Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/0jMOiGIiBC_uMLk99VvLAW7BuRk.roa
File: 0jMOiGIiBC_uMLk99VvLAW7BuRk.roa (raw, json)
Hash identifier: 5doaA5tZ2lToG2bG9pmRhxTf7y/MC65oAmqImTZxeD8=
Subject key identifier: D2:33:0E:88:62:22:04:2F:EE:30:B9:3D:F5:5B:CB:01:6E:C1:B9:19
Certificate issuer: /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial: 018B94FAF2E69792F0F2316D20998DE4757B
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/0jMOiGIiBC_uMLk99VvLAW7BuRk.roa
Signing time: Fri 03 Nov 2023 11:39:16 +0000
ROA not before: Fri 03 Nov 2023 11:39:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34304
IP address blocks: 86.107.57.0/24 maxlen: 24
188.211.164.0/23 maxlen: 23
86.107.63.0/24 maxlen: 24
86.107.60.0/23 maxlen: 23
193.138.192.0/23 maxlen: 23
193.138.194.0/24 maxlen: 24
89.47.0.0/24 maxlen: 24
89.47.14.0/24 maxlen: 24
89.47.12.0/24 maxlen: 24
89.35.224.0/24 maxlen: 24
89.35.229.0/24 maxlen: 24
89.35.232.0/24 maxlen: 24
89.35.236.0/24 maxlen: 24
89.35.234.0/23 maxlen: 23
89.35.238.0/24 maxlen: 24
2a05:8880::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:94:fa:f2:e6:97:92:f0:f2:31:6d:20:99:8d:e4:75:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Validity
Not Before: Nov 3 11:39:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d2330e886222042fee30b93df55bcb016ec1b919
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:6a:ed:76:c4:61:8a:76:6f:21:fe:e7:c5:5f:
db:a4:fb:42:7e:cb:59:f8:ab:3f:4f:f2:a8:74:0a:
90:62:05:02:4c:9b:d0:9f:95:8f:11:ea:16:b8:02:
88:49:c3:5f:2b:b0:89:a8:a0:0d:8b:a0:ca:62:2e:
fb:f1:db:36:8c:82:7c:d5:f2:3e:50:b2:2f:6e:ca:
db:e7:f1:ac:ee:bd:8a:c5:a2:0d:37:ac:ec:f2:5d:
d0:3b:4b:d0:12:bf:64:45:92:71:e3:f5:7a:ef:49:
9e:65:63:b6:72:7d:a0:c7:8b:fa:1b:93:9f:76:bd:
ce:da:8d:ab:02:69:93:23:71:f2:b8:94:b2:ed:05:
10:00:45:64:8f:61:2a:3c:1c:4e:67:6e:66:a7:26:
6c:d7:33:05:42:0a:9d:12:ed:c6:15:f8:73:64:fe:
c1:69:47:5f:1e:b8:cb:94:a4:a3:46:6f:a5:e0:36:
0b:bc:a1:f7:50:57:c5:09:c6:ab:8d:bf:3a:61:c2:
5f:44:3c:e8:2c:d5:82:80:78:3e:81:46:88:da:91:
42:74:cf:ea:de:50:ac:a7:d7:e3:9b:49:1d:74:54:
3c:43:aa:41:45:61:16:92:47:72:e3:85:ab:70:4e:
11:25:a0:a5:7e:1e:3d:07:ac:17:da:9b:9a:92:3c:
53:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:33:0E:88:62:22:04:2F:EE:30:B9:3D:F5:5B:CB:01:6E:C1:B9:19
X509v3 Authority Key Identifier:
keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/0jMOiGIiBC_uMLk99VvLAW7BuRk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.107.57.0/24
86.107.60.0/23
86.107.63.0/24
89.35.224.0/24
