Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MOikG1xc8HKUO2zIsy58s_rRbmU.roa
File: MOikG1xc8HKUO2zIsy58s_rRbmU.roa (raw, json)
Hash identifier: 7OZpoIpU6/txdylonS3EHhNS6JWBP7bqHr0mX6L1JRw=
Subject key identifier: 30:E8:A4:1B:5C:5C:F0:72:94:3B:6C:C8:B3:2E:7C:B3:FA:D1:6E:65
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01878002D3F2A2F45B081280F64E3FD46D9D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MOikG1xc8HKUO2zIsy58s_rRbmU.roa
Signing time: Fri 14 Apr 2023 13:44:41 +0000
ROA not before: Fri 14 Apr 2023 13:44:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35409
IP address blocks: 185.230.250.0/24 maxlen: 24
89.47.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:80:02:d3:f2:a2:f4:5b:08:12:80:f6:4e:3f:d4:6d:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 14 13:44:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=30e8a41b5c5cf072943b6cc8b32e7cb3fad16e65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:f4:36:4c:77:41:7c:1c:b9:06:31:d3:d8:a7:
03:3a:0a:d9:e4:37:05:ff:71:64:0d:77:91:3f:4a:
f6:df:12:31:64:4c:fa:f4:a2:ef:4d:64:a4:b5:6d:
c6:77:7c:ea:9d:11:45:6c:a3:d3:09:7d:51:70:39:
30:dc:f8:5c:34:1f:96:32:84:26:31:d1:3c:e2:2f:
cf:19:88:b5:49:40:86:ad:78:a1:24:1b:29:89:f0:
a6:72:8b:51:8a:44:b1:b9:8e:a6:48:74:9b:22:97:
e9:d7:16:b9:7e:ec:03:b5:7f:7a:f2:71:3e:10:80:
a5:be:b0:1a:5c:c6:f5:9b:11:66:57:f6:99:04:8b:
89:ad:85:a4:ac:18:89:2f:41:28:66:b5:d4:c1:b1:
17:7d:68:15:28:37:63:42:69:cc:46:83:be:86:42:
de:10:1e:9c:62:79:36:06:d4:52:fb:db:e6:2b:4c:
43:0f:00:e9:0b:58:31:ef:48:d3:6a:11:a5:8f:c6:
a4:50:19:7c:b9:ed:ca:b7:c3:84:b2:3b:96:2c:1e:
ab:43:52:82:12:af:80:38:01:d2:e0:90:2c:e5:58:
a7:34:83:ec:04:22:94:9f:52:c6:71:41:79:3c:86:
09:08:f3:d1:42:d2:46:06:2e:97:d8:4e:70:44:8b:
76:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:E8:A4:1B:5C:5C:F0:72:94:3B:6C:C8:B3:2E:7C:B3:FA:D1:6E:65
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MOikG1xc8HKUO2zIsy58s_rRbmU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.47.89.0/24
185.230.250.0/24
Signature Algorithm: sha256WithRSAEncryption
84:67:a6:9f:5e:f0:ee:0f:c8:5a:70:0b:35:c9:23:b1:ed:11:
37:a0:5f:7e:8b:38:6a:09:24:4d:6b:7a:59:4c:93:37:d9:62:
02:dd:81:b3:21:a2:ec:f3:ea:d3:b7:7a:05:fb:ab:90:8d:b7:
41:b0:02:f8:19:fe:0c:60:28:18:e6:51:66:44:6f:60:ee:89:
61:0e:ad:e6:f1:7c:2e:73:5b:49:45:6e:13:7e:4b:43:c3:0d:
e5:0a:4a:da:cb:72:20:6d:1c:e8:7b:e8:8c:29:4b:68:6e:5b:
a7:80:b3:22:38:bf:82:4b:82:7a:93:cd:86:d7:b1:58:6e:83:
bc:6c:24:9a:2e:44:12:36:74:07:95:f7:de:f0:be:39:2a:2e:
02:4a:8a:13:42:ce:db:ec:de:bb:b4:10:73:b7:94:f4:cf:03:
58:7c:4b:e9:2b:be:2d:9e:2e:c6:c5:5a:d4:53:ee:74:77:2e:
1e:c5:ff:81:ad:aa:14:63:ae:ae:a4:4e:2b:62:78:c3:f2:c1:
2c:ff:4b:08:c0:26:1c:e2:8d:8b:9f:a6:49:72:55:8b:14:ff:
da:0d:3d:c9:7d:1d:e4:7f:1e:0a:92:12:2a:d6:06:d7:03:b5:
97:1e:8a:14:66:83:16:20:5b:bf:88:9d:d3:9e:79:03:ab:b7:
4f:ae:c3:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYeAAtPyovRbCBKA9k4/1G2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDE0MTM0NDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGU4YTQxYjVjNWNmMDcyOTQzYjZjYzhiMzJlN2NiM2ZhZDE2ZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/Q2THdBfBy5BjHT2KcDOgrZ5DcF
/3FkDXeRP0r23xIxZEz69KLvTWSktW3Gd3zqnRFFbKPTCX1RcDkw3PhcNB+WMoQm
MdE84i/PGYi1SUCGrXihJBspifCmcotRikSxuY6mSHSbIpfp1xa5fuwDtX968nE+
EIClvrAaXMb1mxFmV/aZBIuJrYWkrBiJL0EoZrXUwbEXfWgVKDdjQmnMRoO+hkLe
EB6cYnk2BtRS+9vmK0xDDwDpC1gx70jTahGlj8akUBl8ue3Kt8OEsjuWLB6rQ1KC
Eq+AOAHS4JAs5VinNIPsBCKUn1LGcUF5PIYJCPPRQtJGBi6X2E5wRIt2pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDDopBtcXPBylDtsyLMufLP60W5lMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTU9pa0cxeGM4SEtVTzJ6SXN5NThzX3JSYm1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS9ZAwQA
ueb6MA0GCSqGSIb3DQEBCwUAA4IBAQCEZ6afXvDuD8hacAs1ySOx7RE3oF9+izhq
CSRNa3pZTJM32WIC3YGzIaLs8+rTt3oF+6uQjbdBsAL4Gf4MYCgY5lFmRG9g7olh
Dq3m8Xwuc1tJRW4TfktDww3lCkray3IgbRzoe+iMKUtoblungLMiOL+CS4J6k82G
17FYboO8bCSaLkQSNnQHlffe8L45Ki4CSooTQs7b7N67tBBzt5T0zwNYfEvpK74t
ni7GxVrUU+50dy4exf+BraoUY66upE4rYnjD8sEs/0sIwCYc4o2Ln6ZJclWLFP/a
DT3JfR3kfx4KkhIq1gbXA7WXHooUZoMWIFu/iJ3TnnkDq7dPrsP7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org