Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/X9wRx2UCrXuk3xvTtYYRUq1IOkM.roa
File: X9wRx2UCrXuk3xvTtYYRUq1IOkM.roa (raw, json)
Hash identifier: ZIc8iadGkbF97zdljRIf+B5fLAiDp8aAbBDpBE3g+Ww=
Subject key identifier: 5F:DC:11:C7:65:02:AD:7B:A4:DF:1B:D3:B5:86:11:52:AD:48:3A:43
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 01850602EEF31195D270C74C53F9F339CE03
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/X9wRx2UCrXuk3xvTtYYRUq1IOkM.roa
Signing time: Mon 12 Dec 2022 11:05:33 +0000
ROA not before: Mon 12 Dec 2022 11:05:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59854
IP address blocks: 188.214.142.0/24 maxlen: 24
89.35.173.0/24 maxlen: 24
93.119.227.0/24 maxlen: 24
185.171.185.0/24 maxlen: 24
185.171.184.0/24 maxlen: 24
185.171.187.0/24 maxlen: 24
77.81.164.0/23 maxlen: 23
188.215.36.0/24 maxlen: 24
128.0.46.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:06:02:ee:f3:11:95:d2:70:c7:4c:53:f9:f3:39:ce:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: Dec 12 11:05:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5fdc11c76502ad7ba4df1bd3b5861152ad483a43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:eb:45:76:f2:ba:9a:51:86:ed:03:19:97:e7:
97:b5:4d:32:ea:b7:c6:14:b6:31:f1:94:dd:8b:e7:
1c:ca:a4:0c:bb:68:59:41:11:f9:c0:da:15:03:ac:
f3:5d:6d:e1:51:03:e7:a7:ca:ab:bf:19:f1:7c:a9:
10:41:41:f0:05:a3:90:e1:5b:6e:ab:51:13:5a:17:
9d:90:20:3b:6d:32:e0:cf:36:89:31:cd:78:ce:14:
d3:82:1e:1e:78:df:9e:12:c3:da:d7:8c:4e:75:79:
fe:f9:e0:5c:52:ab:de:42:e7:88:d0:cf:08:4b:92:
89:a5:73:dc:92:24:08:e6:3b:6a:53:3a:e1:5b:ac:
28:ac:e7:f5:85:94:18:43:a5:64:6b:f9:10:91:20:
c3:19:a0:f6:8a:92:22:63:39:9b:0d:90:7f:da:3a:
17:05:29:d3:81:f9:45:16:25:f5:35:dd:67:2a:a6:
93:b9:3f:17:81:76:39:ed:e7:2b:bf:50:fe:05:a5:
3c:dd:d2:4a:48:58:06:51:d4:c3:23:d3:28:fe:34:
4a:36:37:64:69:22:b0:4f:8a:3e:89:b2:19:91:54:
9b:b9:d9:14:03:5c:91:d6:e2:1d:4c:b9:1e:08:b7:
f3:42:bf:b0:2c:4a:56:16:80:74:9b:98:ca:da:51:
ab:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:DC:11:C7:65:02:AD:7B:A4:DF:1B:D3:B5:86:11:52:AD:48:3A:43
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/X9wRx2UCrXuk3xvTtYYRUq1IOkM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.81.164.0/23
89.35.173.0/24
93.119.227.0/24
128.0.46.0/23
185.171.184.0/23
185.171.187.0/24
188.214.142.0/24
188.215.36.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:11:dd:42:5b:20:7b:34:4d:3a:1a:8c:f3:ec:27:a3:76:0c:
2f:90:4b:9a:26:ad:26:d2:ed:cf:9e:4e:0a:2f:f3:b3:8f:e3:
53:e7:9d:5e:74:f6:ef:5a:cc:d2:87:94:07:a2:08:f4:c1:39:
b3:0a:95:9d:c2:c1:a8:21:a2:50:57:d1:ea:79:10:8b:94:e1:
a1:f7:62:ab:9b:49:de:47:08:c0:b8:63:f4:7f:44:0a:bc:5e:
4b:53:d8:ea:76:51:a7:1a:4e:12:f7:7a:f0:9b:dd:7a:5c:c3:
29:ae:b1:59:71:b6:29:02:81:f9:a3:a9:bd:4a:8d:85:85:cc:
27:a9:c0:44:d2:6c:f3:5e:49:a4:e1:a5:25:b3:9b:35:bb:c6:
0c:58:f8:e0:76:2c:28:16:05:dc:d8:64:5f:4e:bf:82:3c:5d:
81:cd:08:84:9e:a6:a2:c5:dc:23:01:56:a1:ae:c7:f8:50:cd:
b9:ec:1e:d6:12:44:23:7a:b6:1a:9a:d8:0a:50:09:b7:bc:c7:
1e:e0:39:21:bb:96:5b:9e:33:52:9a:bd:5e:bc:62:84:e5:6a:
f3:3d:0f:e5:98:6c:48:12:c0:49:ba:3f:22:0c:e6:0b:b4:7b:
12:0c:4a:aa:d1:84:4a:c4:76:ae:4b:16:62:44:e8:8b:a0:d6:
b3:f8:f2:93
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYUGAu7zEZXScMdMU/nzOc4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjIxMjEyMTEwNTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmRjMTFjNzY1MDJhZDdiYTRkZjFiZDNiNTg2MTE1MmFkNDgzYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlutFdvK6mlGG7QMZl+eXtU0y6rfG
FLYx8ZTdi+ccyqQMu2hZQRH5wNoVA6zzXW3hUQPnp8qrvxnxfKkQQUHwBaOQ4Vtu
q1ETWhedkCA7bTLgzzaJMc14zhTTgh4eeN+eEsPa14xOdXn++eBcUqveQueI0M8I
S5KJpXPckiQI5jtqUzrhW6worOf1hZQYQ6Vka/kQkSDDGaD2ipIiYzmbDZB/2joX
BSnTgflFFiX1Nd1nKqaTuT8XgXY57ecrv1D+BaU83dJKSFgGUdTDI9Mo/jRKNjdk
aSKwT4o+ibIZkVSbudkUA1yR1uIdTLkeCLfzQr+wLEpWFoB0m5jK2lGrqQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFF/cEcdlAq17pN8b07WGEVKtSDpDMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvWDl3UngyVUNyWHVrM3h2VHRZWVJVcTFJT2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBTVGkAwQA
WSOtAwQAXXfjAwQBgAAuAwQBuau4AwQAuau7AwQAvNaOAwQAvNckMA0GCSqGSIb3
DQEBCwUAA4IBAQB/Ed1CWyB7NE06Gozz7CejdgwvkEuaJq0m0u3Pnk4KL/Ozj+NT
551edPbvWszSh5QHogj0wTmzCpWdwsGoIaJQV9HqeRCLlOGh92Krm0neRwjAuGP0
f0QKvF5LU9jqdlGnGk4S93rwm916XMMprrFZcbYpAoH5o6m9So2FhcwnqcBE0mzz
Xkmk4aUls5s1u8YMWPjgdiwoFgXc2GRfTr+CPF2BzQiEnqaixdwjAVahrsf4UM25
7B7WEkQjerYamtgKUAm3vMce4Dkhu5ZbnjNSmr1evGKE5WrzPQ/lmGxIEsBJuj8i
DOYLtHsSDEqq0YRKxHauSxZiROiLoNaz+PKT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:27 2024 by rpki-client on console-fra.rpki-client.org