Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/nkZmgRcj6uzkrHwrP3U1-uEXN7M.roa
File: nkZmgRcj6uzkrHwrP3U1-uEXN7M.roa (raw, json)
Hash identifier: pI1IjlALdpidnxciwd3CtinR5jy0nnPwipjlRt6wDYQ=
Subject key identifier: 9E:46:66:81:17:23:EA:EC:E4:AC:7C:2B:3F:75:35:FA:E1:17:37:B3
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0185E0FECD5C8E7B6D488A3F2769FC19E2C3
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/nkZmgRcj6uzkrHwrP3U1-uEXN7M.roa
Signing time: Mon 23 Jan 2023 23:37:53 +0000
ROA not before: Mon 23 Jan 2023 23:37:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 93.115.155.0/24 maxlen: 24
94.177.27.0/24 maxlen: 24
86.104.209.0/24 maxlen: 24
217.19.1.0/24 maxlen: 24
89.42.40.0/24 maxlen: 24
185.77.249.0/24 maxlen: 24
84.247.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:e0:fe:cd:5c:8e:7b:6d:48:8a:3f:27:69:fc:19:e2:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jan 23 23:37:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9e4666811723eaece4ac7c2b3f7535fae11737b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:f4:e1:26:48:87:c6:c2:77:3f:cf:91:b6:32:
c6:d6:8e:ee:b9:67:be:a9:8e:5c:80:13:a4:ef:dd:
21:d1:11:76:3d:80:6b:a4:92:c7:71:9d:24:65:77:
44:62:fc:01:f6:1b:1e:18:2a:a0:09:8a:fc:f2:8c:
52:8b:a1:cd:7a:0a:10:67:4e:44:57:fc:38:b3:6c:
7c:cb:d0:35:36:52:12:bb:8f:b9:da:ac:1d:93:83:
03:5a:5c:31:4b:02:4b:06:52:b1:70:4a:69:23:02:
21:d1:90:cb:71:8b:b9:9c:dc:8f:b1:bb:0a:f6:a7:
d4:92:f5:22:dd:cf:82:b6:38:70:1a:73:e7:1f:36:
ec:1f:ae:2e:b7:43:68:90:a6:26:45:f6:98:b1:32:
cf:ff:f5:45:cb:94:7f:cc:2b:ea:e0:dc:2f:88:31:
21:63:c3:0f:67:89:a4:de:9a:52:1b:ab:06:83:fd:
03:19:c2:fc:3e:6b:77:e0:f9:2f:02:bb:7a:6b:70:
06:01:8d:a8:ee:9e:32:c4:1f:9a:56:c9:bc:b6:21:
ee:3b:8d:40:b1:c7:30:7d:6e:07:86:18:39:e6:c7:
23:df:63:d1:8b:3d:ca:62:db:37:bf:93:03:9e:aa:
ba:a4:ef:55:64:dc:5c:ea:45:a7:e2:14:1f:56:2d:
a5:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:46:66:81:17:23:EA:EC:E4:AC:7C:2B:3F:75:35:FA:E1:17:37:B3
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/nkZmgRcj6uzkrHwrP3U1-uEXN7M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.247.59.0/24
86.104.209.0/24
89.42.40.0/24
93.115.155.0/24
94.177.27.0/24
185.77.249.0/24
217.19.1.0/24
Signature Algorithm: sha256WithRSAEncryption
65:41:ea:24:e3:07:b2:24:8f:3a:45:0f:5b:de:82:ee:bb:28:
e8:4f:1e:8e:2d:da:68:a8:11:b6:a4:96:42:43:5a:09:00:cf:
fd:74:1d:ba:4d:22:df:c0:41:8a:c6:1f:b8:20:a9:b8:b2:fe:
b7:6c:4a:73:38:e9:97:a8:11:c5:9e:da:74:25:2d:10:c6:c0:
fe:a7:ba:fb:32:74:a4:ee:5a:b0:5e:73:1b:53:a1:a9:8c:6c:
8d:b7:07:5b:0d:b2:c4:ea:56:9d:72:27:e5:68:9b:32:28:d1:
3d:5e:0e:56:62:4c:85:bf:ad:7b:90:1e:8a:81:32:a9:00:a0:
8a:3d:b2:d3:f0:8d:04:8a:b3:60:0e:77:b7:e4:6e:bf:13:37:
65:e2:4f:5d:29:2f:9a:d1:ec:23:eb:37:77:97:a0:3a:a3:c4:
fc:99:14:50:5f:83:3e:3d:39:d0:ba:c2:63:2b:3b:06:60:95:
f3:ae:16:26:b7:b0:79:dd:54:44:4f:d2:5b:26:22:01:75:62:
46:f3:4a:da:01:b1:98:f6:34:96:9f:a2:8d:78:ac:79:23:ff:
d7:59:45:b3:74:3b:f0:b0:ab:ed:ac:3e:3b:4c:fa:b2:77:8e:
d5:77:3e:e3:ac:a7:aa:f4:1e:82:ba:01:e7:66:dd:96:a7:62:
35:d6:17:e7
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYXg/s1cjnttSIo/J2n8GeLDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwMTIzMjMzNzUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQ2NjY4MTE3MjNlYWVjZTRhYzdjMmIzZjc1MzVmYWUxMTczN2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/ThJkiHxsJ3P8+RtjLG1o7uuWe+
qY5cgBOk790h0RF2PYBrpJLHcZ0kZXdEYvwB9hseGCqgCYr88oxSi6HNegoQZ05E
V/w4s2x8y9A1NlISu4+52qwdk4MDWlwxSwJLBlKxcEppIwIh0ZDLcYu5nNyPsbsK
9qfUkvUi3c+CtjhwGnPnHzbsH64ut0NokKYmRfaYsTLP//VFy5R/zCvq4NwviDEh
Y8MPZ4mk3ppSG6sGg/0DGcL8Pmt34PkvArt6a3AGAY2o7p4yxB+aVsm8tiHuO41A
sccwfW4Hhhg55scj32PRiz3KYts3v5MDnqq6pO9VZNxc6kWn4hQfVi2lRwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJ5GZoEXI+rs5Kx8Kz91NfrhFzezMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvbmtabWdSY2o2dXprckh3clAzVTEtdUVYTjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAVPc7AwQA
VmjRAwQAWSooAwQAXXObAwQAXrEbAwQAuU35AwQA2RMBMA0GCSqGSIb3DQEBCwUA
A4IBAQBlQeok4weyJI86RQ9b3oLuuyjoTx6OLdpoqBG2pJZCQ1oJAM/9dB26TSLf
wEGKxh+4IKm4sv63bEpzOOmXqBHFntp0JS0QxsD+p7r7MnSk7lqwXnMbU6GpjGyN
twdbDbLE6ladciflaJsyKNE9Xg5WYkyFv617kB6KgTKpAKCKPbLT8I0EirNgDne3
5G6/Ezdl4k9dKS+a0ewj6zd3l6A6o8T8mRRQX4M+PTnQusJjKzsGYJXzrhYmt7B5
3VRET9JbJiIBdWJG80raAbGY9jSWn6KNeKx5I//XWUWzdDvwsKvtrD47TPqyd47V
dz7jrKeq9B6CugHnZt2Wp2I11hfn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org