Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vCQ02CLcbRwXcmWxvRB0NmqWyfE.roa
File: vCQ02CLcbRwXcmWxvRB0NmqWyfE.roa (raw, json)
Hash identifier: WCQ4ixcxRw61R9iXZh23maZl4wg3LAFQadU9vb463ms=
Subject key identifier: BC:24:34:D8:22:DC:6D:1C:17:72:65:B1:BD:10:74:36:6A:96:C9:F1
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018C21BF1A951A12CC78673CCD3E3222F46C
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vCQ02CLcbRwXcmWxvRB0NmqWyfE.roa
Signing time: Thu 30 Nov 2023 19:40:21 +0000
ROA not before: Thu 30 Nov 2023 19:40:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 185.172.20.0/22 maxlen: 24
185.64.100.0/22 maxlen: 24
194.88.112.0/20 maxlen: 24
93.113.184.0/21 maxlen: 24
62.112.12.0/23 maxlen: 24
194.58.64.0/23 maxlen: 24
188.240.40.0/23 maxlen: 24
188.212.104.0/22 maxlen: 24
94.190.248.0/22 maxlen: 24
195.133.202.0/23 maxlen: 24
194.88.96.0/21 maxlen: 24
89.37.216.0/23 maxlen: 24
84.234.16.0/20 maxlen: 24
185.77.250.0/23 maxlen: 24
188.211.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:21:bf:1a:95:1a:12:cc:78:67:3c:cd:3e:32:22:f4:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Nov 30 19:40:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bc2434d822dc6d1c177265b1bd1074366a96c9f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:68:58:ea:11:6c:83:2a:ad:f5:66:d9:cb:45:
6e:de:a3:fb:9d:9d:16:e4:41:ae:61:ca:8c:be:cf:
53:f1:06:dd:33:79:f4:f2:2f:fe:11:0b:12:30:26:
7f:77:25:ea:c3:28:6b:82:28:4e:09:70:71:69:2d:
c8:89:8f:39:bc:26:c0:f3:e4:6c:b6:e8:8d:13:1b:
11:9b:07:81:ec:b7:80:9e:17:fb:7d:8a:e0:6f:39:
17:0b:cb:ac:9b:db:c0:b6:c1:a6:96:07:5b:8d:81:
87:7c:0c:e8:aa:76:90:21:67:ca:b2:02:1c:6a:ad:
e2:be:cc:90:58:78:68:43:a7:8d:f3:c5:39:ca:be:
8f:24:1c:6e:46:58:70:86:a7:76:0f:09:ea:4e:05:
f6:5f:7b:44:13:bb:76:bd:36:b9:f7:02:21:7d:05:
07:34:a5:cc:1a:6d:51:d2:cb:6a:ad:04:bb:b0:c9:
95:13:f1:e7:42:68:ca:12:78:9c:55:88:06:08:39:
ed:f5:e2:38:cc:bc:90:38:d2:2f:83:f9:91:c1:66:
fd:28:58:2a:8f:f6:30:f0:69:6d:17:ce:f3:37:9a:
55:3d:36:bc:c7:ef:38:fd:73:7b:71:15:31:e6:9c:
32:5a:e1:8c:06:b0:71:00:f1:0e:1e:53:b1:5b:87:
18:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:24:34:D8:22:DC:6D:1C:17:72:65:B1:BD:10:74:36:6A:96:C9:F1
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vCQ02CLcbRwXcmWxvRB0NmqWyfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.12.0/23
84.234.16.0/20
89.37.216.0/23
93.113.184.0/21
94.190.248.0/22
185.64.100.0/22
185.77.250.0/23
