Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/rtfFFq1Bj2FLXHZzC6rqfd-TwHY.roa
File: rtfFFq1Bj2FLXHZzC6rqfd-TwHY.roa (raw, json)
Hash identifier: qRakSiryA7aBwejGRj56vAitYX5nrQjNU0ycM1luXdI=
Subject key identifier: AE:D7:C5:16:AD:41:8F:61:4B:5C:76:73:0B:AA:EA:7D:DF:93:C0:76
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018D661608237F6B156CD9CD3F4AA3092D72
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/rtfFFq1Bj2FLXHZzC6rqfd-TwHY.roa
Signing time: Thu 01 Feb 2024 19:12:16 +0000
ROA not before: Thu 01 Feb 2024 19:12:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209706
IP address blocks: 62.112.12.0/23 maxlen: 24
86.105.104.0/22 maxlen: 24
89.36.32.0/22 maxlen: 24
89.36.236.0/22 maxlen: 24
89.37.188.0/22 maxlen: 24
89.37.216.0/23 maxlen: 24
89.37.228.0/22 maxlen: 24
91.232.136.0/22 maxlen: 24
93.113.184.0/21 maxlen: 24
94.190.248.0/22 maxlen: 24
185.77.250.0/23 maxlen: 24
185.172.20.0/22 maxlen: 22
188.211.252.0/22 maxlen: 24
188.212.104.0/22 maxlen: 22
188.240.40.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:66:16:08:23:7f:6b:15:6c:d9:cd:3f:4a:a3:09:2d:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Feb 1 19:12:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aed7c516ad418f614b5c76730baaea7ddf93c076
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:75:1f:af:13:5c:e7:6b:df:46:06:38:32:e5:
9f:ea:a1:c3:79:50:a0:91:3f:e1:de:4f:3f:14:ce:
61:9a:13:36:e0:7e:ad:da:7d:83:64:e5:19:41:82:
68:f4:98:f0:c9:05:25:b3:32:50:df:a1:d0:0a:50:
da:71:a0:51:dc:b8:18:35:f7:b6:19:92:f0:6d:4b:
19:18:c1:fa:78:da:de:12:a7:03:91:02:d9:78:d2:
00:66:0d:bf:0a:43:84:31:37:b4:7a:ac:eb:f6:2f:
34:c0:fa:45:b6:ea:f6:e6:35:71:e1:39:ca:13:5e:
04:18:7c:20:8e:87:c0:47:03:77:e3:33:f0:44:41:
6b:2b:bd:e1:1c:9e:55:16:1f:10:f6:f1:8b:53:3c:
e9:6e:e3:1f:10:c0:6e:64:df:7d:de:ea:3e:5b:26:
ba:a1:c7:0d:ba:fb:dd:dd:ab:c6:22:6a:98:99:41:
d3:7b:41:6e:ba:0c:31:7a:36:88:55:0c:6a:87:27:
d6:80:7b:59:5b:91:8b:db:88:93:c5:90:aa:09:75:
c4:a2:b7:c4:1c:f7:dd:85:3f:78:0a:3f:33:3a:84:
af:10:ee:5e:f9:5d:3c:90:99:ca:c3:21:50:05:aa:
11:b0:09:0c:74:c8:5d:42:51:a2:ac:20:da:34:a4:
43:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:D7:C5:16:AD:41:8F:61:4B:5C:76:73:0B:AA:EA:7D:DF:93:C0:76
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/rtfFFq1Bj2FLXHZzC6rqfd-TwHY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.12.0/23
86.105.104.0/22
89.36.32.0/22
89.36.236.0/22
89.37.188.0/22
89.37.216.0/23
