Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/nGZuLiyZU5HCjk_lf-Xt4NEeOzM.roa
File: nGZuLiyZU5HCjk_lf-Xt4NEeOzM.roa (raw, json)
Hash identifier: Wa3xpdhd3OEpM4PdKgMEVLqUa8hHN31A0BQBjOu/458=
Subject key identifier: 9C:66:6E:2E:2C:99:53:91:C2:8E:4F:E5:7F:E5:ED:E0:D1:1E:3B:33
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0188DA0F6EA2B5CBF2479CA1BECB9F8CB292
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/nGZuLiyZU5HCjk_lf-Xt4NEeOzM.roa
Signing time: Tue 20 Jun 2023 18:27:04 +0000
ROA not before: Tue 20 Jun 2023 18:27:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.250.244.0/24 maxlen: 24
89.37.128.0/24 maxlen: 24
93.114.69.0/24 maxlen: 24
89.40.43.0/24 maxlen: 24
188.211.249.0/24 maxlen: 24
94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:da:0f:6e:a2:b5:cb:f2:47:9c:a1:be:cb:9f:8c:b2:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jun 20 18:27:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9c666e2e2c995391c28e4fe57fe5ede0d11e3b33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:83:a6:0c:2e:0a:6a:32:be:1e:23:fd:63:33:
4d:2d:0f:50:41:f7:cd:8f:03:3d:50:0a:a4:3b:34:
8d:ea:df:ee:5c:9c:6f:dc:a4:e2:be:7d:3b:db:a9:
a6:27:1d:f2:dc:87:e8:27:16:51:a9:fb:6e:d1:7d:
01:39:6d:7f:c9:4e:0b:0d:ad:4f:41:6c:cc:42:95:
3a:8c:d7:fa:02:7d:41:4e:cb:b9:98:97:dd:41:66:
63:c0:1d:30:4c:ad:cc:02:b9:1e:20:18:28:ec:90:
76:99:aa:c9:58:9f:3f:bf:5b:38:25:72:b6:9e:60:
2f:f2:92:d4:15:b7:2e:0a:31:a0:ba:e0:69:d3:54:
d0:07:b8:e7:26:46:58:1c:67:8b:51:74:b4:f3:b6:
be:0f:41:69:27:72:ba:b0:85:a1:4e:2a:da:97:50:
18:49:82:21:17:a6:ca:0e:7d:c3:3d:f3:bb:99:be:
c2:f4:70:9a:01:71:31:a7:09:81:32:2a:d0:89:84:
6b:d5:50:71:ee:d1:52:47:56:de:3a:0b:ac:7e:06:
9a:7f:83:ee:c9:60:4f:45:f6:1e:be:5f:02:6a:98:
04:9b:94:77:44:ed:3f:df:62:6d:47:37:1d:c1:da:
15:aa:54:3d:e4:eb:be:42:56:02:5a:73:57:e0:c7:
5d:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:66:6E:2E:2C:99:53:91:C2:8E:4F:E5:7F:E5:ED:E0:D1:1E:3B:33
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/nGZuLiyZU5HCjk_lf-Xt4NEeOzM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.37.128.0/24
89.40.43.0/24
91.250.244.0/24
93.114.69.0/24
94.177.113.0/24
94.177.118.0/24
188.211.249.0/24
Signature Algorithm: sha256WithRSAEncryption
86:f5:2d:cb:b9:16:24:9b:d5:68:a1:c7:fb:75:ad:d4:b0:ce:
02:41:b8:29:d8:d6:67:e4:cf:b5:c8:48:54:c7:66:f2:53:05:
92:a6:f3:bd:f9:f2:67:02:35:6b:7e:36:d0:2d:80:f6:15:13:
29:4b:04:76:e7:96:4b:9b:23:fa:f5:2b:58:bf:60:4c:25:aa:
4c:57:39:2c:1b:af:da:87:5b:8c:bd:ca:4d:cc:6a:eb:ac:86:
54:06:8b:71:84:a1:3d:dc:38:e7:81:be:76:48:a3:d0:ad:57:
5b:11:51:82:60:ea:35:0b:67:2b:03:98:ba:a9:d7:ff:00:50:
2e:af:f8:a6:5d:c4:aa:a1:9f:f0:bb:00:ff:c4:63:d5:7d:26:
15:ca:24:72:2f:99:c2:c4:e0:89:1c:ba:a2:95:7a:5d:32:f4:
cd:0c:61:45:d1:7d:5d:9f:25:de:58:05:0e:57:33:ce:c7:9a:
a6:6c:53:62:8b:43:ac:19:d6:52:24:92:8d:ba:c7:2b:2c:44:
e3:64:51:50:22:24:cf:38:3f:99:98:28:2b:9a:8e:e2:17:16:
75:99:37:41:80:b3:fe:2d:44:1e:b1:ae:ab:a8:86:e3:ed:a5:
78:d0:c8:1d:ba:a1:f1:55:c4:a5:15:b1:4a:7b:b0:c7:c7:cb:
0e:43:ff:b0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYjaD26itcvyR5yhvsufjLKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNjIwMTgyNzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY2NmUyZTJjOTk1MzkxYzI4ZTRmZTU3ZmU1ZWRlMGQxMWUzYjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYOmDC4KajK+HiP9YzNNLQ9QQffN
jwM9UAqkOzSN6t/uXJxv3KTivn0726mmJx3y3IfoJxZRqftu0X0BOW1/yU4LDa1P
QWzMQpU6jNf6An1BTsu5mJfdQWZjwB0wTK3MArkeIBgo7JB2marJWJ8/v1s4JXK2
nmAv8pLUFbcuCjGguuBp01TQB7jnJkZYHGeLUXS087a+D0FpJ3K6sIWhTiral1AY
SYIhF6bKDn3DPfO7mb7C9HCaAXExpwmBMirQiYRr1VBx7tFSR1beOgusfgaaf4Pu
yWBPRfYevl8CapgEm5R3RO0/32JtRzcdwdoVqlQ95Ou+QlYCWnNX4MddmwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJxmbi4smVORwo5P5X/l7eDRHjszMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvbkdadUxpeVpVNUhDamtfbGYtWHQ0TkVlT3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAWSWAAwQA
WSgrAwQAW/r0AwQAXXJFAwQAXrFxAwQAXrF2AwQAvNP5MA0GCSqGSIb3DQEBCwUA
A4IBAQCG9S3LuRYkm9Voocf7da3UsM4CQbgp2NZn5M+1yEhUx2byUwWSpvO9+fJn
AjVrfjbQLYD2FRMpSwR255ZLmyP69StYv2BMJapMVzksG6/ah1uMvcpNzGrrrIZU
BotxhKE93Djngb52SKPQrVdbEVGCYOo1C2crA5i6qdf/AFAur/imXcSqoZ/wuwD/
xGPVfSYVyiRyL5nCxOCJHLqilXpdMvTNDGFF0X1dnyXeWAUOVzPOx5qmbFNii0Os
GdZSJJKNuscrLETjZFFQIiTPOD+ZmCgrmo7iFxZ1mTdBgLP+LUQesa6rqIbj7aV4
0MgduqHxVcSlFbFKe7DHx8sOQ/+w
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org