Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/kDfDbuMblgnZsbgnv2Tpw7avHA4.roa
File: kDfDbuMblgnZsbgnv2Tpw7avHA4.roa (raw, json)
Hash identifier: gZPKXSOWyqULc+4sXYWX3Cy7cTduMbDJKgLSEJ6C3dU=
Subject key identifier: 90:37:C3:6E:E3:1B:96:09:D9:B1:B8:27:BF:64:E9:C3:B6:AF:1C:0E
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0189198A3DF77F40E6184955E8E482DD710C
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/kDfDbuMblgnZsbgnv2Tpw7avHA4.roa
Signing time: Mon 03 Jul 2023 02:17:17 +0000
ROA not before: Mon 03 Jul 2023 02:17:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.36.231.0/24 maxlen: 24
46.102.174.0/24 maxlen: 24
89.37.128.0/24 maxlen: 24
93.114.69.0/24 maxlen: 24
176.223.190.0/24 maxlen: 24
94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:19:8a:3d:f7:7f:40:e6:18:49:55:e8:e4:82:dd:71:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jul 3 02:17:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9037c36ee31b9609d9b1b827bf64e9c3b6af1c0e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:c2:f3:b8:ac:15:b4:d3:02:6f:f7:d2:f1:d6:
fb:34:03:3a:6f:48:c4:8c:8b:f6:50:bd:18:41:ca:
71:aa:4c:c6:63:3f:5b:fc:9d:54:c0:c1:d4:a8:a7:
da:7a:f7:eb:4a:0f:4e:30:93:59:24:77:86:24:de:
ac:a7:92:60:86:9e:4a:70:14:81:f9:8a:7a:9f:23:
d3:89:11:04:23:ab:5b:79:1d:3a:30:fa:8c:0c:0e:
13:6c:70:79:43:c0:80:8d:50:53:0f:b5:61:96:c7:
1a:5d:2b:62:f2:55:ee:07:5e:d9:f5:8a:7d:d9:a1:
f9:2a:26:02:7f:1c:b7:f9:6b:ed:4b:8b:e3:5c:72:
78:9e:d7:e9:c6:ab:48:01:03:da:a7:66:68:cf:51:
a2:67:61:07:03:90:e5:28:46:08:e3:bd:e4:a6:bd:
00:00:2b:f1:17:ae:48:fa:cb:fc:70:d9:7d:de:f2:
20:eb:ff:84:7e:0d:84:f9:1e:8c:00:c2:9b:25:9f:
c5:2b:c8:56:11:86:91:a5:f7:9e:16:9b:ff:43:06:
5a:5c:14:d5:6e:3d:ed:ab:c2:61:ed:e1:ce:a9:ad:
e4:cf:ad:35:4f:d3:bd:7b:e6:ab:78:ea:3c:0a:22:
4d:14:66:6b:80:7b:2d:c6:51:7b:6a:3d:9f:6f:95:
ce:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:37:C3:6E:E3:1B:96:09:D9:B1:B8:27:BF:64:E9:C3:B6:AF:1C:0E
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/kDfDbuMblgnZsbgnv2Tpw7avHA4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.102.174.0/24
89.36.231.0/24
89.37.128.0/24
93.114.69.0/24
94.177.113.0/24
94.177.118.0/24
176.223.190.0/24
Signature Algorithm: sha256WithRSAEncryption
2e:99:5b:f9:01:9f:ed:41:ae:bd:4b:fd:4c:66:d2:7c:d0:8a:
cb:fe:96:a6:80:ce:97:9c:d4:b2:e8:5f:45:70:6a:62:74:77:
7b:be:63:2f:a6:af:ae:2a:11:75:42:8f:f0:ef:b7:53:3b:a8:
c8:c7:20:45:ac:0d:77:7e:df:55:50:29:7c:8d:4c:aa:dd:22:
94:40:bd:0c:d1:bd:2c:f9:fc:bf:d3:e4:72:61:d7:86:df:12:
9b:7e:59:59:de:a7:9b:a3:f6:ca:bd:db:74:7b:04:81:4a:c1:
53:ca:52:59:e7:d9:4a:9f:a1:61:12:df:a8:56:2e:da:d2:b7:
55:6a:02:77:c7:0f:c8:80:0d:c5:22:4b:01:4c:4b:84:ef:d2:
90:ca:cf:6d:1c:4c:ae:e4:44:ce:96:95:6f:e3:34:57:09:2b:
ed:cb:94:3f:a7:ed:41:28:eb:5b:57:de:fc:38:62:17:7e:e4:
05:05:ab:6b:d7:6e:31:44:a6:d2:97:f0:07:57:14:f6:f4:47:
72:ec:77:31:c8:1f:15:a9:be:d6:06:cb:74:4d:63:6c:77:8b:
ed:87:23:d7:93:be:8c:18:a7:4d:fe:d3:eb:f6:cb:71:29:f5:
bc:cb:78:ea:80:12:f5:0f:f4:dc:fb:ea:c6:92:31:a5:fc:4a:
aa:45:75:b5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYkZij33f0DmGElV6OSC3XEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNzAzMDIxNzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM3YzM2ZWUzMWI5NjA5ZDliMWI4MjdiZjY0ZTljM2I2YWYxYzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcLzuKwVtNMCb/fS8db7NAM6b0jE
jIv2UL0YQcpxqkzGYz9b/J1UwMHUqKfaevfrSg9OMJNZJHeGJN6sp5Jghp5KcBSB
+Yp6nyPTiREEI6tbeR06MPqMDA4TbHB5Q8CAjVBTD7VhlscaXSti8lXuB17Z9Yp9
2aH5KiYCfxy3+WvtS4vjXHJ4ntfpxqtIAQPap2Zoz1GiZ2EHA5DlKEYI473kpr0A
ACvxF65I+sv8cNl93vIg6/+Efg2E+R6MAMKbJZ/FK8hWEYaRpfeeFpv/QwZaXBTV
bj3tq8Jh7eHOqa3kz601T9O9e+areOo8CiJNFGZrgHstxlF7aj2fb5XOMwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJA3w27jG5YJ2bG4J79k6cO2rxwOMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEva0RmRGJ1TWJsZ25ac2JnbnYyVHB3N2F2SEE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALmauAwQA
WSTnAwQAWSWAAwQAXXJFAwQAXrFxAwQAXrF2AwQAsN++MA0GCSqGSIb3DQEBCwUA
A4IBAQAumVv5AZ/tQa69S/1MZtJ80IrL/pamgM6XnNSy6F9FcGpidHd7vmMvpq+u
KhF1Qo/w77dTO6jIxyBFrA13ft9VUCl8jUyq3SKUQL0M0b0s+fy/0+RyYdeG3xKb
fllZ3qebo/bKvdt0ewSBSsFTylJZ59lKn6FhEt+oVi7a0rdVagJ3xw/IgA3FIksB
TEuE79KQys9tHEyu5ETOlpVv4zRXCSvty5Q/p+1BKOtbV978OGIXfuQFBatr124x
RKbSl/AHVxT29Edy7HcxyB8Vqb7WBst0TWNsd4vthyPXk76MGKdN/tPr9stxKfW8
y3jqgBL1D/Tc++rGkjGl/EqqRXW1
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org