Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/L9A4LeiZRP3tWZeZyXRfM34qSrI.roa
File: L9A4LeiZRP3tWZeZyXRfM34qSrI.roa (raw, json)
Hash identifier: 0PpzT37pRafTICoHXpcOBDzFJKYakEapfk5klhLjjKs=
Subject key identifier: 2F:D0:38:2D:E8:99:44:FD:ED:59:97:99:C9:74:5F:33:7E:2A:4A:B2
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018820C60B23F40189BE4D9363416367C683
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/L9A4LeiZRP3tWZeZyXRfM34qSrI.roa
Signing time: Mon 15 May 2023 18:57:09 +0000
ROA not before: Mon 15 May 2023 18:57:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35409
IP address blocks: 185.230.250.0/24 maxlen: 24
89.47.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:20:c6:0b:23:f4:01:89:be:4d:93:63:41:63:67:c6:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 15 18:57:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2fd0382de89944fded599799c9745f337e2a4ab2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:b5:4a:e2:de:ce:c2:89:e9:93:16:50:e9:99:
36:f2:70:23:02:95:e6:3d:9b:8e:e9:36:bb:5e:d3:
83:8d:c1:bc:cb:cc:cf:75:b9:3d:07:94:70:13:2e:
d4:b4:98:86:61:5d:b5:ba:93:02:9d:b8:6e:4a:c8:
e7:77:6d:9f:3b:1d:af:2a:70:e6:ce:aa:39:83:3c:
3e:65:1e:37:68:c8:dd:ca:ad:9d:49:6a:98:3d:15:
1e:2d:59:47:74:c0:a7:1c:4e:a6:37:57:d9:b5:bb:
05:ad:8a:13:d9:88:bd:22:a9:0f:2e:c4:38:65:16:
35:29:aa:68:d6:25:f7:bb:9e:53:aa:b6:a8:8e:fe:
9a:a1:49:e9:4b:1e:8b:56:09:d4:d9:92:13:0f:3a:
f0:40:e7:8b:2a:ca:a8:6b:ad:06:ec:e9:e1:48:d7:
ea:43:36:a1:a6:ca:76:3b:92:b8:69:64:55:5b:0b:
b9:7d:5d:f3:2d:7d:4d:af:8b:4a:0e:62:bf:93:4f:
35:1a:9c:ea:4a:dd:33:2e:72:99:a0:4e:da:7b:73:
d2:57:9f:65:57:51:c9:26:c6:10:0f:20:a5:98:04:
8c:75:b2:a4:54:9e:8a:8a:61:81:14:d3:bd:1d:88:
0e:6c:aa:81:54:fc:03:19:80:be:dd:10:ec:c3:99:
e8:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:D0:38:2D:E8:99:44:FD:ED:59:97:99:C9:74:5F:33:7E:2A:4A:B2
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/L9A4LeiZRP3tWZeZyXRfM34qSrI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.47.89.0/24
185.230.250.0/24
Signature Algorithm: sha256WithRSAEncryption
21:c3:c5:5d:b3:f3:7f:15:cb:8e:8e:cf:0e:81:1d:89:97:ca:
04:cb:28:74:61:17:1d:db:c5:f3:36:e2:db:b7:cb:fa:d6:48:
41:c7:76:fa:5b:4e:02:67:20:40:19:df:c4:80:00:2d:ff:91:
34:b6:be:8d:6b:8d:d7:1c:f7:0f:78:89:06:c3:16:50:45:df:
db:d7:1f:42:61:02:72:d9:d5:4a:5f:46:f4:f0:71:71:67:fb:
f4:bc:ed:ea:12:78:32:1d:91:db:40:50:84:9f:88:dd:5b:c9:
8a:f7:d7:f2:6e:08:f1:22:5a:aa:a5:88:37:2f:22:37:6b:de:
1f:c6:67:1e:b0:30:0f:52:41:7d:6a:d3:fd:f6:b4:0d:cd:92:
8d:74:b6:8b:a9:bd:a5:50:dd:86:ae:96:a7:7f:eb:a4:82:be:
50:3e:e4:15:58:1f:07:f5:08:1a:7e:44:26:0f:bb:c6:1a:5f:
29:5b:12:67:f3:64:0f:94:b1:01:c0:14:4e:2f:7f:46:76:5e:
69:97:ae:2d:5e:9c:e7:43:0d:4f:cb:cc:f4:94:28:fd:ea:fe:
d5:b7:dc:a0:72:55:d7:d7:d7:70:2e:1b:d9:96:4a:4a:d5:11:
7d:3e:82:1d:6b:ca:07:eb:cf:7a:2d:4f:e0:84:e5:1d:06:a7:
40:0f:91:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYggxgsj9AGJvk2TY0FjZ8aDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTE1MTg1NzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmQwMzgyZGU4OTk0NGZkZWQ1OTk3OTljOTc0NWYzMzdlMmE0YWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbVK4t7OwonpkxZQ6Zk28nAjApXm
PZuO6Ta7XtODjcG8y8zPdbk9B5RwEy7UtJiGYV21upMCnbhuSsjnd22fOx2vKnDm
zqo5gzw+ZR43aMjdyq2dSWqYPRUeLVlHdMCnHE6mN1fZtbsFrYoT2Yi9IqkPLsQ4
ZRY1Kapo1iX3u55Tqraojv6aoUnpSx6LVgnU2ZITDzrwQOeLKsqoa60G7OnhSNfq
Qzahpsp2O5K4aWRVWwu5fV3zLX1Nr4tKDmK/k081GpzqSt0zLnKZoE7ae3PSV59l
V1HJJsYQDyClmASMdbKkVJ6KimGBFNO9HYgObKqBVPwDGYC+3RDsw5noSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC/QOC3omUT97VmXmcl0XzN+KkqyMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTDlBNExlaVpSUDN0V1plWnlYUmZNMzRxU3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS9ZAwQA
ueb6MA0GCSqGSIb3DQEBCwUAA4IBAQAhw8Vds/N/FcuOjs8OgR2Jl8oEyyh0YRcd
28XzNuLbt8v61khBx3b6W04CZyBAGd/EgAAt/5E0tr6Na43XHPcPeIkGwxZQRd/b
1x9CYQJy2dVKX0b08HFxZ/v0vO3qEngyHZHbQFCEn4jdW8mK99fybgjxIlqqpYg3
LyI3a94fxmcesDAPUkF9atP99rQNzZKNdLaLqb2lUN2Grpanf+ukgr5QPuQVWB8H
9QgafkQmD7vGGl8pWxJn82QPlLEBwBROL39Gdl5pl64tXpznQw1Py8z0lCj96v7V
t9ygclXX19dwLhvZlkpK1RF9PoIda8oH6896LU/ghOUdBqdAD5Ed
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org