Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vU5RbQD6qYAW0ySXaAC7fM7gVQQ.roa
File: vU5RbQD6qYAW0ySXaAC7fM7gVQQ.roa (raw, json)
Hash identifier: KxBHIcNX/HGUGol2bUS4fC898faEyu1vV4EL4u2kQQk=
Subject key identifier: BD:4E:51:6D:00:FA:A9:80:16:D3:24:97:68:00:BB:7C:CE:E0:55:04
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0187B496E82C7CC071FCE4850DF15B05D29A
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vU5RbQD6qYAW0ySXaAC7fM7gVQQ.roa
Signing time: Mon 24 Apr 2023 18:46:41 +0000
ROA not before: Mon 24 Apr 2023 18:46:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7029
IP address blocks: 94.190.248.0/22 maxlen: 24
185.172.20.0/22 maxlen: 24
185.64.100.0/22 maxlen: 24
185.77.250.0/23 maxlen: 24
91.232.136.0/22 maxlen: 24
188.240.40.0/23 maxlen: 24
188.211.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:b4:96:e8:2c:7c:c0:71:fc:e4:85:0d:f1:5b:05:d2:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Apr 24 18:46:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bd4e516d00faa98016d324976800bb7ccee05504
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:96:e8:c4:6f:88:ea:8f:d7:28:94:38:47:1a:
ce:b5:e2:a4:43:1c:e0:83:fa:17:f5:36:6d:b7:c8:
33:4d:72:85:89:8a:42:5b:33:f9:9b:cf:c1:ae:81:
84:0c:01:c5:ef:30:8a:ee:b4:83:b3:75:21:6b:88:
8e:fd:d0:73:4c:4a:27:d5:85:1f:ab:ec:21:5a:32:
b3:8a:b0:f5:26:b9:38:18:f8:91:2e:49:af:92:c6:
49:10:ee:a7:e3:40:03:8b:60:78:f0:50:e5:ec:0b:
b5:3f:b1:88:68:50:6d:02:0b:b6:05:94:5a:11:41:
5f:82:d7:62:9d:65:cc:af:30:89:1e:e0:73:12:72:
37:4e:96:bc:63:bf:89:9e:7b:eb:f8:e2:9d:4f:f7:
ca:67:c8:ea:4a:1f:c4:1e:ac:c9:89:ca:5f:64:f0:
14:d7:28:3e:0b:e8:f6:7f:66:f2:13:5e:c4:4f:f1:
c8:51:96:95:ba:e9:fe:d1:09:5d:5e:1e:b8:12:8f:
df:24:cd:5c:8c:74:17:d9:05:61:4c:83:a3:3e:80:
2c:c7:59:5f:d9:5f:b4:35:32:bc:21:b5:e9:a3:f4:
8a:a8:04:46:56:96:2d:e1:12:2d:fd:23:1b:bd:65:
b8:8a:e8:e7:2c:7f:3b:9c:e8:dc:41:08:51:e8:7d:
ad:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:4E:51:6D:00:FA:A9:80:16:D3:24:97:68:00:BB:7C:CE:E0:55:04
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/vU5RbQD6qYAW0ySXaAC7fM7gVQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.232.136.0/22
94.190.248.0/22
185.64.100.0/22
185.77.250.0/23
185.172.20.0/22
188.211.252.0/22
188.240.40.0/23
Signature Algorithm: sha256WithRSAEncryption
89:69:96:61:11:6e:d5:35:af:e1:29:5f:f6:a4:8a:60:ac:66:
28:da:15:b0:73:42:23:37:4f:f2:51:c3:af:29:a6:be:44:15:
ff:e9:22:ad:27:35:c7:68:b7:16:4a:98:1e:26:c5:c9:d0:84:
7e:30:d6:b9:68:c8:62:da:f4:d5:af:44:33:f0:31:07:6b:6b:
7e:bf:26:df:23:79:41:a9:32:3e:ce:f5:27:a6:75:de:69:ba:
ee:80:23:22:40:96:d1:7d:3a:a6:be:94:6c:8e:12:6f:d6:b5:
8e:d8:41:4b:b7:a9:d2:80:d3:2d:9c:ab:6e:aa:de:b9:06:57:
24:13:39:4d:48:6f:e7:41:95:59:3c:c5:2b:1d:8f:7b:0b:f2:
6a:1f:b0:ab:4a:29:fb:a7:37:d1:a4:b9:d8:fc:e6:63:81:74:
ae:82:2f:4e:71:65:ab:ba:9c:5b:f6:c1:c5:9d:d6:d9:94:66:
d0:fb:f7:a4:d2:c3:d8:9a:8d:a4:ba:bb:81:33:2f:f4:d4:f8:
75:9c:70:09:4b:c1:9e:3c:fa:b3:85:73:f6:ae:bc:82:be:56:
5c:c2:10:78:8a:04:c0:9a:a5:da:e3:12:a2:ea:83:fd:b4:7e:
bd:95:4c:8a:9a:5d:92:f2:59:13:21:26:fc:5c:66:3a:c4:fe:
78:21:11:b6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYe0lugsfMBx/OSFDfFbBdKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDI0MTg0NjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDRlNTE2ZDAwZmFhOTgwMTZkMzI0OTc2ODAwYmI3Y2NlZTA1NTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZboxG+I6o/XKJQ4RxrOteKkQxzg
g/oX9TZtt8gzTXKFiYpCWzP5m8/BroGEDAHF7zCK7rSDs3Uha4iO/dBzTEon1YUf
q+whWjKzirD1Jrk4GPiRLkmvksZJEO6n40ADi2B48FDl7Au1P7GIaFBtAgu2BZRa
EUFfgtdinWXMrzCJHuBzEnI3Tpa8Y7+Jnnvr+OKdT/fKZ8jqSh/EHqzJicpfZPAU
1yg+C+j2f2byE17ET/HIUZaVuun+0QldXh64Eo/fJM1cjHQX2QVhTIOjPoAsx1lf
2V+0NTK8IbXpo/SKqARGVpYt4RIt/SMbvWW4iujnLH87nOjcQQhR6H2t+wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFL1OUW0A+qmAFtMkl2gAu3zO4FUEMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvdlU1UmJRRDZxWUFXMHlTWGFBQzdmTTdnVlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCW+iIAwQC
Xr74AwQCuUBkAwQBuU36AwQCuawUAwQCvNP8AwQBvPAoMA0GCSqGSIb3DQEBCwUA
A4IBAQCJaZZhEW7VNa/hKV/2pIpgrGYo2hWwc0IjN0/yUcOvKaa+RBX/6SKtJzXH
aLcWSpgeJsXJ0IR+MNa5aMhi2vTVr0Qz8DEHa2t+vybfI3lBqTI+zvUnpnXeabru
gCMiQJbRfTqmvpRsjhJv1rWO2EFLt6nSgNMtnKtuqt65BlckEzlNSG/nQZVZPMUr
HY97C/JqH7CrSin7pzfRpLnY/OZjgXSugi9OcWWrupxb9sHFndbZlGbQ+/ek0sPY
mo2kuruBMy/01Ph1nHAJS8GePPqzhXP2rryCvlZcwhB4igTAmqXa4xKi6oP9tH69
lUyKml2S8lkTISb8XGY6xP54IRG2
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:15 2024 by rpki-client on console-fra.rpki-client.org