Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/R3NN9Aj3F7-HVq4uXH11RHzSxiM.roa
File: R3NN9Aj3F7-HVq4uXH11RHzSxiM.roa (raw, json)
Hash identifier: +aEHIMHAllqPI/V/Ot5aeiCLWJkjiDYYkOr/uGpOhjg=
Subject key identifier: 47:73:4D:F4:08:F7:17:BF:87:56:AE:2E:5C:7D:75:44:7C:D2:C6:23
Certificate issuer: /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial: 018D94D889CAAB232E23BB3F4CC309539748
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/R3NN9Aj3F7-HVq4uXH11RHzSxiM.roa
Signing time: Sat 10 Feb 2024 21:07:15 +0000
ROA not before: Sat 10 Feb 2024 21:07:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34304
IP address blocks: 86.107.57.0/24 maxlen: 24
86.107.60.0/23 maxlen: 23
86.107.63.0/24 maxlen: 24
89.35.224.0/24 maxlen: 24
89.35.229.0/24 maxlen: 24
89.35.232.0/24 maxlen: 24
89.35.234.0/23 maxlen: 23
89.35.235.0/24 maxlen: 24
89.35.236.0/24 maxlen: 24
89.35.238.0/24 maxlen: 24
89.47.0.0/24 maxlen: 24
89.47.12.0/24 maxlen: 24
89.47.14.0/24 maxlen: 24
188.211.164.0/23 maxlen: 23
193.138.192.0/23 maxlen: 23
193.138.194.0/24 maxlen: 24
2a05:8880::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:94:d8:89:ca:ab:23:2e:23:bb:3f:4c:c3:09:53:97:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Validity
Not Before: Feb 10 21:07:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=47734df408f717bf8756ae2e5c7d75447cd2c623
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:4a:cf:a6:1f:f6:dd:6c:99:e6:4d:b9:70:e2:
5f:55:37:69:77:9c:6e:20:27:5e:bd:78:9a:c2:fd:
84:93:a0:ae:09:1e:e4:ff:94:57:f0:60:f2:09:c5:
1e:e2:76:7f:71:26:ef:78:89:eb:ae:8a:f6:9a:77:
07:78:99:f5:90:43:39:10:88:6a:01:b0:34:d7:47:
2a:38:14:b1:2f:00:6e:3b:bb:a1:2e:a8:1c:96:21:
94:88:9e:3a:77:8d:61:94:64:cd:af:e2:88:99:00:
dd:af:c4:fb:7c:52:78:53:aa:eb:1e:ae:85:23:94:
ca:c8:53:65:6b:13:7d:0b:d4:4c:32:97:03:21:19:
17:c6:5a:8a:f2:b1:6a:ce:9d:67:5b:30:55:31:e6:
b7:2e:02:e1:7b:82:d3:50:14:22:3f:78:d9:72:f8:
30:9d:34:0c:7b:a4:19:c2:80:61:3d:7f:b4:a9:ec:
bc:34:10:96:c4:c5:7c:49:3d:f6:00:99:67:24:d7:
58:fc:5f:22:aa:e5:6a:0e:13:34:35:05:a7:82:89:
3a:10:9c:82:74:55:10:44:2e:48:d5:6c:ec:b5:42:
3b:26:aa:84:98:22:44:b5:dd:06:70:3b:8d:9b:b6:
c3:df:5a:ec:12:aa:7c:a9:d5:b8:3e:b7:af:95:6d:
71:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:73:4D:F4:08:F7:17:BF:87:56:AE:2E:5C:7D:75:44:7C:D2:C6:23
X509v3 Authority Key Identifier:
keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/R3NN9Aj3F7-HVq4uXH11RHzSxiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.107.57.0/24
86.107.60.0/23
86.107.63.0/24
89.35.224.0/24
