Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NQMdeCizsALdWIRSv2QoKaHxMzk.roa
File: NQMdeCizsALdWIRSv2QoKaHxMzk.roa (raw, json)
Hash identifier: 417W2snA4gPw9UybgILgA3YsAitRWAp6YnMDHaGG9Xg=
Subject key identifier: 35:03:1D:78:28:B3:B0:02:DD:58:84:52:BF:64:28:29:A1:F1:33:39
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01862894415D2F1A60163ADCA134FB46C1BA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NQMdeCizsALdWIRSv2QoKaHxMzk.roa
Signing time: Mon 06 Feb 2023 21:14:09 +0000
ROA not before: Mon 06 Feb 2023 21:14:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211237
IP address blocks: 89.38.136.0/24 maxlen: 24
89.35.159.0/24 maxlen: 24
89.40.76.0/24 maxlen: 24
89.38.70.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
89.44.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:28:94:41:5d:2f:1a:60:16:3a:dc:a1:34:fb:46:c1:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 6 21:14:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=35031d7828b3b002dd588452bf642829a1f13339
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:db:27:3b:19:92:c7:76:f2:eb:db:1b:39:5b:
8a:89:3a:21:f7:40:78:2e:db:e8:59:a2:b3:60:82:
0f:a4:c1:a3:64:72:f2:47:e8:fc:0e:66:c0:c9:36:
d4:25:0e:d0:30:de:13:0f:77:22:a8:66:52:d2:91:
4e:20:69:43:f9:45:3f:98:4b:4c:47:26:9d:40:3a:
97:0e:ff:2c:8d:bb:ca:45:0f:df:82:32:38:12:0c:
d8:00:b1:a5:9d:8b:6c:0d:de:0d:f5:50:87:ec:37:
65:b5:f4:60:77:a7:fc:98:72:53:1a:95:3b:e4:a6:
3d:90:b7:e9:cb:a8:06:3b:de:24:f3:ab:84:ab:3a:
3f:42:71:75:d1:77:7f:5f:f4:ac:ec:db:84:41:f4:
20:9a:8c:c2:aa:4b:0b:2e:e3:ef:7d:1b:db:df:ab:
0a:8a:15:e6:b3:88:ec:ba:ec:bb:43:6d:73:96:9d:
56:46:e1:62:83:35:9b:e6:63:fb:46:36:11:9b:ab:
6e:31:df:15:86:b2:c0:bb:5d:76:8f:8e:83:bc:4a:
c2:3a:c9:7a:76:d8:cc:06:be:3a:65:fe:06:5b:2e:
09:72:e3:7e:a0:de:f6:01:eb:43:fb:b8:55:25:16:
ba:0e:68:91:b5:c2:b7:fa:d6:da:de:6f:d7:10:92:
4b:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:03:1D:78:28:B3:B0:02:DD:58:84:52:BF:64:28:29:A1:F1:33:39
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NQMdeCizsALdWIRSv2QoKaHxMzk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.159.0/24
89.38.70.0/24
89.38.136.0/24
89.40.76.0/24
89.44.207.0/24
185.103.72.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:a1:1c:8e:49:67:a1:00:81:f7:d4:0f:1f:66:6c:15:10:f7:
98:96:24:07:7d:b8:b5:7f:3d:d5:54:bc:65:8f:0c:7b:be:f3:
5a:2f:14:e2:7b:98:37:d7:f9:cd:3e:b7:75:49:6d:18:98:fa:
2e:a1:c8:f3:7d:0a:dc:27:72:ca:28:23:38:0d:f9:95:78:5f:
93:5f:dd:9b:55:af:59:4e:6b:79:33:41:ec:60:22:c7:21:db:
2e:29:db:94:b2:04:72:db:2f:7b:24:b4:9f:98:9f:2d:3e:c8:
a3:e2:1b:1b:7b:4a:5c:af:c3:06:ea:4c:7b:d3:88:b0:c5:6b:
7e:a7:98:e9:ed:e7:1b:2c:39:f3:1e:95:1e:20:01:d8:82:93:
7d:f0:bc:4d:14:ce:ec:91:27:04:a1:88:63:54:74:ec:9b:49:
46:9a:80:4f:32:23:f2:f6:a7:bf:20:12:30:88:02:ce:b1:33:
62:a3:10:0b:71:85:21:ad:9f:32:ab:87:af:29:db:56:74:34:
ed:69:fd:56:03:8f:85:5f:73:f7:1b:79:00:ef:e5:88:ec:73:
e8:fe:b8:ba:73:60:e7:07:9f:0f:4a:61:bc:28:c1:83:4c:27:
0e:41:f4:e3:92:ca:c8:bb:81:8a:d7:e9:3c:59:e4:3a:82:b9:
3a:d6:52:99
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYYolEFdLxpgFjrcoTT7RsG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjA2MjExNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTAzMWQ3ODI4YjNiMDAyZGQ1ODg0NTJiZjY0MjgyOWExZjEzMzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdsnOxmSx3by69sbOVuKiToh90B4
LtvoWaKzYIIPpMGjZHLyR+j8DmbAyTbUJQ7QMN4TD3ciqGZS0pFOIGlD+UU/mEtM
RyadQDqXDv8sjbvKRQ/fgjI4EgzYALGlnYtsDd4N9VCH7DdltfRgd6f8mHJTGpU7
5KY9kLfpy6gGO94k86uEqzo/QnF10Xd/X/Ss7NuEQfQgmozCqksLLuPvfRvb36sK
ihXms4jsuuy7Q21zlp1WRuFigzWb5mP7RjYRm6tuMd8VhrLAu112j46DvErCOsl6
dtjMBr46Zf4GWy4JcuN+oN72AetD+7hVJRa6DmiRtcK3+tba3m/XEJJLsQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDUDHXgos7AC3ViEUr9kKCmh8TM5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTlFNZGVDaXpzQUxkV0lSU3YyUW9LYUh4TXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAWSOfAwQA
WSZGAwQAWSaIAwQAWShMAwQAWSzPAwQAuWdIMA0GCSqGSIb3DQEBCwUAA4IBAQBd
oRyOSWehAIH31A8fZmwVEPeYliQHfbi1fz3VVLxljwx7vvNaLxTie5g31/nNPrd1
SW0YmPouocjzfQrcJ3LKKCM4DfmVeF+TX92bVa9ZTmt5M0HsYCLHIdsuKduUsgRy
2y97JLSfmJ8tPsij4hsbe0pcr8MG6kx704iwxWt+p5jp7ecbLDnzHpUeIAHYgpN9
8LxNFM7skScEoYhjVHTsm0lGmoBPMiPy9qe/IBIwiALOsTNioxALcYUhrZ8yq4ev
KdtWdDTtaf1WA4+FX3P3G3kA7+WI7HPo/ri6c2DnB58PSmG8KMGDTCcOQfTjksrI
u4GK1+k8WeQ6grk61lKZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org