185.172.20.0/22
188.211.252.0/22
188.212.104.0/22
188.240.40.0/23
194.58.64.0/23
194.88.96.0/21
194.88.112.0/20
195.133.202.0/23
Signature Algorithm: sha256WithRSAEncryption
04:a5:cf:10:51:87:01:22:b5:6d:2b:26:d5:34:5e:48:e8:74:
00:05:bf:2c:05:5c:45:65:31:0e:27:ae:27:2f:a4:b0:0d:5a:
22:ff:2e:f3:19:a5:e7:d6:e1:b2:70:df:81:63:a5:1a:b5:4d:
38:c3:5b:ff:1a:ab:01:69:46:20:98:be:96:6e:37:b3:7f:e2:
88:2f:af:d3:40:74:6f:4d:1c:ca:f6:7c:91:88:08:b8:98:8c:
06:d7:ef:92:38:db:42:17:9b:16:cc:f1:59:31:72:c3:56:c2:
8a:eb:6c:0f:c4:78:98:97:30:94:b0:e4:b7:9d:74:c5:ce:29:
71:c8:41:e7:cc:f8:68:37:3c:13:4d:3b:01:ae:c4:68:e2:90:
26:a5:4d:bf:3d:87:bc:c0:9d:3f:c6:99:12:76:88:cf:33:a6:
6c:6f:b5:5e:ef:24:b4:74:95:4a:98:e0:fb:13:c2:44:f9:1e:
92:b3:78:64:a4:02:76:02:bf:42:17:af:d3:66:17:36:9f:e9:
89:cd:32:41:df:a8:bc:6e:bb:23:32:6b:e3:13:0e:59:8c:d8:
74:60:38:ec:e7:4b:b5:91:97:d4:55:f2:52:5e:6c:02:96:7e:
f6:5a:f3:ae:9d:03:57:dc:7a:3a:10:5c:02:d8:79:c4:5a:7e:
a8:4c:0d:db
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYwhvxqVGhLMeGc8zT4yIvRsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMTMwMTk0MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzI0MzRkODIyZGM2ZDFjMTc3MjY1YjFiZDEwNzQzNjZhOTZjOWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmhY6hFsgyqt9WbZy0Vu3qP7nZ0W
5EGuYcqMvs9T8QbdM3n08i/+EQsSMCZ/dyXqwyhrgihOCXBxaS3IiY85vCbA8+Rs
tuiNExsRmweB7LeAnhf7fYrgbzkXC8usm9vAtsGmlgdbjYGHfAzoqnaQIWfKsgIc
aq3ivsyQWHhoQ6eN88U5yr6PJBxuRlhwhqd2DwnqTgX2X3tEE7t2vTa59wIhfQUH
NKXMGm1R0stqrQS7sMmVE/HnQmjKEnicVYgGCDnt9eI4zLyQONIvg/mRwWb9KFgq
j/Yw8GltF87zN5pVPTa8x+84/XN7cRUx5pwyWuGMBrBxAPEOHlOxW4cYewIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFLwkNNgi3G0cF3Jlsb0QdDZqlsnxMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvdkNRMDJDTGNiUndYY21XeHZSQjBObXFXeWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQBPnAMAwQE
VOoQAwQBWSXYAwQDXXG4AwQCXr74AwQCuUBkAwQBuU36AwQCuawUAwQCvNP8AwQC
vNRoAwQBvPAoAwQBwjpAAwQDwlhgAwQEwlhwAwQBw4XKMA0GCSqGSIb3DQEBCwUA
A4IBAQAEpc8QUYcBIrVtKybVNF5I6HQABb8sBVxFZTEOJ64nL6SwDVoi/y7zGaXn
1uGycN+BY6UatU04w1v/GqsBaUYgmL6Wbjezf+KIL6/TQHRvTRzK9nyRiAi4mIwG
1++SONtCF5sWzPFZMXLDVsKK62wPxHiYlzCUsOS3nXTFzilxyEHnzPhoNzwTTTsB
rsRo4pAmpU2/PYe8wJ0/xpkSdojPM6Zsb7Ve7yS0dJVKmOD7E8JE+R6Ss3hkpAJ2
Ar9CF6/TZhc2n+mJzTJB36i8brsjMmvjEw5ZjNh0YDjs50u1kZfUVfJSXmwCln72
WvOunQNX3Ho6EFwC2HnEWn6oTA3b
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:15 2024 by rpki-client on console-fra.rpki-client.org