Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QgbRDrzbVRJHhmx3ATzoXjC8I6E.roa
File: QgbRDrzbVRJHhmx3ATzoXjC8I6E.roa (raw, json)
Hash identifier: JXJ7Y1HnQIJB1PhhyRpkIwjVyHzSLnGg4K0Q1kSKLSA=
Subject key identifier: 42:06:D1:0E:BC:DB:55:12:47:86:6C:77:01:3C:E8:5E:30:BC:23:A1
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01869197E489D609D573159D212F6609DF71
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QgbRDrzbVRJHhmx3ATzoXjC8I6E.roa
Signing time: Mon 27 Feb 2023 06:38:16 +0000
ROA not before: Mon 27 Feb 2023 06:38:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 93.115.254.0/23 maxlen: 24
89.40.76.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.149.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
193.42.52.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:91:97:e4:89:d6:09:d5:73:15:9d:21:2f:66:09:df:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 27 06:38:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4206d10ebcdb551247866c77013ce85e30bc23a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:56:24:de:84:53:e6:dc:a4:0b:81:81:67:c5:
39:ea:66:f5:6f:aa:08:52:0c:fe:b5:b4:f5:96:a9:
b5:ee:0c:6b:0e:fb:93:93:47:96:89:63:71:94:2b:
ad:57:75:84:71:24:47:f8:b0:3f:45:81:b9:d4:d4:
a2:c2:b5:bf:b7:6f:08:f8:ed:62:47:36:2d:d9:a9:
4d:42:4c:e9:ac:20:29:8e:fa:83:a5:83:af:8b:62:
de:ac:32:19:24:62:52:c9:d0:c0:2c:df:10:30:55:
df:3c:a7:fc:3f:6b:a6:8a:ce:0c:97:e2:b3:05:b1:
57:bb:82:c2:0f:e1:d4:5a:e5:c9:1b:5c:75:9e:37:
b0:68:33:f0:1c:2f:95:1d:59:c9:77:c6:5d:59:44:
28:90:b6:85:83:d4:86:d1:17:25:59:b7:2a:cc:b0:
9d:1e:bd:39:25:61:b0:70:3b:e3:a2:27:ad:8f:e0:
ea:57:63:c9:0d:6b:fe:80:15:fe:ec:9a:08:d9:0b:
34:13:ae:b9:92:e3:5d:f7:18:4f:f7:df:a6:f2:a7:
02:f2:36:2c:4a:01:a2:af:c8:f8:58:f1:8c:4a:73:
3b:f1:51:c8:95:c6:38:7a:64:c3:f5:e9:2c:87:7d:
4a:7f:4a:ec:c9:b3:6c:b7:67:6f:46:8b:9f:04:af:
48:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:06:D1:0E:BC:DB:55:12:47:86:6C:77:01:3C:E8:5E:30:BC:23:A1
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QgbRDrzbVRJHhmx3ATzoXjC8I6E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/23
89.40.76.0/24
93.115.254.0/23
185.103.72.0/24
185.238.10.0/24
185.241.210.0/23
185.255.170.0/23
193.42.52.0/24
Signature Algorithm: sha256WithRSAEncryption
15:4f:18:27:e4:6f:30:08:bd:9a:dc:83:89:3b:2f:76:1a:46:
e7:85:82:bb:60:1c:58:24:82:b5:04:e5:0e:c1:15:33:7e:db:
f2:9a:ba:5a:a5:b2:22:d5:db:70:cd:63:32:96:c2:cb:e8:c5:
de:b7:fc:7f:fd:a8:74:6a:71:5b:85:a9:40:1a:68:4e:2a:9d:
74:bf:83:00:1f:32:ec:27:13:c5:67:ab:75:84:1a:e3:5b:de:
73:70:96:ac:b2:2d:1b:d4:6b:b2:f3:14:f8:ed:4b:9b:16:f4:
69:91:8f:da:ae:d0:89:60:11:2f:57:22:cc:01:ae:11:da:1e:
0b:b1:b0:d1:d6:e7:f2:e9:04:f5:42:b9:2a:ff:ec:17:ed:cf:
4d:15:5b:2b:e4:3a:f1:51:03:79:5f:1e:38:58:04:c7:9f:93:
cf:0f:e2:f6:30:d8:a6:eb:ce:9b:42:f9:32:d3:72:7f:a0:3b:
c5:ef:e9:aa:0c:10:66:e1:ce:50:df:da:d9:1e:e0:1c:b2:b9:
ae:33:bc:ec:f9:cb:a4:52:6f:23:85:e0:e1:99:a4:f9:52:6f:
3d:a9:4d:b9:1f:6c:47:f7:48:d4:a7:d4:6c:03:c1:dc:9d:fe:
18:94:b2:c7:d0:c1:f8:25:20:f1:25:3b:d4:05:ee:cc:4b:70:
32:69:dd:57
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYaRl+SJ1gnVcxWdIS9mCd9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjI3MDYzODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjA2ZDEwZWJjZGI1NTEyNDc4NjZjNzcwMTNjZTg1ZTMwYmMyM2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVYk3oRT5tykC4GBZ8U56mb1b6oI
Ugz+tbT1lqm17gxrDvuTk0eWiWNxlCutV3WEcSRH+LA/RYG51NSiwrW/t28I+O1i
RzYt2alNQkzprCApjvqDpYOvi2LerDIZJGJSydDALN8QMFXfPKf8P2umis4Ml+Kz
BbFXu4LCD+HUWuXJG1x1njewaDPwHC+VHVnJd8ZdWUQokLaFg9SG0RclWbcqzLCd
Hr05JWGwcDvjoietj+DqV2PJDWv+gBX+7JoI2Qs0E665kuNd9xhP99+m8qcC8jYs
SgGir8j4WPGMSnM78VHIlcY4emTD9eksh31Kf0rsybNst2dvRoufBK9ItQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEIG0Q6821USR4ZsdwE86F4wvCOhMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUWdiUkRyemJWUkpIaG14M0FUem9YakM4STZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBV/eUAwQA
WShMAwQBXXP+AwQAuWdIAwQAue4KAwQBufHSAwQBuf+qAwQAwSo0MA0GCSqGSIb3
DQEBCwUAA4IBAQAVTxgn5G8wCL2a3IOJOy92GkbnhYK7YBxYJIK1BOUOwRUzftvy
mrpapbIi1dtwzWMylsLL6MXet/x//ah0anFbhalAGmhOKp10v4MAHzLsJxPFZ6t1
hBrjW95zcJassi0b1Guy8xT47UubFvRpkY/artCJYBEvVyLMAa4R2h4LsbDR1ufy
6QT1Qrkq/+wX7c9NFVsr5DrxUQN5Xx44WATHn5PPD+L2MNim686bQvky03J/oDvF
7+mqDBBm4c5Q39rZHuAcsrmuM7zs+cukUm8jheDhmaT5Um89qU25H2xH90jUp9Rs
A8Hcnf4YlLLH0MH4JSDxJTvUBe7MS3Ayad1X
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org