Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/FVJLr9KyzN8XL1btZYpYL0Il2x8.roa
File: FVJLr9KyzN8XL1btZYpYL0Il2x8.roa (raw, json)
Hash identifier: 7UsUSZXhF9FiCLZXUFDW4wS6rVWq6TUr2+stAI+1xYc=
Subject key identifier: 15:52:4B:AF:D2:B2:CC:DF:17:2F:56:ED:65:8A:58:2F:42:25:DB:1F
Certificate issuer: /CN=962ae3463938b26f83b76f0c4df81dfabb15a4eb
Certificate serial: 173E9447
Authority key identifier: 96:2A:E3:46:39:38:B2:6F:83:B7:6F:0C:4D:F8:1D:FA:BB:15:A4:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/FVJLr9KyzN8XL1btZYpYL0Il2x8.roa
Signing time: Fri 01 Apr 2022 13:56:57 +0000
ROA not before: Fri 01 Apr 2022 13:56:57 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 40975
IP address blocks: 89.40.168.0/23 maxlen: 24
89.40.170.0/24 maxlen: 24
86.107.192.0/24 maxlen: 24
89.42.24.0/24 maxlen: 24
185.84.64.0/23 maxlen: 23
185.84.66.0/24 maxlen: 24
89.35.6.0/23 maxlen: 23
217.19.14.0/23 maxlen: 23
86.104.254.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 389977159 (0x173e9447)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=962ae3463938b26f83b76f0c4df81dfabb15a4eb
Validity
Not Before: Apr 1 13:56:57 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=15524bafd2b2ccdf172f56ed658a582f4225db1f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:50:4a:d8:50:00:8d:d3:f1:82:59:17:9c:dd:
bd:6e:56:58:5d:50:51:cf:5a:0d:95:e9:87:09:b3:
5f:94:60:1c:6e:8e:38:26:21:74:ce:6b:d3:7d:5c:
27:b2:20:3e:09:04:bb:cb:d2:09:58:45:d6:94:2c:
d1:1e:08:2e:2d:c4:05:85:06:5a:ca:cc:a3:29:ca:
06:06:14:8f:71:f1:28:79:7d:b4:9f:42:9e:9b:4f:
5a:e9:43:89:c2:db:03:82:a3:a6:52:77:47:8b:50:
67:08:3e:03:ce:f5:30:58:80:6f:b5:11:ee:bd:c2:
6e:7b:42:5e:d7:67:40:07:6f:13:23:e4:3b:4f:7d:
14:f7:f3:81:cb:ee:b1:6b:fc:e3:13:7f:d2:50:5f:
4f:9e:3a:76:f5:78:44:87:ac:17:8c:3c:70:f0:cc:
15:6e:7e:6a:e3:21:10:a6:c8:cc:d7:21:d5:b6:a3:
8c:12:e4:cb:a3:f8:17:98:fd:47:0c:d5:8e:1e:d1:
45:6b:67:e9:20:53:89:09:8a:01:d2:40:dc:fe:1f:
64:40:f3:62:26:c7:60:8f:9a:60:d5:d1:b9:7d:e4:
cb:16:9e:9c:25:56:70:56:42:7e:29:72:2f:e2:d5:
8a:07:a6:f2:5c:cb:88:c5:f2:44:0a:84:aa:ee:14:
5b:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:52:4B:AF:D2:B2:CC:DF:17:2F:56:ED:65:8A:58:2F:42:25:DB:1F
X509v3 Authority Key Identifier:
keyid:96:2A:E3:46:39:38:B2:6F:83:B7:6F:0C:4D:F8:1D:FA:BB:15:A4:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/FVJLr9KyzN8XL1btZYpYL0Il2x8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/lirjRjk4sm-Dt28MTfgd-rsVpOs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.104.254.0/23
86.107.192.0/24
89.35.6.0/23
89.40.168.0-89.40.170.255
89.42.24.0/24
185.84.64.0-185.84.66.255
217.19.14.0/23