89.37.228.0/22
91.232.136.0/22
93.113.184.0/21
94.190.248.0/22
185.77.250.0/23
185.172.20.0/22
188.211.252.0/22
188.212.104.0/22
188.240.40.0/23
Signature Algorithm: sha256WithRSAEncryption
73:6a:62:6f:02:c6:53:47:24:8a:96:7d:bd:a4:15:db:ef:c9:
d8:47:6b:89:e3:dc:f7:c4:24:44:8b:85:2c:03:9d:ba:ed:55:
62:58:2a:a0:36:dc:f1:0f:d7:a3:8f:85:4d:03:28:a7:52:c3:
65:36:36:47:8e:f6:53:6b:be:64:d8:f4:e8:56:03:08:4c:69:
eb:f7:f5:98:ac:11:c6:c2:c3:49:37:5f:88:fb:16:1f:af:41:
fa:2a:6d:cf:ef:27:37:d2:52:89:6f:a1:b3:b4:c4:4e:68:13:
18:f6:8f:f7:a7:52:57:11:32:10:a9:2b:e4:a2:86:71:4d:b4:
a8:8a:0a:84:22:8d:07:fa:aa:bc:76:78:f6:dd:fe:9f:96:c7:
ce:73:3f:37:15:5d:2a:45:d9:03:65:f8:51:7c:b9:6f:e7:eb:
25:29:cf:07:10:8a:58:5d:0f:df:c0:bd:83:0d:22:73:2b:c5:
8e:ac:be:0c:68:7a:e5:fc:4f:be:ba:80:9d:ac:c7:7b:99:2c:
ea:93:c6:86:11:4c:46:90:9f:4c:50:fa:cd:af:3f:58:5f:e3:
4e:f0:30:6a:3b:76:ca:61:03:62:20:3c:be:2e:a3:54:5a:00:
6d:95:06:10:cf:f9:a6:9c:29:f1:d9:a5:5d:85:bd:1f:4e:e6:
7e:96:85:a6
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY1mFggjf2sVbNnNP0qjCS1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMjAxMTkxMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWQ3YzUxNmFkNDE4ZjYxNGI1Yzc2NzMwYmFhZWE3ZGRmOTNjMDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnUfrxNc52vfRgY4MuWf6qHDeVCg
kT/h3k8/FM5hmhM24H6t2n2DZOUZQYJo9JjwyQUlszJQ36HQClDacaBR3LgYNfe2
GZLwbUsZGMH6eNreEqcDkQLZeNIAZg2/CkOEMTe0eqzr9i80wPpFtur25jVx4TnK
E14EGHwgjofARwN34zPwREFrK73hHJ5VFh8Q9vGLUzzpbuMfEMBuZN993uo+Wya6
occNuvvd3avGImqYmUHTe0FuugwxejaIVQxqhyfWgHtZW5GL24iTxZCqCXXEorfE
HPfdhT94Cj8zOoSvEO5e+V08kJnKwyFQBaoRsAkMdMhdQlGirCDaNKRDOwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFK7XxRatQY9hS1x2cwuq6n3fk8B2MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvcnRmRkZxMUJqMkZMWEhaekM2cnFmZC1Ud0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQBPnAMAwQC
VmloAwQCWSQgAwQCWSTsAwQCWSW8AwQBWSXYAwQCWSXkAwQCW+iIAwQDXXG4AwQC
Xr74AwQBuU36AwQCuawUAwQCvNP8AwQCvNRoAwQBvPAoMA0GCSqGSIb3DQEBCwUA
A4IBAQBzamJvAsZTRySKln29pBXb78nYR2uJ49z3xCREi4UsA5267VViWCqgNtzx
D9ejj4VNAyinUsNlNjZHjvZTa75k2PToVgMITGnr9/WYrBHGwsNJN1+I+xYfr0H6
Km3P7yc30lKJb6GztMROaBMY9o/3p1JXETIQqSvkooZxTbSoigqEIo0H+qq8dnj2
3f6flsfOcz83FV0qRdkDZfhRfLlv5+slKc8HEIpYXQ/fwL2DDSJzK8WOrL4MaHrl
/E++uoCdrMd7mSzqk8aGEUxGkJ9MUPrNrz9YX+NO8DBqO3bKYQNiIDy+LqNUWgBt
lQYQz/mmnCnx2aVdhb0fTuZ+loWm
-----END CERTIFICATE-----
Generated at Thu Feb 8 13:44:38 2024 by rpki-client on console-ams.rpki-client.org