Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/qlbo67oY_2ZYs3a6_rX7qOH-Hso.roa
File: qlbo67oY_2ZYs3a6_rX7qOH-Hso.roa (raw, json)
Hash identifier: 6HvSRogkUdFI1RVqpSgqeQKUD94nKcIO4rvrM5WiprE=
Subject key identifier: AA:56:E8:EB:BA:18:FF:66:58:B3:76:BA:FE:B5:FB:A8:E1:FE:1E:CA
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018B4BC09C8AAB2B6828C2631D9A22794647
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/qlbo67oY_2ZYs3a6_rX7qOH-Hso.roa
Signing time: Fri 20 Oct 2023 06:23:16 +0000
ROA not before: Fri 20 Oct 2023 06:23:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 37.153.132.0/24 maxlen: 24
188.240.83.0/24 maxlen: 24
84.247.20.0/24 maxlen: 24
89.37.106.0/24 maxlen: 24
91.250.244.0/24 maxlen: 24
89.42.40.0/24 maxlen: 24
62.112.30.0/24 maxlen: 24
89.34.171.0/24 maxlen: 24
77.81.1.0/24 maxlen: 24
89.44.210.0/24 maxlen: 24
89.36.231.0/24 maxlen: 24
89.42.215.0/24 maxlen: 24
46.102.174.0/24 maxlen: 24
89.37.128.0/24 maxlen: 24
176.223.181.0/24 maxlen: 24
93.114.69.0/24 maxlen: 24
89.40.43.0/24 maxlen: 24
176.223.190.0/24 maxlen: 24
188.211.249.0/24 maxlen: 24
94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:4b:c0:9c:8a:ab:2b:68:28:c2:63:1d:9a:22:79:46:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Oct 20 06:23:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aa56e8ebba18ff6658b376bafeb5fba8e1fe1eca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:63:29:69:8b:8e:67:11:78:b3:a5:50:f1:b8:
78:7e:f3:8b:1f:68:bf:f7:4a:07:8b:5e:77:7b:35:
d7:9e:00:ab:89:d5:43:06:45:a0:63:8c:78:ed:87:
aa:72:58:5c:68:9d:6c:a8:d4:f3:84:f1:56:a2:36:
63:54:a0:e8:c7:ce:e6:1b:67:1e:ae:f5:14:fb:87:
21:2a:5d:36:01:d2:e2:a2:b9:08:07:24:bd:47:12:
88:c9:e6:d1:58:aa:2c:97:4f:80:4b:f3:81:17:cb:
3a:c8:b4:d6:29:e1:c6:9a:6d:71:5e:74:f2:5c:6a:
0a:bc:8c:75:6e:af:80:31:18:78:6f:08:7f:6b:36:
28:4d:4e:19:4c:e9:4b:b1:44:85:b0:c6:d9:00:bc:
ab:bb:c9:0d:5c:81:18:46:3e:ec:1f:11:35:9a:cf:
2d:0d:3b:d2:b4:a0:6c:77:1e:25:ae:01:cf:cd:4a:
8a:0b:b4:7c:36:fc:eb:1b:d4:f1:8b:c6:da:ec:2c:
a7:50:24:52:55:c6:9b:a2:4c:63:ea:75:89:af:0f:
a6:d2:d7:62:92:9b:d2:03:a5:ad:d3:7b:3f:1a:d8:
eb:63:1f:54:90:db:d0:b9:58:2b:d1:fe:7e:72:2e:
7f:44:d9:09:ea:83:b7:e1:84:64:cc:cb:59:a0:c4:
9a:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:56:E8:EB:BA:18:FF:66:58:B3:76:BA:FE:B5:FB:A8:E1:FE:1E:CA
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/qlbo67oY_2ZYs3a6_rX7qOH-Hso.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.153.132.0/24
46.102.174.0/24
62.112.30.0/24
77.81.1.0/24
84.247.20.0/24
89.34.171.0/24
