Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/U0-JVIq4tLHuDXfbAd7c35TSFdA.roa
File: U0-JVIq4tLHuDXfbAd7c35TSFdA.roa (raw, json)
Hash identifier: ThB72SEoF+hGw50AAUsT5+LTJ5RdOTsH+sV8wXdrsWo=
Subject key identifier: 53:4F:89:54:8A:B8:B4:B1:EE:0D:77:DB:01:DE:DC:DF:94:D2:15:D0
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01885C2FEF1199D037C8A0893B0C39C2164A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/U0-JVIq4tLHuDXfbAd7c35TSFdA.roa
Signing time: Sat 27 May 2023 07:50:25 +0000
ROA not before: Sat 27 May 2023 07:50:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 178.239.202.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
93.114.195.0/24 maxlen: 24
89.43.209.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:5c:2f:ef:11:99:d0:37:c8:a0:89:3b:0c:39:c2:16:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 27 07:50:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=534f89548ab8b4b1ee0d77db01dedcdf94d215d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:3e:05:15:a9:39:7a:e6:29:ff:16:bd:be:4f:
88:48:a1:cb:d1:95:9b:5e:31:af:3b:8b:60:8d:41:
91:63:71:56:45:20:ee:e5:14:77:ac:84:5b:7e:3e:
fd:73:09:4f:b2:7e:99:11:ec:b8:e1:b8:0f:61:07:
2c:43:e5:fb:14:e4:09:0c:11:ef:71:96:45:cc:42:
70:57:a8:2d:30:b1:0a:9e:b0:18:4f:9f:98:23:e0:
da:01:08:51:59:33:f1:10:f9:d2:6a:a5:42:d1:c2:
4d:31:12:c3:2b:71:d6:49:53:81:be:9a:4c:09:9c:
50:21:eb:aa:f0:b1:ca:80:5e:6a:da:1b:75:1f:25:
34:fb:4c:bb:aa:28:1e:2c:6d:11:03:ff:2d:99:fa:
01:82:a5:ad:88:f9:7e:12:f6:42:cb:79:1a:bc:de:
e3:86:72:bc:6e:08:74:41:8d:11:bf:b2:08:fd:d6:
23:19:bb:bb:55:4b:7c:4c:e2:65:3b:62:e2:cb:58:
ac:28:ec:5a:df:d1:9a:31:cc:2d:b7:1e:df:f4:45:
c8:d6:6a:b1:a0:90:51:1e:20:70:c5:49:36:f4:f8:
44:15:90:e7:45:94:11:24:30:d9:63:09:b7:f9:67:
e1:6a:65:e4:0b:ba:2a:72:8b:31:0a:46:45:d1:bb:
be:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:4F:89:54:8A:B8:B4:B1:EE:0D:77:DB:01:DE:DC:DF:94:D2:15:D0
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/U0-JVIq4tLHuDXfbAd7c35TSFdA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.43.209.0/24
89.46.92.0/24
93.114.195.0/24
178.239.201.0-178.239.202.255
Signature Algorithm: sha256WithRSAEncryption
7c:c3:0e:8d:0c:86:32:52:1f:58:af:91:58:12:64:0b:57:a8:
c2:19:a7:c3:fb:2f:dd:cd:b0:55:5b:b9:cd:1e:e0:8e:71:e3:
fd:31:e2:00:12:3e:bb:99:6a:ab:31:0d:ed:19:39:4c:16:8c:
fa:c1:59:88:f6:1b:31:43:a6:47:e2:3d:ed:e5:a7:bd:8f:bd:
1b:bf:e7:58:7b:6a:4c:81:ea:da:ba:a5:7d:27:d3:d9:9b:73:
5c:d9:ad:ca:29:eb:d7:59:3e:0a:3a:ef:7a:b0:72:36:0e:20:
73:97:10:b2:70:9f:e7:7a:3f:80:22:b7:04:48:2d:89:8b:77:
66:7c:a1:30:37:73:12:34:f6:93:48:9a:29:cb:89:34:07:58:
88:f4:79:b8:8b:6e:58:53:37:d0:bd:bc:6a:b9:8c:9c:8e:df:
cc:97:eb:a2:98:8f:96:26:e1:24:31:09:66:97:f2:51:f5:43:
0c:ab:0a:7a:96:49:40:4b:8a:ef:23:a5:0f:7a:7a:7d:45:3a:
29:e1:08:52:3c:6a:51:35:5b:f9:b4:ef:24:8c:6f:64:1f:08:
0b:06:d4:40:0d:f4:64:10:82:a1:18:52:5d:f1:b9:74:07:33:
e9:b8:a2:a6:75:43:2e:2a:63:dd:45:21:4d:14:50:c4:f4:32:
22:34:b7:49
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYhcL+8RmdA3yKCJOww5whZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTI3MDc1MDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzRmODk1NDhhYjhiNGIxZWUwZDc3ZGIwMWRlZGNkZjk0ZDIxNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoT4FFak5euYp/xa9vk+ISKHL0ZWb
XjGvO4tgjUGRY3FWRSDu5RR3rIRbfj79cwlPsn6ZEey44bgPYQcsQ+X7FOQJDBHv
cZZFzEJwV6gtMLEKnrAYT5+YI+DaAQhRWTPxEPnSaqVC0cJNMRLDK3HWSVOBvppM
CZxQIeuq8LHKgF5q2ht1HyU0+0y7qigeLG0RA/8tmfoBgqWtiPl+EvZCy3kavN7j
hnK8bgh0QY0Rv7II/dYjGbu7VUt8TOJlO2Liy1isKOxa39GaMcwttx7f9EXI1mqx
oJBRHiBwxUk29PhEFZDnRZQRJDDZYwm3+WfhamXkC7oqcosxCkZF0bu+7QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFFNPiVSKuLSx7g132wHe3N+U0hXQMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVTAtSlZJcTR0TEh1RFhmYkFkN2MzNVRTRmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAWSvRAwQA
WS5cAwQAXXLDMAwDBACy78kDBACy78owDQYJKoZIhvcNAQELBQADggEBAHzDDo0M
hjJSH1ivkVgSZAtXqMIZp8P7L93NsFVbuc0e4I5x4/0x4gASPruZaqsxDe0ZOUwW
jPrBWYj2GzFDpkfiPe3lp72PvRu/51h7akyB6tq6pX0n09mbc1zZrcop69dZPgo6
73qwcjYOIHOXELJwn+d6P4AitwRILYmLd2Z8oTA3cxI09pNIminLiTQHWIj0ebiL
blhTN9C9vGq5jJyO38yX66KYj5Ym4SQxCWaX8lH1QwyrCnqWSUBLiu8jpQ96en1F
OinhCFI8alE1W/m07ySMb2QfCAsG1EAN9GQQgqEYUl3xuXQHM+m4oqZ1Qy4qY91F
IU0UUMT0MiI0t0k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:11 2024 by rpki-client on console-ams.rpki-client.org