Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iZNNR63-VbuYAOLaFOqFq-Gx5lg.roa
File: iZNNR63-VbuYAOLaFOqFq-Gx5lg.roa (raw, json)
Hash identifier: quTbuFeqBDgA+IuKMnf9Z5cQI3Asn/TgfPYeUrP21/8=
Subject key identifier: 89:93:4D:47:AD:FE:55:BB:98:00:E2:DA:14:EA:85:AB:E1:B1:E6:58
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 01897F7084822B5413DF8E66581B5D7BAFA6
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iZNNR63-VbuYAOLaFOqFq-Gx5lg.roa
Signing time: Sat 22 Jul 2023 21:10:27 +0000
ROA not before: Sat 22 Jul 2023 21:10:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31732
IP address blocks: 188.209.155.0/24 maxlen: 24
185.151.236.0/22 maxlen: 24
188.253.8.0/21 maxlen: 24
82.115.8.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:7f:70:84:82:2b:54:13:df:8e:66:58:1b:5d:7b:af:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jul 22 21:10:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=89934d47adfe55bb9800e2da14ea85abe1b1e658
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:d8:88:a5:c4:34:05:32:63:32:e9:87:7c:3b:
a6:0c:a2:1f:6d:62:29:d5:a1:2a:ed:88:25:f9:6f:
c1:c9:45:7a:62:22:2f:59:09:37:eb:d0:2d:b3:8f:
66:19:7b:d8:92:35:41:68:12:78:8b:49:23:03:cd:
3e:af:4d:51:ea:a8:c9:37:c3:4c:d4:8d:c9:c7:33:
16:5a:7b:3d:61:da:23:cf:e9:97:36:a9:74:9b:85:
1a:ca:4d:02:76:ea:2b:2b:70:8c:73:08:54:7b:da:
7c:5c:9b:fe:aa:e5:c5:0c:bd:f2:72:d1:cb:f2:ba:
62:1c:4f:ab:50:99:30:fc:cd:fb:62:21:5e:69:6a:
a5:59:c3:1a:59:a1:21:26:7b:b9:6a:ad:b3:2d:43:
31:31:6c:71:dd:75:03:65:9e:c5:9d:70:95:f8:2d:
30:9c:5c:13:3d:af:80:ed:13:83:63:8b:ce:e0:cb:
5c:b6:11:53:96:f0:22:c4:11:1b:7d:0d:09:92:5c:
ec:20:cf:ae:e7:b8:b3:cc:6b:61:86:a2:38:42:ac:
b2:99:29:b0:bb:54:32:37:da:d3:e7:8b:43:fe:c5:
a0:01:c7:68:33:8f:60:bc:f3:5d:1f:01:3c:89:dc:
69:1e:52:e5:6b:5a:48:a8:d0:ce:d9:0f:e3:c3:c6:
02:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:93:4D:47:AD:FE:55:BB:98:00:E2:DA:14:EA:85:AB:E1:B1:E6:58
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/iZNNR63-VbuYAOLaFOqFq-Gx5lg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.115.8.0/22
185.151.236.0/22
188.209.155.0/24
188.253.8.0/21
Signature Algorithm: sha256WithRSAEncryption
62:14:7c:e9:a3:d4:f6:d1:0b:2d:a6:a8:4c:89:88:96:56:a7:
9e:63:0e:1d:96:7c:95:dd:12:7f:97:9b:78:de:6f:29:02:ba:
51:55:ac:7a:4d:18:40:57:b8:9f:27:fd:fb:52:d9:25:9f:ce:
08:c7:d4:b3:34:a7:ac:29:b9:1e:74:a5:85:94:79:58:47:a5:
c7:3a:3b:0b:d0:6c:07:d4:57:b8:9b:51:ee:3c:99:d2:40:e9:
9b:a4:49:5a:36:e3:d8:5a:be:85:75:78:c3:6b:f1:65:b9:40:
5c:ae:74:ca:73:68:14:85:5e:cd:b0:03:ab:0d:60:06:0f:8e:
70:bb:7f:fc:c7:1f:20:34:c6:ca:38:79:02:b4:13:15:57:08:
4c:c4:88:ed:1d:1c:17:ad:e0:a0:7a:28:81:47:c5:d6:ad:6d:
f6:16:1a:19:19:6a:b9:81:97:8f:07:b5:45:d1:72:bc:b3:57:
2b:38:ca:be:48:dc:25:bd:54:a7:d3:88:37:f2:aa:7d:09:48:
36:d6:11:f9:71:63:d8:e3:30:52:0f:98:8c:67:02:4a:36:c5:
18:49:ef:80:92:3f:62:39:75:04:5f:e4:66:17:b3:06:93:d3:
69:0f:1d:90:b4:3c:a5:1e:97:a7:fe:6d:ae:93:3b:d4:76:72:
bc:5b:81:5d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYl/cISCK1QT345mWBtde6+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwNzIyMjExMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkzNGQ0N2FkZmU1NWJiOTgwMGUyZGExNGVhODVhYmUxYjFlNjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdiIpcQ0BTJjMumHfDumDKIfbWIp
1aEq7Ygl+W/ByUV6YiIvWQk369Ats49mGXvYkjVBaBJ4i0kjA80+r01R6qjJN8NM
1I3JxzMWWns9Ydojz+mXNql0m4Uayk0CduorK3CMcwhUe9p8XJv+quXFDL3yctHL
8rpiHE+rUJkw/M37YiFeaWqlWcMaWaEhJnu5aq2zLUMxMWxx3XUDZZ7FnXCV+C0w
nFwTPa+A7RODY4vO4MtcthFTlvAixBEbfQ0JklzsIM+u57izzGthhqI4QqyymSmw
u1QyN9rT54tD/sWgAcdoM49gvPNdHwE8idxpHlLla1pIqNDO2Q/jw8YCQwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFImTTUet/lW7mADi2hTqhavhseZYMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvaVpOTlI2My1WYnVZQU9MYUZPcUZxLUd4NWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCUnMIAwQC
uZfsAwQAvNGbAwQDvP0IMA0GCSqGSIb3DQEBCwUAA4IBAQBiFHzpo9T20QstpqhM
iYiWVqeeYw4dlnyV3RJ/l5t43m8pArpRVax6TRhAV7ifJ/37Utkln84Ix9SzNKes
KbkedKWFlHlYR6XHOjsL0GwH1Fe4m1HuPJnSQOmbpElaNuPYWr6FdXjDa/FluUBc
rnTKc2gUhV7NsAOrDWAGD45wu3/8xx8gNMbKOHkCtBMVVwhMxIjtHRwXreCgeiiB
R8XWrW32FhoZGWq5gZePB7VF0XK8s1crOMq+SNwlvVSn04g38qp9CUg21hH5cWPY
4zBSD5iMZwJKNsUYSe+Akj9iOXUEX+RmF7MGk9NpDx2QtDylHpen/m2ukzvUdnK8
W4Fd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:35 2024 by rpki-client on console-fra.rpki-client.org