Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/n89hKkzZi6F-DQV47iaCgwS-1s0.roa
File: n89hKkzZi6F-DQV47iaCgwS-1s0.roa (raw, json)
Hash identifier: dA/Rg+fb87FiZ8OI40ei0IgD9A6FbzqNk+tlbHFDfDc=
Subject key identifier: 9F:CF:61:2A:4C:D9:8B:A1:7E:0D:05:78:EE:26:82:83:04:BE:D6:CD
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0183594B6E05192594CE883EEB7A4E26CE16
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/n89hKkzZi6F-DQV47iaCgwS-1s0.roa
Signing time: Tue 20 Sep 2022 05:07:39 +0000
ROA not before: Tue 20 Sep 2022 05:07:39 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 185.220.236.0/22 maxlen: 24
185.234.144.0/22 maxlen: 24
91.132.59.0/24 maxlen: 24
185.129.108.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:59:4b:6e:05:19:25:94:ce:88:3e:eb:7a:4e:26:ce:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Sep 20 05:07:39 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9fcf612a4cd98ba17e0d0578ee26828304bed6cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:ed:e3:6b:14:6e:80:54:90:9c:c4:9f:85:d0:
ad:d8:46:3e:ee:12:b3:d9:46:9c:27:76:21:4f:d5:
6a:fb:91:37:91:02:ef:bd:02:83:6c:1f:6f:4a:dd:
01:ec:e0:cd:c0:e3:23:11:4d:d3:74:47:d6:91:2a:
0c:3f:69:84:70:bb:54:7f:ed:67:22:1a:37:db:ed:
ed:30:07:db:68:ec:9d:cc:86:a6:f0:59:37:b5:4c:
18:3c:5f:07:e3:77:b5:9d:81:21:1d:9d:05:7d:b8:
d4:56:f6:d2:e0:e2:b4:77:c4:a9:fc:23:20:27:c1:
20:10:f4:6f:42:dd:a5:74:da:42:26:83:21:ab:f9:
20:b7:c9:8c:99:5c:c5:fc:31:1d:b8:a9:be:d0:90:
fb:7a:65:7c:a5:a8:9d:d5:fc:a0:aa:af:91:49:60:
04:dc:0d:9f:12:dd:91:b7:92:e3:4f:3c:1c:6a:48:
5c:22:fc:f6:c5:6f:44:6f:f5:27:39:de:6c:ae:0e:
96:ee:db:7a:4b:e0:cf:d0:c7:48:e4:9f:13:59:ad:
2e:0e:70:c9:9a:59:10:e3:a0:06:67:44:f7:c3:b7:
06:44:40:ba:3e:7e:c4:c7:dc:9f:44:57:41:0d:d5:
87:02:16:5d:d0:19:ee:32:0f:aa:15:c3:0a:51:3b:
d5:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:CF:61:2A:4C:D9:8B:A1:7E:0D:05:78:EE:26:82:83:04:BE:D6:CD
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/n89hKkzZi6F-DQV47iaCgwS-1s0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.132.59.0/24
185.129.108.0/23
185.220.236.0/22
185.234.144.0/22
Signature Algorithm: sha256WithRSAEncryption
be:18:00:89:f4:44:82:67:5a:13:66:07:9b:29:a5:8a:8c:10:
31:6e:db:cd:42:07:9b:f1:7b:b2:5c:44:17:ba:08:f6:c3:36:
81:67:43:14:36:f0:df:00:e2:e0:70:e0:93:11:d5:3c:11:dc:
73:74:d1:dd:4f:14:b3:e3:d8:29:a6:28:28:ef:d2:12:6c:7c:
fb:a4:ac:ff:47:41:81:ad:1c:75:f4:e2:e8:d7:f0:dd:3a:94:
b6:e2:76:75:7b:a1:6e:f9:b9:6c:72:5e:cc:24:f9:0e:2e:5d:
67:a3:96:37:50:56:f0:9c:d0:b6:e8:5e:48:a9:35:3b:9e:08:
94:7d:08:60:9a:7d:81:66:25:e5:ab:ab:3b:6b:6e:e5:f1:2d:
46:17:95:e7:d2:1c:9d:e4:84:7a:60:a1:6d:36:38:33:71:c8:
3a:f4:d8:ec:4b:7c:dc:f3:9c:ed:31:2f:e8:cf:f1:56:93:e3:
f5:a2:f3:18:14:62:7d:64:c3:07:be:ee:e3:29:a5:d5:fb:fe:
57:05:19:57:b5:ec:00:88:4b:12:8e:4a:8a:2d:5c:98:b1:16:
32:51:4f:83:fb:d1:8f:d7:c2:f8:2b:d3:20:0e:04:49:0a:26:
37:c8:af:66:81:44:9a:19:8b:c0:9c:b0:3a:63:ae:48:bd:99:
d5:7a:21:66
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYNZS24FGSWUzog+63pOJs4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjIwOTIwMDUwNzM5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmNmNjEyYTRjZDk4YmExN2UwZDA1NzhlZTI2ODI4MzA0YmVkNmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAie3jaxRugFSQnMSfhdCt2EY+7hKz
2UacJ3YhT9Vq+5E3kQLvvQKDbB9vSt0B7ODNwOMjEU3TdEfWkSoMP2mEcLtUf+1n
Iho32+3tMAfbaOydzIam8Fk3tUwYPF8H43e1nYEhHZ0FfbjUVvbS4OK0d8Sp/CMg
J8EgEPRvQt2ldNpCJoMhq/kgt8mMmVzF/DEduKm+0JD7emV8paid1fygqq+RSWAE
3A2fEt2Rt5LjTzwcakhcIvz2xW9Eb/UnOd5srg6W7tt6S+DP0MdI5J8TWa0uDnDJ
mlkQ46AGZ0T3w7cGREC6Pn7Ex9yfRFdBDdWHAhZd0BnuMg+qFcMKUTvVCQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ/PYSpM2Yuhfg0FeO4mgoMEvtbNMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvbjg5aEtrelppNkYtRFFWNDdpYUNnd1MtMXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW4Q7AwQB
uYFsAwQCudzsAwQCueqQMA0GCSqGSIb3DQEBCwUAA4IBAQC+GACJ9ESCZ1oTZgeb
KaWKjBAxbtvNQgeb8XuyXEQXugj2wzaBZ0MUNvDfAOLgcOCTEdU8EdxzdNHdTxSz
49gppigo79ISbHz7pKz/R0GBrRx19OLo1/DdOpS24nZ1e6Fu+blscl7MJPkOLl1n
o5Y3UFbwnNC26F5IqTU7ngiUfQhgmn2BZiXlq6s7a27l8S1GF5Xn0hyd5IR6YKFt
Njgzccg69NjsS3zc85ztMS/oz/FWk+P1ovMYFGJ9ZMMHvu7jKaXV+/5XBRlXtewA
iEsSjkqKLVyYsRYyUU+D+9GP18L4K9MgDgRJCiY3yK9mgUSaGYvAnLA6Y65IvZnV
eiFm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:16 2024 by rpki-client on console-ams.rpki-client.org