Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/hkIbNuxchQX_tYEoiHjdkEqugIg.roa
File: hkIbNuxchQX_tYEoiHjdkEqugIg.roa (raw, json)
Hash identifier: /ixYgR1yhDdeIXlQCHnjTHTH9+1CAHG1WocwpViXrI8=
Subject key identifier: 86:42:1B:36:EC:5C:85:05:FF:B5:81:28:88:78:DD:90:4A:AE:80:88
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018B50FC0773E7BC8D48066320B4CE5DB4E0
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/hkIbNuxchQX_tYEoiHjdkEqugIg.roa
Signing time: Sat 21 Oct 2023 06:46:16 +0000
ROA not before: Sat 21 Oct 2023 06:46:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 37.153.132.0/24 maxlen: 24
188.240.83.0/24 maxlen: 24
84.247.20.0/24 maxlen: 24
89.37.106.0/24 maxlen: 24
91.250.244.0/24 maxlen: 24
89.42.40.0/24 maxlen: 24
62.112.30.0/24 maxlen: 24
89.34.171.0/24 maxlen: 24
77.81.1.0/24 maxlen: 24
89.36.231.0/24 maxlen: 24
89.42.215.0/24 maxlen: 24
46.102.174.0/24 maxlen: 24
89.37.128.0/24 maxlen: 24
176.223.181.0/24 maxlen: 24
93.114.69.0/24 maxlen: 24
89.40.43.0/24 maxlen: 24
176.223.190.0/24 maxlen: 24
188.211.249.0/24 maxlen: 24
94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:50:fc:07:73:e7:bc:8d:48:06:63:20:b4:ce:5d:b4:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Oct 21 06:46:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=86421b36ec5c8505ffb581288878dd904aae8088
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:72:ac:36:d6:80:1b:b2:db:1b:98:8e:41:8e:
7a:fc:1a:37:9a:65:ec:74:8c:bd:d5:c9:03:9e:33:
fe:79:f5:73:ae:02:97:b5:f0:53:6f:5c:45:80:58:
33:2d:cc:f4:dc:cf:61:ea:b1:21:a7:ab:0c:b5:57:
ed:4f:31:86:eb:b7:0c:a0:01:09:21:25:58:1f:cf:
a7:5b:bc:9a:08:aa:bb:a5:13:28:54:7f:d2:b6:e1:
51:79:fa:80:99:6e:42:8f:2a:f2:9a:ef:b3:3c:bf:
f0:95:99:93:fc:0f:fe:96:d2:ca:d6:6a:9b:0a:5f:
08:4f:71:5a:6b:92:53:be:f1:0d:d1:8e:bd:da:99:
d1:f7:ae:24:71:c8:76:08:72:59:80:76:a6:56:2d:
e6:8f:53:7c:6e:1a:30:d8:e6:8c:35:c2:9f:a6:78:
99:1c:6f:86:68:7e:45:58:25:1e:3f:f9:03:33:cf:
7a:c3:7e:21:66:01:83:d7:4a:e7:ec:f3:38:e0:33:
aa:3e:bd:ac:76:b0:e2:23:63:0e:c2:cb:45:1f:ab:
83:8c:b9:94:f0:b1:64:5d:d0:5b:45:40:46:bd:7e:
af:fe:1a:70:cd:66:8a:84:8e:28:a8:b3:9c:d9:53:
07:3f:52:b3:12:4e:c1:c9:e1:32:f2:3f:ab:52:16:
a1:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:42:1B:36:EC:5C:85:05:FF:B5:81:28:88:78:DD:90:4A:AE:80:88
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/hkIbNuxchQX_tYEoiHjdkEqugIg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.153.132.0/24
46.102.174.0/24
62.112.30.0/24
77.81.1.0/24
84.247.20.0/24
89.34.171.0/24
