Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7rSmFGbfk3GH80PsVwpWEBdB1Dk.roa
File: 7rSmFGbfk3GH80PsVwpWEBdB1Dk.roa (raw, json)
Hash identifier: 2r/Qvbeb3TCIfCFpuh3MigwetUQk/SyJIx6nNqN1vUc=
Subject key identifier: EE:B4:A6:14:66:DF:93:71:87:F3:43:EC:57:0A:56:10:17:41:D4:39
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018673E38AA4DA3FBC7FDD7AE707186EA541
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7rSmFGbfk3GH80PsVwpWEBdB1Dk.roa
Signing time: Tue 21 Feb 2023 12:12:17 +0000
ROA not before: Tue 21 Feb 2023 12:12:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211237
IP address blocks: 89.35.159.0/24 maxlen: 24
89.40.76.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
89.44.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:73:e3:8a:a4:da:3f:bc:7f:dd:7a:e7:07:18:6e:a5:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 21 12:12:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=eeb4a61466df937187f343ec570a56101741d439
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:7b:7c:fd:3a:51:ea:c2:97:06:7c:5c:ed:0b:
e3:bf:1c:23:c8:83:e4:fa:a1:95:5a:f6:28:c4:55:
ad:78:6c:b3:ed:b9:12:0e:c3:96:34:53:7c:a2:52:
42:7a:00:70:cd:f1:c9:a1:c6:d0:34:98:43:b7:fe:
74:be:4e:43:64:92:e4:f6:79:d2:37:26:ee:db:7d:
d5:37:50:1c:b6:54:fe:f0:90:39:b3:51:5f:66:fa:
a1:2e:fa:65:1f:5f:77:5e:06:26:c1:a6:4c:21:d1:
10:bd:e9:99:de:b7:d5:9b:a0:c4:b1:fb:ba:4c:e6:
d7:8e:9b:a3:2c:2b:1e:3e:27:65:91:c1:b1:43:00:
02:d1:1f:17:c6:84:d2:df:a8:79:f8:7e:6b:e9:a3:
57:b8:a7:5e:58:70:c7:0f:c9:49:4b:98:d9:4c:dd:
a2:db:5b:e4:ee:78:56:c2:c8:6d:66:f4:01:33:22:
57:f8:9e:fe:73:7e:12:97:c2:41:2a:00:8c:da:22:
3b:b2:29:7e:da:09:3b:f4:cd:a8:86:5d:e7:c4:6a:
4d:87:5c:1e:2a:9b:74:3d:3f:6e:6b:11:22:3a:93:
bb:58:ed:cb:e4:ed:c7:26:ac:0e:88:00:56:f3:1b:
19:f0:15:14:d1:f3:78:b2:2e:97:0b:67:58:28:ab:
e6:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:B4:A6:14:66:DF:93:71:87:F3:43:EC:57:0A:56:10:17:41:D4:39
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7rSmFGbfk3GH80PsVwpWEBdB1Dk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.159.0/24
89.40.76.0/24
89.44.207.0/24
185.103.72.0/24
Signature Algorithm: sha256WithRSAEncryption
51:ea:70:ed:8f:ec:a8:65:ee:ca:5e:b6:fe:7c:5c:04:aa:6e:
cc:ff:54:95:5f:61:ed:89:39:95:f4:74:88:69:9f:d0:ee:f4:
3e:1c:30:97:e4:1d:34:3a:61:b9:aa:a2:3d:2d:ef:b8:bd:58:
b9:4a:ed:47:49:b2:a9:9c:18:2a:17:e8:ac:56:25:0d:75:27:
4f:a4:dc:69:86:22:74:e2:f9:9b:4a:a2:fa:73:3c:75:50:25:
01:5e:1a:9d:ff:e9:3d:a5:14:85:c9:89:31:bf:ca:f1:7c:5a:
4f:c9:fb:e7:ea:43:f4:73:b8:0f:e4:ab:02:bd:d1:9a:dc:f7:
f5:80:41:d7:70:5e:e0:8f:a7:5f:0c:e4:52:81:93:17:e4:ef:
15:93:6f:d1:10:e3:a3:63:42:6d:66:93:39:1e:d8:c6:7f:91:
98:5c:b1:9f:bb:44:dc:94:f9:c6:a8:38:8b:fd:cb:a8:f4:ea:
61:98:06:76:60:92:a0:d6:f6:56:82:34:df:a8:9e:48:f2:32:
09:04:ea:ca:69:4c:20:ef:86:15:ec:fa:fc:6e:56:34:81:9f:
8e:11:6c:69:ee:51:b5:0d:17:87:6a:e8:36:ff:51:78:e4:77:
d1:8d:68:ec:ad:e3:7d:ed:3a:5e:5d:91:6c:26:22:3c:a3:a1:
f4:6c:91:d0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYZz44qk2j+8f9165wcYbqVBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjIxMTIxMjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWI0YTYxNDY2ZGY5MzcxODdmMzQzZWM1NzBhNTYxMDE3NDFkNDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXt8/TpR6sKXBnxc7QvjvxwjyIPk
+qGVWvYoxFWteGyz7bkSDsOWNFN8olJCegBwzfHJocbQNJhDt/50vk5DZJLk9nnS
Nybu233VN1ActlT+8JA5s1FfZvqhLvplH193XgYmwaZMIdEQvemZ3rfVm6DEsfu6
TObXjpujLCsePidlkcGxQwAC0R8XxoTS36h5+H5r6aNXuKdeWHDHD8lJS5jZTN2i
21vk7nhWwshtZvQBMyJX+J7+c34Sl8JBKgCM2iI7sil+2gk79M2ohl3nxGpNh1we
Kpt0PT9uaxEiOpO7WO3L5O3HJqwOiABW8xsZ8BUU0fN4si6XC2dYKKvmFwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFO60phRm35Nxh/ND7FcKVhAXQdQ5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvN3JTbUZHYmZrM0dIODBQc1Z3cFdFQmRCMURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWSOfAwQA
WShMAwQAWSzPAwQAuWdIMA0GCSqGSIb3DQEBCwUAA4IBAQBR6nDtj+yoZe7KXrb+
fFwEqm7M/1SVX2HtiTmV9HSIaZ/Q7vQ+HDCX5B00OmG5qqI9Le+4vVi5Su1HSbKp
nBgqF+isViUNdSdPpNxphiJ04vmbSqL6czx1UCUBXhqd/+k9pRSFyYkxv8rxfFpP
yfvn6kP0c7gP5KsCvdGa3Pf1gEHXcF7gj6dfDORSgZMX5O8Vk2/REOOjY0JtZpM5
HtjGf5GYXLGfu0TclPnGqDiL/cuo9OphmAZ2YJKg1vZWgjTfqJ5I8jIJBOrKaUwg
74YV7Pr8blY0gZ+OEWxp7lG1DReHaug2/1F45HfRjWjsreN97TpeXZFsJiI8o6H0
bJHQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org