89.35.229.0/24
89.35.232.0/24
89.35.234.0-89.35.236.255
89.35.238.0/24
89.47.0.0/24
89.47.12.0/24
89.47.14.0/24
188.211.164.0/23
193.138.192.0-193.138.194.255
IPv6:
2a05:8880::/30
Signature Algorithm: sha256WithRSAEncryption
87:55:c7:b1:2f:77:43:e8:ef:3c:4d:bd:16:53:06:2c:c4:e8:
17:07:c2:50:96:27:f0:7a:35:ee:59:39:2f:f3:4f:0d:ca:c0:
10:08:2e:ab:18:44:30:97:cc:67:92:e0:60:24:2b:52:55:07:
68:ec:9b:94:e3:1e:e0:ce:3a:35:e7:52:07:3d:3d:99:e5:a3:
a4:e1:e8:bd:b1:f1:44:f6:03:08:aa:3d:d9:60:d2:69:6c:66:
cf:89:1a:85:4e:8a:9f:8d:0c:27:c1:21:71:8b:7f:2a:c4:32:
e8:96:00:6d:58:6f:8f:16:d6:df:d1:03:bb:40:d4:f7:b4:d5:
8e:5a:a8:ab:ac:d3:80:e6:87:8d:59:92:d3:c1:bc:21:51:6a:
08:13:19:3a:51:a2:fe:d3:be:f0:cc:ad:c7:8a:55:a9:d8:ff:
e6:cf:9d:6c:a1:9f:84:ae:a9:a6:44:0e:98:b6:6a:cf:f1:73:
ad:42:c0:e6:3e:97:d0:4c:9c:01:2e:c5:21:e7:59:40:f2:98:
f9:2f:36:d8:87:c9:b7:39:cb:a5:02:aa:f0:9d:dc:31:98:a1:
6d:a1:e1:67:0d:e8:e6:c1:15:87:0d:9a:ff:7e:49:32:2b:31:
2d:b6:91:56:ed:0b:16:11:6b:e6:ea:f0:eb:b7:ad:28:ba:b6:
66:f5:00:6d
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAYuU+vLml5Lw8jFtIJmN5HV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjMxMTAzMTEzOTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjMzMGU4ODYyMjIwNDJmZWUzMGI5M2RmNTViY2IwMTZlYzFiOTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGrtdsRhinZvIf7nxV/bpPtCfstZ
+Ks/T/KodAqQYgUCTJvQn5WPEeoWuAKIScNfK7CJqKANi6DKYi778ds2jIJ81fI+
ULIvbsrb5/Gs7r2KxaINN6zs8l3QO0vQEr9kRZJx4/V670meZWO2cn2gx4v6G5Of
dr3O2o2rAmmTI3HyuJSy7QUQAEVkj2EqPBxOZ25mpyZs1zMFQgqdEu3GFfhzZP7B
aUdfHrjLlKSjRm+l4DYLvKH3UFfFCcarjb86YcJfRDzoLNWCgHg+gUaI2pFCdM/q
3lCsp9fjm0kddFQ8Q6pBRWEWkkdy44WrcE4RJaClfh49B6wX2puakjxTqQIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFNIzDohiIgQv7jC5PfVbywFuwbkZMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvMGpNT2lHSWlCQ191TUxrOTlWdkxBVzdCdVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwZAQCAAEwXgMEAFZrOQME
AVZrPAMEAFZrPwMEAFkj4AMEAFkj5QMEAFkj6DAMAwQBWSPqAwQAWSPsAwQAWSPu
AwQAWS8AAwQAWS8MAwQAWS8OAwQBvNOkMAwDBAbBisADBADBisIwDQQCAAIwBwMF
AioFiIAwDQYJKoZIhvcNAQELBQADggEBAIdVx7Evd0Po7zxNvRZTBizE6BcHwlCW
J/B6Ne5ZOS/zTw3KwBAILqsYRDCXzGeS4GAkK1JVB2jsm5TjHuDOOjXnUgc9PZnl
o6Th6L2x8UT2AwiqPdlg0mlsZs+JGoVOip+NDCfBIXGLfyrEMuiWAG1Yb48W1t/R
A7tA1Pe01Y5aqKus04Dmh41ZktPBvCFRaggTGTpRov7TvvDMrceKVanY/+bPnWyh
n4SuqaZEDpi2as/xc61CwOY+l9BMnAEuxSHnWUDymPkvNtiHybc5y6UCqvCd3DGY
oW2h4WcN6ObBFYcNmv9+STIrMS22kVbtCxYRa+bq8Ou3rSi6tmb1AG0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:24 2024 by rpki-client on console-fra.rpki-client.org