Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/j03jA6cpxv9mfsRLA0Pkt-7YpTM.roa
File: j03jA6cpxv9mfsRLA0Pkt-7YpTM.roa (raw, json)
Hash identifier: cuw1cGRczReKV6jCgDqIBUeQHWKDhoKPzsLVi5Sf2NI=
Subject key identifier: 8F:4D:E3:03:A7:29:C6:FF:66:7E:C4:4B:03:43:E4:B7:EE:D8:A5:33
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018D661607EC36910DF5509882051C1C4181
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/j03jA6cpxv9mfsRLA0Pkt-7YpTM.roa
Signing time: Thu 01 Feb 2024 19:12:16 +0000
ROA not before: Thu 01 Feb 2024 19:12:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16589
IP address blocks: 85.204.148.0/22 maxlen: 24
194.135.26.0/23 maxlen: 24
195.133.208.0/23 maxlen: 24
213.159.10.0/23 maxlen: 24
213.159.12.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:66:16:07:ec:36:91:0d:f5:50:98:82:05:1c:1c:41:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Feb 1 19:12:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8f4de303a729c6ff667ec44b0343e4b7eed8a533
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:16:dd:a1:3b:ee:0e:5e:b0:f6:4d:84:42:ad:
1e:26:ee:67:48:c1:5d:94:44:33:88:b7:8e:3c:3e:
90:2e:92:c0:7f:44:1a:7f:8f:1a:57:5c:a7:52:57:
a8:9d:f5:04:73:ca:90:cf:5b:66:13:33:ae:23:10:
d8:83:15:d1:b2:b1:a6:32:58:4e:9f:52:fe:f9:b2:
ae:37:18:d4:23:c6:6d:98:66:de:92:b8:ef:89:cc:
b8:55:e0:44:80:1c:85:7e:88:7f:30:9a:61:6e:a9:
48:e4:bf:38:c4:cf:95:8a:8e:36:20:0f:49:b2:73:
01:9d:7a:9a:d7:a5:9a:7a:f3:cc:25:0d:4e:03:c8:
08:9c:fa:37:81:a1:5a:67:7a:d6:56:8b:0d:76:43:
97:ed:f6:80:c7:67:75:6b:37:a1:08:86:0b:6a:ad:
8a:e6:6f:7b:b2:92:32:43:42:92:6f:c0:4d:91:ac:
c2:82:c3:0f:30:fb:9c:e8:78:8f:e4:a3:9b:ae:c5:
3e:1e:e1:ff:a5:12:eb:42:81:19:25:ba:5e:f1:6f:
1a:c6:b0:05:47:e3:39:ec:06:86:38:05:74:c0:37:
56:ce:b5:a7:e9:ce:da:5a:c7:01:b0:1a:89:7d:7d:
d0:a3:5f:94:52:64:e6:79:a2:d1:e3:06:b6:94:73:
ad:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:4D:E3:03:A7:29:C6:FF:66:7E:C4:4B:03:43:E4:B7:EE:D8:A5:33
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/j03jA6cpxv9mfsRLA0Pkt-7YpTM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.148.0/22
194.135.26.0/23
195.133.208.0/23
213.159.10.0-213.159.13.255
Signature Algorithm: sha256WithRSAEncryption
55:67:a5:0d:3e:45:b5:be:83:dd:fe:71:14:b0:64:34:17:46:
c2:46:16:57:bf:a3:71:bf:50:cf:44:b6:8b:07:90:59:7b:c5:
00:1f:7c:15:6f:d3:bf:fc:c0:eb:09:88:40:2f:76:c1:dc:17:
0b:ed:26:b5:75:f1:db:25:50:ce:17:55:48:56:89:51:2d:88:
13:1a:cf:97:c0:41:6b:55:8d:3b:a6:64:0e:ca:e3:a7:f8:a0:
6c:9c:96:c3:ae:6b:94:83:85:55:68:67:0b:17:f6:2e:e5:78:
6a:c0:18:96:be:2e:82:06:f7:1f:76:5f:a7:de:99:43:ba:a5:
22:6d:70:c7:b8:89:6d:d1:f8:4c:77:c7:17:a5:14:11:f5:08:
96:e5:d6:c3:1b:7a:83:51:48:83:94:bf:18:8d:5c:67:5a:09:
13:9f:80:5a:5b:88:be:ac:04:1b:0a:e0:5e:e6:cc:7c:07:df:
1b:16:d3:af:ea:7d:27:cf:f0:8a:6c:53:77:d2:be:06:ea:e3:
b8:ea:c0:e7:33:ff:68:40:2d:2f:4a:89:85:d7:3d:ce:5c:00:
fc:af:be:6e:b9:08:b9:03:58:4e:07:90:78:4e:da:58:92:b7:
7a:9e:de:96:7c:c2:39:15:5b:45:4d:0c:88:70:65:21:fd:94:
de:18:44:13
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY1mFgfsNpEN9VCYggUcHEGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMjAxMTkxMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjRkZTMwM2E3MjljNmZmNjY3ZWM0NGIwMzQzZTRiN2VlZDhhNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxbdoTvuDl6w9k2EQq0eJu5nSMFd
lEQziLeOPD6QLpLAf0Qaf48aV1ynUleonfUEc8qQz1tmEzOuIxDYgxXRsrGmMlhO
n1L++bKuNxjUI8ZtmGbekrjvicy4VeBEgByFfoh/MJphbqlI5L84xM+Vio42IA9J
snMBnXqa16WaevPMJQ1OA8gInPo3gaFaZ3rWVosNdkOX7faAx2d1azehCIYLaq2K
5m97spIyQ0KSb8BNkazCgsMPMPuc6HiP5KObrsU+HuH/pRLrQoEZJbpe8W8axrAF
R+M57AaGOAV0wDdWzrWn6c7aWscBsBqJfX3Qo1+UUmTmeaLR4wa2lHOtPQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFI9N4wOnKcb/Zn7ESwND5Lfu2KUzMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvajAzakE2Y3B4djltZnNSTEEwUGt0LTdZcFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCVcyUAwQB
wocaAwQBw4XQMAwDBAHVnwoDBAHVnwwwDQYJKoZIhvcNAQELBQADggEBAFVnpQ0+
RbW+g93+cRSwZDQXRsJGFle/o3G/UM9EtosHkFl7xQAffBVv07/8wOsJiEAvdsHc
FwvtJrV18dslUM4XVUhWiVEtiBMaz5fAQWtVjTumZA7K46f4oGyclsOua5SDhVVo
ZwsX9i7leGrAGJa+LoIG9x92X6femUO6pSJtcMe4iW3R+Ex3xxelFBH1CJbl1sMb
eoNRSIOUvxiNXGdaCROfgFpbiL6sBBsK4F7mzHwH3xsW06/qfSfP8IpsU3fSvgbq
47jqwOcz/2hALS9KiYXXPc5cAPyvvm65CLkDWE4HkHhO2liSt3qe3pZ8wjkVW0VN
DIhwZSH9lN4YRBM=
-----END CERTIFICATE-----
Generated at Thu Feb 8 13:44:38 2024 by rpki-client on console-ams.rpki-client.org