89.36.231.0/24
89.37.106.0/24
89.37.128.0/24
89.40.43.0/24
89.42.40.0/24
89.42.215.0/24
89.44.210.0/24
91.250.244.0/24
93.114.69.0/24
94.177.113.0/24
94.177.118.0/24
176.223.181.0/24
176.223.190.0/24
188.211.249.0/24
188.240.83.0/24
Signature Algorithm: sha256WithRSAEncryption
07:74:78:ca:75:e0:33:90:7e:15:3b:ce:65:c4:d5:20:70:63:
7c:b3:55:15:41:c1:ad:22:61:bf:f2:e6:93:1f:2d:fa:75:21:
dd:7d:03:24:35:b7:bf:a9:34:41:46:0b:68:ec:a6:d9:38:ee:
09:66:e6:1d:b2:ad:bc:1b:a0:30:56:2b:0e:3f:80:97:86:eb:
53:4a:78:28:48:2d:dd:9f:2e:bd:65:4a:03:32:94:5d:07:66:
cf:58:fc:e6:92:96:c7:24:2e:dd:14:b7:20:8a:df:cf:fe:f6:
09:98:83:12:5c:eb:b0:ed:7d:b7:b9:ae:82:86:e8:60:b7:cf:
e5:af:b2:b4:ff:28:33:60:e4:29:5e:34:af:b8:7e:d4:ad:fd:
2a:d2:f9:1e:d7:8f:6c:d2:f1:3e:5e:20:0c:fb:91:07:67:02:
ff:02:8b:b6:e7:de:05:8d:ca:00:73:37:60:36:19:16:5e:2a:
cc:18:e1:f9:b4:31:7b:22:36:a5:23:a0:0b:01:fd:6d:62:52:
0a:2d:29:6d:e5:eb:f8:d2:2d:8f:87:72:66:62:c1:d4:27:e9:
f8:bb:c2:cf:b1:6d:d0:93:ee:d7:9d:0a:9e:ae:0b:b4:63:c8:
21:5e:ed:d1:41:9d:fc:c3:e8:10:f3:c9:db:fb:69:b6:77:95:
de:82:1a:33
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYtLwJyKqytoKMJjHZoieUZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMDIwMDYyMzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTU2ZThlYmJhMThmZjY2NThiMzc2YmFmZWI1ZmJhOGUxZmUxZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGMpaYuOZxF4s6VQ8bh4fvOLH2i/
90oHi153ezXXngCridVDBkWgY4x47YeqclhcaJ1sqNTzhPFWojZjVKDox87mG2ce
rvUU+4chKl02AdLiorkIByS9RxKIyebRWKosl0+AS/OBF8s6yLTWKeHGmm1xXnTy
XGoKvIx1bq+AMRh4bwh/azYoTU4ZTOlLsUSFsMbZALyru8kNXIEYRj7sHxE1ms8t
DTvStKBsdx4lrgHPzUqKC7R8NvzrG9Txi8ba7CynUCRSVcabokxj6nWJrw+m0tdi
kpvSA6Wt03s/GtjrYx9UkNvQuVgr0f5+ci5/RNkJ6oO34YRkzMtZoMSa4QIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFKpW6Ou6GP9mWLN2uv61+6jh/h7KMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvcWxibzY3b1lfMlpZczNhNl9yWDdxT0gtSHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEACWZ
hAMEAC5mrgMEAD5wHgMEAE1RAQMEAFT3FAMEAFkiqwMEAFkk5wMEAFklagMEAFkl
gAMEAFkoKwMEAFkqKAMEAFkq1wMEAFks0gMEAFv69AMEAF1yRQMEAF6xcQMEAF6x
dgMEALDftQMEALDfvgMEALzT+QMEALzwUzANBgkqhkiG9w0BAQsFAAOCAQEAB3R4
ynXgM5B+FTvOZcTVIHBjfLNVFUHBrSJhv/Lmkx8t+nUh3X0DJDW3v6k0QUYLaOym
2TjuCWbmHbKtvBugMFYrDj+Al4brU0p4KEgt3Z8uvWVKAzKUXQdmz1j85pKWxyQu
3RS3IIrfz/72CZiDElzrsO19t7mugoboYLfP5a+ytP8oM2DkKV40r7h+1K39KtL5
HtePbNLxPl4gDPuRB2cC/wKLtufeBY3KAHM3YDYZFl4qzBjh+bQxeyI2pSOgCwH9
bWJSCi0pbeXr+NItj4dyZmLB1Cfp+LvCz7Ft0JPu150Knq4LtGPIIV7t0UGd/MPo
EPPJ2/tptneV3oIaMw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org