Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/L9dHFtyCd4Pbm0b3zJDD-qBBt2w.roa
File: L9dHFtyCd4Pbm0b3zJDD-qBBt2w.roa (raw, json)
Hash identifier: 4ept6xHghDDok4LfM8iUiDBsdnUUV7fBlIR+GN9ZdCY=
Subject key identifier: 2F:D7:47:16:DC:82:77:83:DB:9B:46:F7:CC:90:C3:FA:A0:41:B7:6C
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018721E8A6069788D4174DCCBAE7C324F019
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/L9dHFtyCd4Pbm0b3zJDD-qBBt2w.roa
Signing time: Mon 27 Mar 2023 07:11:47 +0000
ROA not before: Mon 27 Mar 2023 07:11:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.121.229.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:21:e8:a6:06:97:88:d4:17:4d:cc:ba:e7:c3:24:f0:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 27 07:11:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2fd74716dc827783db9b46f7cc90c3faa041b76c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:8e:67:14:1d:21:12:e1:3c:02:fb:94:95:bf:
b5:fa:24:e0:dc:bc:d1:3f:44:57:9c:09:ab:79:64:
66:f3:50:4e:a0:f5:42:b8:bb:83:80:2a:e3:36:fd:
33:b0:53:84:51:07:2e:16:5f:f6:9b:70:c6:61:30:
be:76:15:20:8e:c3:14:70:cc:1c:b8:66:4c:a2:bd:
1f:fb:c3:62:69:8b:94:d4:48:9e:f4:b4:cb:d9:7d:
ca:e6:00:85:83:21:a2:2c:0b:fe:6d:cc:3e:4e:1a:
96:fe:28:76:b0:a1:29:04:5a:41:6a:26:fb:7e:2e:
77:1c:2f:64:88:79:67:e9:e4:e1:ad:0e:11:16:4d:
70:d2:b1:b6:17:d5:93:08:a7:c2:5f:07:77:e7:4d:
a5:54:3f:3f:83:30:43:cf:77:e4:81:e9:42:83:2b:
44:8e:5f:41:af:76:ef:14:90:3f:51:81:ca:b5:61:
8d:19:db:b5:0d:77:02:80:8b:8d:e4:49:4e:9c:af:
89:a0:1a:50:05:6a:29:d7:fa:0a:27:29:1d:e0:39:
d2:a1:92:f9:84:d1:9a:9c:ab:3a:a8:2a:69:a7:75:
43:39:85:67:d3:04:fb:71:d8:dd:fa:67:1f:1b:10:
ea:bf:0b:45:7e:6c:fb:10:f7:4d:c5:1f:fa:9a:11:
01:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:D7:47:16:DC:82:77:83:DB:9B:46:F7:CC:90:C3:FA:A0:41:B7:6C
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/L9dHFtyCd4Pbm0b3zJDD-qBBt2w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.114.246.0/24
185.121.229.0/24
194.4.158.0/24
213.32.248.0/24
Signature Algorithm: sha256WithRSAEncryption
70:d9:39:ae:98:14:fb:c6:4a:67:80:c0:f8:f6:86:e0:3b:96:
97:24:ea:07:bd:c4:f6:02:31:8f:ef:14:79:7c:f8:aa:82:1e:
99:b7:f2:f3:28:8c:4b:a5:94:6d:38:4c:91:de:45:3d:8a:bb:
4d:79:c0:ed:0d:dd:cf:b4:72:9f:37:0b:e8:63:5f:de:e8:9d:
78:f2:67:03:ea:f8:4a:0b:9a:43:e6:bf:b6:93:29:6b:82:dc:
23:f7:43:eb:58:9d:ce:c3:f3:c8:68:5f:e1:b6:db:7f:32:58:
e9:53:4f:76:38:7e:ba:4f:86:c7:ba:1e:fb:4c:d6:31:51:78:
bc:f8:e0:73:0f:cf:9c:1d:b2:fd:e2:10:55:f0:57:28:a9:76:
b1:6f:d1:2d:c2:7f:8b:61:71:2f:c3:74:05:a5:c0:6e:31:bb:
23:a5:60:77:70:13:c6:60:94:1a:07:86:2e:27:19:f5:59:f5:
3b:10:6a:0a:96:7a:69:a2:b2:19:9a:1b:09:9b:87:0e:2a:4f:
d4:87:11:f4:ab:5e:68:dd:fe:5f:8e:2f:94:74:10:19:1d:a7:
59:4f:c2:88:8f:32:ce:85:40:de:d2:d7:be:aa:a1:8d:30:49:
24:fe:e2:d3:47:c9:15:bc:e4:bc:1f:05:23:78:ea:c4:c0:98:
aa:d6:b4:c7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYch6KYGl4jUF03MuufDJPAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI3MDcxMTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmQ3NDcxNmRjODI3NzgzZGI5YjQ2ZjdjYzkwYzNmYWEwNDFiNzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiY5nFB0hEuE8AvuUlb+1+iTg3LzR
P0RXnAmreWRm81BOoPVCuLuDgCrjNv0zsFOEUQcuFl/2m3DGYTC+dhUgjsMUcMwc
uGZMor0f+8NiaYuU1Eie9LTL2X3K5gCFgyGiLAv+bcw+ThqW/ih2sKEpBFpBaib7
fi53HC9kiHln6eThrQ4RFk1w0rG2F9WTCKfCXwd3502lVD8/gzBDz3fkgelCgytE
jl9Br3bvFJA/UYHKtWGNGdu1DXcCgIuN5ElOnK+JoBpQBWop1/oKJykd4DnSoZL5
hNGanKs6qCppp3VDOYVn0wT7cdjd+mcfGxDqvwtFfmz7EPdNxR/6mhEBIQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFC/XRxbcgneD25tG98yQw/qgQbdsMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTDlkSEZ0eUNkNFBibTBiM3pKREQtcUJCdDJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAXXL2AwQA
uXnlAwQAwgSeAwQA1SD4MA0GCSqGSIb3DQEBCwUAA4IBAQBw2TmumBT7xkpngMD4
9obgO5aXJOoHvcT2AjGP7xR5fPiqgh6Zt/LzKIxLpZRtOEyR3kU9irtNecDtDd3P
tHKfNwvoY1/e6J148mcD6vhKC5pD5r+2kylrgtwj90PrWJ3Ow/PIaF/httt/Mljp
U092OH66T4bHuh77TNYxUXi8+OBzD8+cHbL94hBV8FcoqXaxb9Etwn+LYXEvw3QF
pcBuMbsjpWB3cBPGYJQaB4YuJxn1WfU7EGoKlnpporIZmhsJm4cOKk/UhxH0q15o
3f5fji+UdBAZHadZT8KIjzLOhUDe0te+qqGNMEkk/uLTR8kVvOS8HwUjeOrEwJiq
1rTH
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org