Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/lzknk6B9VQpk_SYXA-qYHvLqXNw.roa
File: lzknk6B9VQpk_SYXA-qYHvLqXNw.roa (raw, json)
Hash identifier: x/t1ecEzj7QB2cgb30ljorFbJkc3S8CX9O6ZPvGdOok=
Subject key identifier: 97:39:27:93:A0:7D:55:0A:64:FD:26:17:03:EA:98:1E:F2:EA:5C:DC
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0183CABBED13CC4D8115A547640F47D90C1D
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/lzknk6B9VQpk_SYXA-qYHvLqXNw.roa
Signing time: Wed 12 Oct 2022 05:47:37 +0000
ROA not before: Wed 12 Oct 2022 05:47:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 93.115.155.0/24 maxlen: 24
212.237.224.0/22 maxlen: 24
86.104.209.0/24 maxlen: 24
94.177.65.0/24 maxlen: 24
93.115.111.0/24 maxlen: 24
217.19.1.0/24 maxlen: 24
84.247.59.0/24 maxlen: 24
185.77.249.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:ca:bb:ed:13:cc:4d:81:15:a5:47:64:0f:47:d9:0c:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Oct 12 05:47:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=97392793a07d550a64fd261703ea981ef2ea5cdc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:00:82:34:09:34:88:4c:2d:50:25:3e:a8:f3:
ba:b9:d1:42:8e:f7:0c:1a:2c:ed:bb:51:5f:a3:e1:
04:43:93:50:61:62:13:b8:43:18:5a:9a:45:e9:0d:
ac:fa:ac:c8:2f:71:3d:91:5a:86:47:4a:83:3c:3a:
cf:e8:ad:e0:05:20:9b:cb:45:c7:fb:cb:28:18:18:
5f:b2:e4:f7:ad:71:80:08:e8:6d:f1:40:82:59:87:
d7:5b:f1:41:54:9c:1a:dd:b7:d7:c6:48:b1:1d:6c:
4b:b3:9b:67:16:fe:30:3f:42:5c:82:66:ad:a5:c9:
63:83:b8:cb:51:23:9d:06:52:0c:e1:9f:ae:38:cd:
a9:0c:d7:f1:a9:cb:e6:f3:3b:13:b3:b1:f9:a9:06:
ae:44:ad:c9:47:16:5f:d1:70:c4:52:7f:82:56:b8:
fc:71:59:b2:9a:c2:d5:9b:66:26:94:38:29:c0:05:
3c:fb:cf:80:68:4b:20:b8:e9:96:8f:00:7c:c1:95:
f8:d9:b8:4b:86:09:9f:91:d3:94:c5:6c:ba:4f:4d:
34:e0:0f:2a:39:b3:41:9f:1d:a4:d0:0e:ed:0f:84:
95:c1:be:d1:c9:51:00:5a:20:ab:a6:07:cd:f6:eb:
fe:41:39:6b:36:a6:31:8e:62:16:de:66:fb:2c:d6:
ca:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:39:27:93:A0:7D:55:0A:64:FD:26:17:03:EA:98:1E:F2:EA:5C:DC
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/lzknk6B9VQpk_SYXA-qYHvLqXNw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.247.59.0/24
86.104.209.0/24
93.115.111.0/24
93.115.155.0/24
94.177.65.0/24
185.77.249.0/24
212.237.224.0/22
217.19.1.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:98:6e:cc:53:8c:3e:b5:68:e4:e7:64:53:b2:04:19:c4:a4:
76:f3:49:0e:91:5d:63:c5:08:df:24:90:65:80:5d:0e:b8:12:
c8:8f:87:cb:1e:1c:1a:52:5c:96:eb:2a:a7:a0:0c:f6:19:3f:
f2:02:25:9d:58:8f:7a:44:db:e8:95:ab:ba:6b:62:7b:b2:32:
d9:4a:52:9d:7c:d5:08:68:ce:2d:66:70:46:56:f4:75:3d:13:
52:04:c2:c8:51:f7:40:18:9b:11:9c:9a:27:26:61:d1:e4:55:
30:26:a3:96:4a:88:69:a4:a3:8b:06:e9:59:82:27:b0:51:98:
2b:0c:44:ba:a9:f8:ca:84:41:45:3f:60:43:b3:94:b2:2c:84:
58:f4:2a:70:4a:16:ab:3a:97:7d:f3:e9:54:9f:3b:29:3e:fb:
40:37:9f:aa:4c:1d:b4:f8:8d:c4:b7:73:b6:0a:20:e0:3d:94:
5c:b9:67:bd:e2:7f:32:ed:fb:e1:b1:8e:45:74:c2:2a:9c:7b:
9f:d8:f9:4e:0f:ec:62:f5:29:26:a9:f0:02:be:dd:e8:6a:88:
de:ca:3a:d8:c0:98:74:50:fb:62:cd:58:21:e0:b6:63:c3:e6:
f1:23:c0:e2:97:97:e4:72:a4:51:3b:7f:b1:bc:f1:62:03:c7:
1e:7f:d7:1f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYPKu+0TzE2BFaVHZA9H2QwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjIxMDEyMDU0NzM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzM5Mjc5M2EwN2Q1NTBhNjRmZDI2MTcwM2VhOTgxZWYyZWE1Y2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiACCNAk0iEwtUCU+qPO6udFCjvcM
Giztu1Ffo+EEQ5NQYWITuEMYWppF6Q2s+qzIL3E9kVqGR0qDPDrP6K3gBSCby0XH
+8soGBhfsuT3rXGACOht8UCCWYfXW/FBVJwa3bfXxkixHWxLs5tnFv4wP0Jcgmat
pcljg7jLUSOdBlIM4Z+uOM2pDNfxqcvm8zsTs7H5qQauRK3JRxZf0XDEUn+CVrj8
cVmymsLVm2YmlDgpwAU8+8+AaEsguOmWjwB8wZX42bhLhgmfkdOUxWy6T0004A8q
ObNBnx2k0A7tD4SVwb7RyVEAWiCrpgfN9uv+QTlrNqYxjmIW3mb7LNbKiQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJc5J5OgfVUKZP0mFwPqmB7y6lzcMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvbHprbms2QjlWUXBrX1NZWEEtcVlIdkxxWE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAVPc7AwQA
VmjRAwQAXXNvAwQAXXObAwQAXrFBAwQAuU35AwQC1O3gAwQA2RMBMA0GCSqGSIb3
DQEBCwUAA4IBAQCKmG7MU4w+tWjk52RTsgQZxKR280kOkV1jxQjfJJBlgF0OuBLI
j4fLHhwaUlyW6yqnoAz2GT/yAiWdWI96RNvolau6a2J7sjLZSlKdfNUIaM4tZnBG
VvR1PRNSBMLIUfdAGJsRnJonJmHR5FUwJqOWSohppKOLBulZgiewUZgrDES6qfjK
hEFFP2BDs5SyLIRY9CpwSharOpd98+lUnzspPvtAN5+qTB20+I3Et3O2CiDgPZRc
uWe94n8y7fvhsY5FdMIqnHuf2PlOD+xi9SkmqfACvt3oaojeyjrYwJh0UPtizVgh
4LZjw+bxI8Dil5fkcqRRO3+xvPFiA8cef9cf
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:05 2023 by rpki-client on console-fra.rpki-client.org