFH85ZpFb0GpLeOounJcTOl7fgGa4MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvZnpsbWtWdlFha3Q0Nmk2Y2x4TTZYdC1BWnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBPnAMAwQC
VmloAwQCWSTsAwQCWSW8AwQCWSXkAwQCWSXsAwQCuUBkAwQCuawUAwQCvNRoMA0G
CSqGSIb3DQEBCwUAA4IBAQBr4iSEeoI7UWuLTSw92ryXkfHD8qOwCIp+mh3NiAX3
L893yVMOa+OXXxU+fgRCivYkbrnkDeGowVp/fbWEdrx1PXxtVFNJ3hyC1VkVkf8F
zI1RU5YLBA82fh7o2OoJe6gFGgZgZPJDQg4vMUZyR2LylfJbc3muNVtv+3BjDzX5
ACPNJBej/ExUmS6HwKojiryIjv+M+gpiEx5HBut1qhka97f2ZeJmcMoiKdW2eca4
VoZH4In4angKCKzjrgZf+tmyZWPXatI0xmexGte6mlnJMZCn9eI5/VB3G2wzRV9M
2eYxk8/4d3pYHDX6k1cd6DqlqWiEu9hLhX6bmonOF8p4
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:15 2024 by rpki-client on console-fra.rpki-client.org