Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zWPvvoOmXShnzclJWN3JdOxISYs.roa
File: zWPvvoOmXShnzclJWN3JdOxISYs.roa (raw, json)
Hash identifier: gXpqnIxXud15Y7dU1wv44RQD+OasfD+3qKKt5C8MNRs=
Subject key identifier: CD:63:EF:BE:83:A6:5D:28:67:CD:C9:49:58:DD:C9:74:EC:48:49:8B
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 02907E92
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zWPvvoOmXShnzclJWN3JdOxISYs.roa
Signing time: Sat 01 Jan 2022 13:03:02 +0000
ROA not before: Sat 01 Jan 2022 13:03:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 396073
IP address blocks: 89.40.176.0/22 maxlen: 24
89.36.236.0/22 maxlen: 24
185.64.100.0/22 maxlen: 24
85.204.160.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 43024018 (0x2907e92)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jan 1 13:03:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cd63efbe83a65d2867cdc94958ddc974ec48498b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:e2:ee:6d:6c:99:b6:36:9b:3f:c8:32:5e:5e:
72:0b:f6:95:4d:7e:b6:9e:12:24:77:cd:78:22:72:
d7:9a:b2:de:75:97:13:8f:c6:92:36:16:7c:08:a9:
25:5d:b1:d0:2c:91:03:a7:d0:46:91:1f:08:8f:2d:
ba:d0:5f:46:9e:0d:15:2e:57:30:25:e3:17:18:d0:
61:2f:9f:69:64:6f:b3:de:91:59:af:e1:ec:1a:e6:
bb:52:68:8d:fd:59:a9:1a:56:dd:79:f0:d2:27:26:
bd:9f:66:95:00:ff:82:b6:61:a7:00:24:38:75:a8:
7a:eb:38:2c:c4:1e:4c:ec:02:e5:58:d7:fd:ef:20:
86:9b:ae:f6:17:7f:4f:59:9d:25:d6:67:c1:ec:9c:
e5:e8:b7:85:2d:f3:d8:83:8e:ae:0d:63:da:26:68:
dc:cb:d8:20:da:f0:78:2b:3e:2a:3f:0c:a4:ff:d5:
ca:83:64:b5:60:43:d1:0c:55:4d:d7:37:f6:d9:c9:
6b:94:6d:be:08:2b:38:cf:63:24:66:fa:02:c7:6b:
08:ca:86:42:91:51:c5:1f:49:6f:28:b4:2a:82:95:
3e:a7:8c:c9:c2:28:a2:b6:cf:d9:d2:c7:9f:2f:93:
0a:5a:fd:93:cc:6a:08:2c:aa:1f:ff:4a:a7:ec:21:
b4:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:63:EF:BE:83:A6:5D:28:67:CD:C9:49:58:DD:C9:74:EC:48:49:8B
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/zWPvvoOmXShnzclJWN3JdOxISYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.160.0/22
89.36.236.0/22
89.40.176.0/22
185.64.100.0/22
Signature Algorithm: sha256WithRSAEncryption
21:4c:12:d2:d0:6a:45:13:0e:c1:ef:0e:f8:2b:dc:94:a3:4b:
47:31:6c:7f:1d:ca:4c:98:41:28:bc:e1:01:bb:96:8b:24:58:
05:82:e3:15:a3:c0:a6:38:a4:ae:5b:78:2f:c0:ea:15:0d:15:
f2:4d:81:db:c9:f9:36:d0:8b:03:e2:25:7b:08:0f:24:af:42:
8c:3b:a0:52:9d:59:ab:ab:ce:fd:46:80:97:96:42:2f:a1:60:
bc:0d:a9:6f:78:d7:23:bb:f7:95:82:a4:58:f3:2c:af:bb:b9:
50:ba:79:15:a1:ff:81:51:f4:de:68:be:64:1f:2e:ed:5b:c9:
f1:84:f0:42:24:c1:24:16:d8:1d:31:8d:b2:bb:b2:d7:dd:e2:
be:55:4f:7b:9c:63:d8:40:69:03:dc:b7:5e:09:44:d8:39:1a:
54:11:30:0c:be:02:9d:89:3b:11:fa:31:14:e3:73:9f:b3:8a:
27:2d:8c:fe:fa:38:a7:40:b7:2e:9e:ca:77:01:f3:4a:00:b0:
17:c3:bc:0b:b6:d9:03:a8:83:4e:7e:ff:ed:1a:9e:5d:0d:d9:
ee:ea:b6:3f:ab:84:65:c5:69:ee:0e:99:51:d8:91:2d:57:f9:
3f:7c:32:3e:f6:2f:7c:6c:e0:13:c8:21:1a:38:f5:eb:ce:68:
f1:11:ab:7d
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEApB+kjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YTAwZTk4MTk1MzA2MTk3MmM4OTZiZDZkMjc3MzhkMDgzYWFkYjBlMB4XDTIyMDEw
MTEzMDMwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2Q2M2VmYmU4M2E2
NWQyODY3Y2RjOTQ5NThkZGM5NzRlYzQ4NDk4YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOfi7m1smbY2mz/IMl5ecgv2lU1+tp4SJHfNeCJy15qy3nWX
E4/GkjYWfAipJV2x0CyRA6fQRpEfCI8tutBfRp4NFS5XMCXjFxjQYS+faWRvs96R
Wa/h7Brmu1Jojf1ZqRpW3Xnw0icmvZ9mlQD/grZhpwAkOHWoeus4LMQeTOwC5VjX
/e8ghpuu9hd/T1mdJdZnweyc5ei3hS3z2IOOrg1j2iZo3MvYINrweCs+Kj8MpP/V
yoNktWBD0QxVTdc39tnJa5RtvggrOM9jJGb6AsdrCMqGQpFRxR9Jbyi0KoKVPqeM
ycIoorbP2dLHny+TClr9k8xqCCyqH/9Kp+whtKUCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBTNY+++g6ZdKGfNyUlY3cl07EhJizAfBgNVHSMEGDAWgBTaAOmBlTBhlyyJ
a9bSdzjQg6rbDjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJnRHBnWlV3WVpjc2lXdlcwbmM0MElPcTJ3NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmYvODJhN2Q2LTkyYTktNDIwNC05YWUwLTlhNDhlY2Y5ZTE1ZS8x
L3pXUHZ2b09tWFNobnpjbEpXTjNKZE94SVNZcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYv
ODJhN2Q2LTkyYTktNDIwNC05YWUwLTlhNDhlY2Y5ZTE1ZS8xLzJnRHBnWlV3WVpj
c2lXdlcwbmM0MElPcTJ3NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAlXMoAMEAlkk7AMEAlkosAMEArlA
ZDANBgkqhkiG9w0BAQsFAAOCAQEAIUwS0tBqRRMOwe8O+CvclKNLRzFsfx3KTJhB
KLzhAbuWiyRYBYLjFaPApjikrlt4L8DqFQ0V8k2B28n5NtCLA+IlewgPJK9CjDug
Up1Zq6vO/UaAl5ZCL6FgvA2pb3jXI7v3lYKkWPMsr7u5ULp5FaH/gVH03mi+ZB8u
7VvJ8YTwQiTBJBbYHTGNsruy193ivlVPe5xj2EBpA9y3XglE2DkaVBEwDL4CnYk7
EfoxFONzn7OKJy2M/vo4p0C3Lp7KdwHzSgCwF8O8C7bZA6iDTn7/7RqeXQ3Z7uq2
P6uEZcVp7g6ZUdiRLVf5P3wyPvYvfGzgE8ghGjj1685o8RGrfQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:15 2024 by rpki-client on console-fra.rpki-client.org