89.35.229.0/24
89.35.232.0/24
89.35.234.0-89.35.236.255
89.35.238.0/24
89.47.0.0/24
89.47.12.0/24
89.47.14.0/24
188.211.164.0/23
193.138.192.0-193.138.194.255
IPv6:
2a05:8880::/30
Signature Algorithm: sha256WithRSAEncryption
73:97:9b:c6:f8:54:1a:97:27:7a:17:29:be:c8:17:30:75:f7:
43:75:69:ec:5f:e5:f3:5b:40:7d:ad:92:9a:3c:53:a0:ab:03:
8e:2f:7a:ab:0b:26:f8:a5:fd:73:8f:a0:c8:7c:aa:fa:5c:73:
97:ef:0f:d2:60:27:ed:27:17:3b:8f:99:e5:61:4b:7a:34:8f:
80:b0:75:29:ec:8a:c8:b0:d1:33:37:a1:67:f3:92:73:cf:0e:
d6:a9:0d:54:fd:d8:c7:6f:f0:04:3c:e3:74:22:e5:6b:83:2b:
29:3b:52:25:86:09:4e:35:6e:ed:d1:f1:cd:d6:6c:82:c1:e3:
ca:a5:fb:54:a4:b0:e8:87:3c:f2:02:2c:95:ff:41:b2:94:37:
bb:3e:75:e1:1f:f7:d4:35:a5:7b:21:87:ea:29:26:66:12:1c:
b8:aa:c0:4e:d6:3c:06:6e:3f:19:72:08:cb:e4:50:bf:d7:75:
11:91:69:e9:8d:b0:5f:24:29:0f:82:4c:9a:46:fd:88:bf:c5:
88:ad:20:1f:eb:f5:5f:fd:4d:b2:70:17:2a:46:6d:63:1c:5f:
d2:62:09:28:d1:44:43:c4:76:3e:0d:70:5c:fe:75:9d:18:5d:
c8:82:f4:db:fd:fd:03:ad:bf:fa:9b:9c:67:1b:fb:47:67:aa:
fd:41:29:97
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAY2U2InKqyMuI7s/TMMJU5dIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwMjEwMjEwNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzczNGRmNDA4ZjcxN2JmODc1NmFlMmU1YzdkNzU0NDdjZDJjNjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgErPph/23WyZ5k25cOJfVTdpd5xu
ICdevXiawv2Ek6CuCR7k/5RX8GDyCcUe4nZ/cSbveInrror2mncHeJn1kEM5EIhq
AbA010cqOBSxLwBuO7uhLqgcliGUiJ46d41hlGTNr+KImQDdr8T7fFJ4U6rrHq6F
I5TKyFNlaxN9C9RMMpcDIRkXxlqK8rFqzp1nWzBVMea3LgLhe4LTUBQiP3jZcvgw
nTQMe6QZwoBhPX+0qey8NBCWxMV8ST32AJlnJNdY/F8iquVqDhM0NQWngok6EJyC
dFUQRC5I1WzstUI7JqqEmCJEtd0GcDuNm7bD31rsEqp8qdW4PrevlW1xRwIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFEdzTfQI9xe/h1auLlx9dUR80sYjMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvUjNOTjlBajNGNy1IVnE0dVhIMTFSSHpTeGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwZAQCAAEwXgMEAFZrOQME
AVZrPAMEAFZrPwMEAFkj4AMEAFkj5QMEAFkj6DAMAwQBWSPqAwQAWSPsAwQAWSPu
AwQAWS8AAwQAWS8MAwQAWS8OAwQBvNOkMAwDBAbBisADBADBisIwDQQCAAIwBwMF
AioFiIAwDQYJKoZIhvcNAQELBQADggEBAHOXm8b4VBqXJ3oXKb7IFzB190N1aexf
5fNbQH2tkpo8U6CrA44veqsLJvil/XOPoMh8qvpcc5fvD9JgJ+0nFzuPmeVhS3o0
j4CwdSnsisiw0TM3oWfzknPPDtapDVT92Mdv8AQ843Qi5WuDKyk7UiWGCU41bu3R
8c3WbILB48ql+1SksOiHPPICLJX/QbKUN7s+deEf99Q1pXshh+opJmYSHLiqwE7W
PAZuPxlyCMvkUL/XdRGRaemNsF8kKQ+CTJpG/Yi/xYitIB/r9V/9TbJwFypGbWMc
X9JiCSjRREPEdj4NcFz+dZ0YXciC9Nv9/QOtv/qbnGcb+0dnqv1BKZc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:40 2024 by rpki-client on console-ams.rpki-client.org