Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/lMAC1zRIG2Hn5NCgTx70dcrspWU.roa
File: lMAC1zRIG2Hn5NCgTx70dcrspWU.roa (raw, json)
Hash identifier: 9MYP4xpn0mFTvKs+B6K4EgaGXSaHrh8f1S73pi04ed4=
Subject key identifier: 94:C0:02:D7:34:48:1B:61:E7:E4:D0:A0:4F:1E:F4:75:CA:EC:A5:65
Certificate issuer: /CN=7ebb888f2b99de9972e2446eba058ab8e2cd7b3f
Certificate serial: 018F5095F7E784EDDD7747EDEA43C9C31E15
Authority key identifier: 7E:BB:88:8F:2B:99:DE:99:72:E2:44:6E:BA:05:8A:B8:E2:CD:7B:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fruIjyuZ3ply4kRuugWKuOLNez8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/lMAC1zRIG2Hn5NCgTx70dcrspWU.roa
Signing time: Tue 07 May 2024 01:05:56 +0000
ROA not before: Tue 07 May 2024 01:05:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201032
IP address blocks: 185.77.89.0/24 maxlen: 24
185.77.90.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:50:95:f7:e7:84:ed:dd:77:47:ed:ea:43:c9:c3:1e:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7ebb888f2b99de9972e2446eba058ab8e2cd7b3f
Validity
Not Before: May 7 01:05:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=94c002d734481b61e7e4d0a04f1ef475caeca565
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ce:10:ee:de:c8:a6:d4:75:5d:ef:49:dd:76:
28:fe:bc:45:6e:72:3a:8e:7e:1c:a2:f0:97:59:f0:
17:88:9e:29:15:7a:7f:2b:4e:f8:15:be:c7:67:a8:
b8:69:e8:1a:d4:a3:63:49:73:68:da:b3:b3:d8:04:
67:68:f0:c6:95:5a:ae:c1:4b:b3:e5:8f:52:a5:3a:
45:dd:6c:ac:cf:63:0e:ea:1e:6c:cc:4f:4f:5e:bb:
da:df:9a:25:2a:a3:3e:c6:a4:63:c5:99:6a:af:f9:
2f:34:07:72:d1:94:03:6c:5a:a7:b4:bb:d6:61:c2:
65:c3:ad:e6:01:78:36:cd:28:d3:1e:da:7f:f9:95:
0f:ac:e2:cd:24:3e:6e:08:4b:f7:5c:68:ed:ca:6b:
f9:82:66:19:d4:59:91:3f:21:74:bc:28:cf:0b:a3:
ab:32:69:a7:8f:91:aa:3d:df:b3:3a:38:d8:fd:fa:
5e:10:d3:32:4e:99:bf:fc:0f:8b:f5:84:07:11:9b:
fa:72:a9:d2:61:b1:2d:7c:36:11:ca:f4:7b:22:92:
89:7a:d2:f8:d4:02:06:2c:70:d8:dd:23:eb:5c:f0:
b3:e8:17:bc:e4:e1:b0:f1:08:7b:2f:bf:01:30:cd:
16:76:69:c9:5e:ce:8f:4f:75:61:8f:c5:5c:cb:19:
61:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:C0:02:D7:34:48:1B:61:E7:E4:D0:A0:4F:1E:F4:75:CA:EC:A5:65
X509v3 Authority Key Identifier:
keyid:7E:BB:88:8F:2B:99:DE:99:72:E2:44:6E:BA:05:8A:B8:E2:CD:7B:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fruIjyuZ3ply4kRuugWKuOLNez8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/lMAC1zRIG2Hn5NCgTx70dcrspWU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/fruIjyuZ3ply4kRuugWKuOLNez8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.77.89.0-185.77.90.255