89.36.231.0/24
89.37.106.0/24
89.37.128.0/24
89.40.43.0/24
89.42.40.0/24
89.42.215.0/24
91.250.244.0/24
93.114.69.0/24
94.177.113.0/24
94.177.118.0/24
176.223.181.0/24
176.223.190.0/24
188.211.249.0/24
188.240.83.0/24
Signature Algorithm: sha256WithRSAEncryption
06:e4:7f:f0:15:2b:dd:c2:a3:24:63:92:4d:66:b0:e7:3d:70:
af:96:71:8c:68:f4:4b:a5:b3:80:eb:55:a4:c3:3b:7f:57:98:
90:7a:d0:07:81:2a:03:80:3c:b4:32:a9:aa:eb:bc:2d:9f:95:
73:50:b0:4a:9f:76:e6:01:10:cc:d6:4e:90:94:ec:3e:0d:2b:
33:2d:35:32:ac:af:b1:7c:24:44:2d:e8:0d:98:78:9a:a3:8e:
d9:d9:35:29:b7:a9:71:f9:89:cb:5c:10:89:85:48:9d:88:6a:
69:51:85:2f:98:cd:44:be:6c:e2:a3:dd:e1:2d:f4:cc:f0:c2:
02:b5:8a:87:4f:0f:86:b6:44:df:23:09:a5:96:99:48:14:33:
87:72:d0:70:4f:ee:c5:fa:12:44:6d:99:99:1e:38:e7:a7:21:
ff:c3:af:5b:ef:a7:79:aa:57:1f:82:03:39:77:3b:f2:84:aa:
fd:70:36:2e:d1:78:fc:02:88:48:a0:7f:1b:25:fb:c9:aa:9b:
67:c1:f1:c8:60:52:1d:84:5d:20:f2:51:26:d1:f0:23:76:bf:
87:7d:79:e8:f5:d4:7e:6d:16:d7:0b:6d:31:03:9c:33:20:fb:
24:16:18:11:ca:86:81:a6:bb:70:6f:b5:2a:2f:eb:12:0b:95:
bc:1d:72:b8
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYtQ/Adz57yNSAZjILTOXbTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMDIxMDY0NjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQyMWIzNmVjNWM4NTA1ZmZiNTgxMjg4ODc4ZGQ5MDRhYWU4MDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXKsNtaAG7LbG5iOQY56/Bo3mmXs
dIy91ckDnjP+efVzrgKXtfBTb1xFgFgzLcz03M9h6rEhp6sMtVftTzGG67cMoAEJ
ISVYH8+nW7yaCKq7pRMoVH/StuFRefqAmW5Cjyrymu+zPL/wlZmT/A/+ltLK1mqb
Cl8IT3Faa5JTvvEN0Y692pnR964kcch2CHJZgHamVi3mj1N8bhow2OaMNcKfpniZ
HG+GaH5FWCUeP/kDM896w34hZgGD10rn7PM44DOqPr2sdrDiI2MOwstFH6uDjLmU
8LFkXdBbRUBGvX6v/hpwzWaKhI4oqLOc2VMHP1KzEk7ByeEy8j+rUhah1wIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFIZCGzbsXIUF/7WBKIh43ZBKroCIMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvaGtJYk51eGNoUVhfdFlFb2lIamRrRXF1Z0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4AwQAJZmE
AwQALmauAwQAPnAeAwQATVEBAwQAVPcUAwQAWSKrAwQAWSTnAwQAWSVqAwQAWSWA
AwQAWSgrAwQAWSooAwQAWSrXAwQAW/r0AwQAXXJFAwQAXrFxAwQAXrF2AwQAsN+1
AwQAsN++AwQAvNP5AwQAvPBTMA0GCSqGSIb3DQEBCwUAA4IBAQAG5H/wFSvdwqMk
Y5JNZrDnPXCvlnGMaPRLpbOA61Wkwzt/V5iQetAHgSoDgDy0Mqmq67wtn5VzULBK
n3bmARDM1k6QlOw+DSszLTUyrK+xfCRELegNmHiao47Z2TUpt6lx+YnLXBCJhUid
iGppUYUvmM1Evmzio93hLfTM8MICtYqHTw+GtkTfIwmllplIFDOHctBwT+7F+hJE
bZmZHjjnpyH/w69b76d5qlcfggM5dzvyhKr9cDYu0Xj8AohIoH8bJfvJqptnwfHI
YFIdhF0g8lEm0fAjdr+HfXno9dR+bRbXC20xA5wzIPskFhgRyoaBprtwb7UqL+sS
C5W8HXK4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org