Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/xbRTIi7RWl0IQ_JML2i8xaegxyw.roa
File: xbRTIi7RWl0IQ_JML2i8xaegxyw.roa (raw, json)
Hash identifier: 87r4wvRQNMiUXU+K2Q643cYZBKO91MZau3Jn2YKFXsw=
Subject key identifier: C5:B4:53:22:2E:D1:5A:5D:08:43:F2:4C:2F:68:BC:C5:A7:A0:C7:2C
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018B92AA9A8CB5DF25CB5821720FBD3BAECF
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/xbRTIi7RWl0IQ_JML2i8xaegxyw.roa
Signing time: Fri 03 Nov 2023 00:52:16 +0000
ROA not before: Fri 03 Nov 2023 00:52:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 93.115.155.0/24 maxlen: 24
94.177.27.0/24 maxlen: 24
86.104.209.0/24 maxlen: 24
217.19.1.0/24 maxlen: 24
185.77.249.0/24 maxlen: 24
84.247.59.0/24 maxlen: 24
176.223.181.0/24 maxlen: 24
77.81.1.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:92:aa:9a:8c:b5:df:25:cb:58:21:72:0f:bd:3b:ae:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Nov 3 00:52:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5b453222ed15a5d0843f24c2f68bcc5a7a0c72c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:92:07:5f:48:ed:03:f9:db:b6:83:b9:41:e9:
f2:42:00:b7:b1:3f:fa:d4:3d:09:b6:90:3d:fc:67:
3b:01:1c:21:32:54:42:2e:dd:4e:8e:e2:2e:21:80:
23:04:3d:e4:c4:fe:1a:35:1a:4c:73:f9:86:b8:72:
cc:86:1f:1d:f7:8a:aa:19:a3:fc:18:90:d1:5b:63:
31:d8:8b:b5:43:c4:c0:20:97:95:01:59:97:12:7a:
65:1d:8a:df:a2:79:7b:ec:59:45:a1:82:dc:18:61:
11:aa:89:88:db:2b:bf:c3:8c:92:4d:a4:4d:ae:0f:
ab:e7:ee:b6:63:97:11:56:b7:bc:d0:b6:f7:13:43:
b6:8e:54:48:4b:76:36:61:73:66:a2:84:95:2e:b1:
ef:22:85:82:e9:8b:fb:22:7a:c8:07:1e:4b:73:56:
22:f3:d4:a3:5d:c6:ca:cf:07:7c:6f:2c:5e:c7:0c:
e2:d9:46:93:35:23:04:03:f4:da:1d:a7:03:8d:44:
bf:d9:4d:3a:c3:50:77:b2:cc:0e:4c:8a:43:d5:f9:
b8:a3:ca:c1:f4:2c:5d:e9:db:bf:cc:2e:50:98:49:
cb:8c:b8:44:6e:90:16:bd:a1:b4:dd:f7:5d:b6:51:
b1:c9:2e:99:54:fa:c5:0c:74:c0:a4:53:ed:dd:6f:
72:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:B4:53:22:2E:D1:5A:5D:08:43:F2:4C:2F:68:BC:C5:A7:A0:C7:2C
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/xbRTIi7RWl0IQ_JML2i8xaegxyw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.81.1.0/24
84.247.59.0/24
86.104.209.0/24
93.115.155.0/24
94.177.27.0/24
176.223.181.0/24
185.77.249.0/24
217.19.1.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:a4:35:44:fc:f0:13:eb:cb:c8:fa:89:ea:7c:48:03:c5:c9:
63:d6:d5:46:6e:9b:6b:34:2f:c9:1e:3c:7e:0b:4f:4a:df:8f:
5f:92:ab:14:89:0a:cc:b4:5e:0e:9f:dc:ec:2d:e1:9f:2d:61:
97:86:c9:1f:2d:dc:b6:6f:ab:da:27:de:ab:11:98:3a:19:1c:
cc:ad:6a:0f:d2:a9:c5:c5:de:82:b1:4f:51:2b:97:5c:b3:cc:
d6:6f:5e:d7:2b:a6:b5:aa:60:05:18:b9:0e:3c:d0:12:a0:3b:
43:7c:32:8d:ee:c1:e5:65:f8:d8:14:50:93:4c:3d:f8:b3:57:
be:57:6e:dd:35:b8:b8:af:f7:cf:2d:13:9f:d7:94:45:dc:70:
b5:26:08:3c:cb:e3:45:10:ab:60:e9:5a:a6:55:89:e9:67:43:
35:b6:da:ba:ec:de:6f:0a:f3:b8:b9:e3:30:54:29:1f:10:37:
49:4f:48:ac:52:58:3f:22:56:46:43:33:8c:fc:94:7e:40:70:
ba:d0:65:c0:65:e5:82:ca:ef:02:72:38:2c:ea:e3:2a:c2:3d:
8b:80:51:34:c7:7e:cc:81:e3:09:44:03:31:70:23:c8:d1:e9:
26:ee:b7:91:bc:80:20:f6:2c:5b:39:b3:73:49:3c:57:34:34:
36:d3:15:c3
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYuSqpqMtd8ly1ghcg+9O67PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMTAzMDA1MjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWI0NTMyMjJlZDE1YTVkMDg0M2YyNGMyZjY4YmNjNWE3YTBjNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJIHX0jtA/nbtoO5QenyQgC3sT/6
1D0JtpA9/Gc7ARwhMlRCLt1OjuIuIYAjBD3kxP4aNRpMc/mGuHLMhh8d94qqGaP8
GJDRW2Mx2Iu1Q8TAIJeVAVmXEnplHYrfonl77FlFoYLcGGERqomI2yu/w4ySTaRN
rg+r5+62Y5cRVre80Lb3E0O2jlRIS3Y2YXNmooSVLrHvIoWC6Yv7InrIBx5Lc1Yi
89SjXcbKzwd8byxexwzi2UaTNSMEA/TaHacDjUS/2U06w1B3sswOTIpD1fm4o8rB
9Cxd6du/zC5QmEnLjLhEbpAWvaG03fddtlGxyS6ZVPrFDHTApFPt3W9y+QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMW0UyIu0VpdCEPyTC9ovMWnoMcsMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEveGJSVElpN1JXbDBJUV9KTUwyaTh4YWVneHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATVEBAwQA
VPc7AwQAVmjRAwQAXXObAwQAXrEbAwQAsN+1AwQAuU35AwQA2RMBMA0GCSqGSIb3
DQEBCwUAA4IBAQB6pDVE/PAT68vI+onqfEgDxclj1tVGbptrNC/JHjx+C09K349f
kqsUiQrMtF4On9zsLeGfLWGXhskfLdy2b6vaJ96rEZg6GRzMrWoP0qnFxd6CsU9R
K5dcs8zWb17XK6a1qmAFGLkOPNASoDtDfDKN7sHlZfjYFFCTTD34s1e+V27dNbi4
r/fPLROf15RF3HC1Jgg8y+NFEKtg6VqmVYnpZ0M1ttq67N5vCvO4ueMwVCkfEDdJ
T0isUlg/IlZGQzOM/JR+QHC60GXAZeWCyu8Ccjgs6uMqwj2LgFE0x37MgeMJRAMx
cCPI0ekm7reRvIAg9ixbObNzSTxXNDQ20xXD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org