Signature Algorithm: sha256WithRSAEncryption
ae:0f:cf:25:17:10:ce:5a:6b:eb:31:73:ee:9d:29:92:b9:1a:
bc:cd:ed:5f:26:93:c7:2b:d2:ad:20:b7:68:9a:6a:37:44:39:
a5:f5:a1:d0:2d:d8:c6:30:39:23:7c:3a:92:e7:ec:b5:83:e5:
f8:88:c4:71:51:af:14:d7:ab:17:94:59:fa:d5:e6:e1:b7:59:
71:f5:e9:1b:42:61:bc:97:18:be:b6:5c:ce:e7:9c:84:23:6d:
16:f3:c7:57:0e:b7:84:05:d8:7b:db:e0:fe:2d:cd:6c:91:fc:
5a:1c:f5:eb:85:a2:4c:4e:71:7d:e5:76:f3:44:f4:54:ca:5b:
7c:08:9f:8a:09:b5:17:26:44:95:30:a4:0a:62:0d:7e:99:82:
cf:04:85:c4:56:45:78:81:94:5b:bb:d9:de:82:fc:d7:ae:b3:
0a:f3:d0:d4:7f:0a:f5:73:ce:df:91:17:70:5f:f4:12:17:d3:
92:1b:58:b8:fd:94:24:03:e6:e0:94:34:2e:04:e4:16:c6:80:
56:d7:df:bd:90:d9:61:b2:52:47:4d:53:af:19:d9:99:5d:3e:
d0:de:d2:a5:9f:fa:57:2b:ca:d7:a8:94:07:f7:a5:ae:d5:c7:
64:0f:f9:b9:91:cc:ac:2c:6c:61:65:d2:ee:4e:d5:e2:90:81:
e8:32:c5:b7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY9QlffnhO3dd0ft6kPJwx4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYmI4ODhmMmI5OWRlOTk3MmUyNDQ2ZWJhMDU4YWI4ZTJj
ZDdiM2YwHhcNMjQwNTA3MDEwNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGMwMDJkNzM0NDgxYjYxZTdlNGQwYTA0ZjFlZjQ3NWNhZWNhNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxM4Q7t7IptR1Xe9J3XYo/rxFbnI6
jn4covCXWfAXiJ4pFXp/K074Fb7HZ6i4aega1KNjSXNo2rOz2ARnaPDGlVquwUuz
5Y9SpTpF3Wysz2MO6h5szE9PXrva35olKqM+xqRjxZlqr/kvNAdy0ZQDbFqntLvW
YcJlw63mAXg2zSjTHtp/+ZUPrOLNJD5uCEv3XGjtymv5gmYZ1FmRPyF0vCjPC6Or
Mmmnj5GqPd+zOjjY/fpeENMyTpm//A+L9YQHEZv6cqnSYbEtfDYRyvR7IpKJetL4
1AIGLHDY3SPrXPCz6Be85OGw8Qh7L78BMM0WdmnJXs6PT3Vhj8VcyxlhawIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJTAAtc0SBth5+TQoE8e9HXK7KVlMB8GA1UdIwQY
MBaAFH67iI8rmd6ZcuJEbroFirjizXs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnJ1SWp5dVozcGx5NGtSdXVnV0t1T0xOZXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9lMWIzNGEtZjM4OC00ZGRkLTkyY2Qt
ZTFjMGE0ZDA0OTE3LzEvbE1BQzF6UklHMkhuNU5DZ1R4NzBkY3JzcFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9lMWIzNGEtZjM4OC00ZGRkLTkyY2QtZTFjMGE0ZDA0OTE3
LzEvZnJ1SWp5dVozcGx5NGtSdXVnV0t1T0xOZXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5TVkD
BAC5TVowDQYJKoZIhvcNAQELBQADggEBAK4PzyUXEM5aa+sxc+6dKZK5GrzN7V8m
k8cr0q0gt2iaajdEOaX1odAt2MYwOSN8OpLn7LWD5fiIxHFRrxTXqxeUWfrV5uG3
WXH16RtCYbyXGL62XM7nnIQjbRbzx1cOt4QF2Hvb4P4tzWyR/Foc9euFokxOcX3l
dvNE9FTKW3wIn4oJtRcmRJUwpApiDX6Zgs8EhcRWRXiBlFu72d6C/Neuswrz0NR/
CvVzzt+RF3Bf9BIX05IbWLj9lCQD5uCUNC4E5BbGgFbX372Q2WGyUkdNU68Z2Zld
PtDe0qWf+lcryteolAf3pa7Vx2QP+bmRzKwsbGFl0u5O1eKQgegyxbc=
-----END CERTIFICATE-----
Generated at Fri Jun 7 10:21:46 2024 by rpki-client on console-fra.rpki-client.org