Signature Algorithm: sha256WithRSAEncryption
8f:50:c1:05:cf:f3:e0:e1:43:50:53:43:c5:fd:2c:3d:f1:9c:
44:f5:82:b7:20:92:10:87:ac:df:4d:bf:12:1d:23:bc:7d:42:
19:61:4a:bf:09:e9:29:b0:3e:29:a0:94:fa:ac:7c:ab:68:04:
92:69:4f:21:61:7b:13:76:87:85:57:a7:3f:3b:10:97:d0:f1:
34:5d:72:63:8d:f2:4b:4e:77:41:7c:10:d3:cc:a3:b8:0d:2d:
79:5d:94:e3:a1:53:76:44:e4:18:91:3e:22:03:7c:78:ac:c3:
fd:0b:94:11:cf:1c:9b:f5:97:a1:f9:88:f1:ad:08:fb:b1:0a:
80:e9:e2:02:46:c8:5c:28:52:df:79:db:40:7f:5c:44:8e:19:
42:ab:61:72:d4:48:1d:c9:13:dc:27:13:be:cb:67:95:ab:43:
0e:9b:8c:33:02:ce:43:5a:ec:eb:ad:89:a8:71:04:f8:97:b1:
52:1a:22:77:19:de:6b:03:9d:16:10:c8:ba:a9:82:eb:bd:2c:
06:d9:65:79:5f:cc:1d:66:d7:d9:f4:d2:19:cf:74:ec:41:3c:
70:da:94:9f:de:be:50:33:57:0c:b4:fc:03:89:66:41:f1:c7:
75:f0:86:c1:4d:28:a9:11:bb:55:23:67:08:93:da:e5:07:d6:
b0:c3:a2:ec
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIEFz6URzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NjJhZTM0NjM5MzhiMjZmODNiNzZmMGM0ZGY4MWRmYWJiMTVhNGViMB4XDTIyMDQw
MTEzNTY1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMTU1MjRiYWZkMmIy
Y2NkZjE3MmY1NmVkNjU4YTU4MmY0MjI1ZGIxZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKFQSthQAI3T8YJZF5zdvW5WWF1QUc9aDZXphwmzX5RgHG6O
OCYhdM5r031cJ7IgPgkEu8vSCVhF1pQs0R4ILi3EBYUGWsrMoynKBgYUj3HxKHl9
tJ9CnptPWulDicLbA4KjplJ3R4tQZwg+A871MFiAb7UR7r3CbntCXtdnQAdvEyPk
O099FPfzgcvusWv84xN/0lBfT546dvV4RIesF4w8cPDMFW5+auMhEKbIzNch1baj
jBLky6P4F5j9RwzVjh7RRWtn6SBTiQmKAdJA3P4fZEDzYibHYI+aYNXRuX3kyxae
nCVWcFZCfilyL+LVigem8lzLiMXyRAqEqu4UW7kCAwEAAaOCAj0wggI5MB0GA1Ud
DgQWBBQVUkuv0rLM3xcvVu1lilgvQiXbHzAfBgNVHSMEGDAWgBSWKuNGOTiyb4O3
bwxN+B36uxWk6zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xpcmpSams0c20tRHQyOE1UZmdkLXJzVnBPcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTEvYmIwZmMzLWQ1ZjktNGJmNS05NjgzLTllZGYwZDE3ZmI5MS8x
L0ZWSkxyOUt5ek44WEwxYnRaWXBZTDBJbDJ4OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTEv
YmIwZmMzLWQ1ZjktNGJmNS05NjgzLTllZGYwZDE3ZmI5MS8xL2xpcmpSams0c20t
RHQyOE1UZmdkLXJzVnBPcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBT
BggrBgEFBQcBBwEB/wREMEIwQAQCAAEwOgMEAVZo/gMEAFZrwAMEAVkjBjAMAwQD
WSioAwQAWSiqAwQAWSoYMAwDBAa5VEADBAC5VEIDBAHZEw4wDQYJKoZIhvcNAQEL
BQADggEBAI9QwQXP8+DhQ1BTQ8X9LD3xnET1grcgkhCHrN9NvxIdI7x9QhlhSr8J
6SmwPimglPqsfKtoBJJpTyFhexN2h4VXpz87EJfQ8TRdcmON8ktOd0F8ENPMo7gN
LXldlOOhU3ZE5BiRPiIDfHisw/0LlBHPHJv1l6H5iPGtCPuxCoDp4gJGyFwoUt95
20B/XESOGUKrYXLUSB3JE9wnE77LZ5WrQw6bjDMCzkNa7OutiahxBPiXsVIaIncZ
3msDnRYQyLqpguu9LAbZZXlfzB1m19n00hnPdOxBPHDalJ/evlAzVwy0/AOJZkHx
x3XwhsFNKKkRu1UjZwiT2uUH1rDDouw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:41 2024 by rpki-client on console-fra.rpki-client.org