Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XWszQzriBeLwqlEBlrGI8Ccs6CM.roa
File: XWszQzriBeLwqlEBlrGI8Ccs6CM.roa (raw, json)
Hash identifier: Qw+nfJ/YbjM3dNQ+GBsQhMS5F45JJwm1SAa4cgYPRjA=
Subject key identifier: 5D:6B:33:43:3A:E2:05:E2:F0:AA:51:01:96:B1:88:F0:27:2C:E8:23
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01872D0B5377059B06F66049DD26E875657E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XWszQzriBeLwqlEBlrGI8Ccs6CM.roa
Signing time: Wed 29 Mar 2023 11:05:29 +0000
ROA not before: Wed 29 Mar 2023 11:05:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 178.239.202.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
93.114.195.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.209.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:2d:0b:53:77:05:9b:06:f6:60:49:dd:26:e8:75:65:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 29 11:05:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d6b33433ae205e2f0aa510196b188f0272ce823
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:fd:ae:48:41:67:89:55:08:e0:f5:f1:36:32:
e3:cf:0e:64:b8:bd:0c:49:72:aa:8d:a2:e8:fa:01:
46:96:e9:ec:1d:e1:85:bb:85:07:b9:6f:16:97:5b:
73:58:fc:01:83:0b:98:af:e8:0a:13:b8:ad:55:3d:
ae:86:1f:92:e4:0b:44:87:79:86:bf:65:5e:be:c2:
47:b0:33:a2:bb:ef:55:b7:2f:ab:63:05:53:8a:a7:
5b:bc:c3:72:73:6d:c0:d4:72:0f:7b:8c:b1:6a:63:
18:e3:ee:b3:95:9c:78:01:39:91:45:f2:99:2b:4b:
4c:86:76:5c:e5:ff:76:17:09:d9:65:ad:06:5e:23:
46:98:d9:48:48:16:dc:5d:21:25:3b:61:8b:d5:1e:
c2:96:5f:c6:1e:f9:5f:b0:95:0a:55:06:19:ac:33:
98:6a:c9:3f:a2:5f:b7:42:dc:e7:03:fb:a2:8b:1a:
43:81:3e:35:10:46:32:46:3c:10:52:1f:fc:8a:1a:
6a:48:0c:11:39:96:1b:9e:f4:ed:17:78:68:f9:f7:
94:5c:9f:92:f8:46:a8:5e:3b:ff:50:4b:ff:2a:e9:
37:61:7f:55:f1:13:44:f1:99:75:01:fe:cf:50:32:
00:df:4b:74:a1:ae:ba:38:e1:ea:c8:f8:46:f4:73:
48:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:6B:33:43:3A:E2:05:E2:F0:AA:51:01:96:B1:88:F0:27:2C:E8:23
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XWszQzriBeLwqlEBlrGI8Ccs6CM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.43.209.0/24
89.46.92.0/24
93.114.195.0/24
178.239.201.0-178.239.202.255
185.103.75.0/24
185.229.107.0/24
185.230.250.0/24
193.42.54.0/23
Signature Algorithm: sha256WithRSAEncryption
64:9a:e7:a6:9b:b6:46:07:d5:cb:c8:a9:ef:d8:b2:33:21:b9:
87:04:8e:68:0c:cb:9e:14:6a:9d:db:c4:bf:a1:8c:42:b2:72:
8e:a2:c7:33:71:2f:7a:45:71:88:bd:1b:c7:c6:28:82:15:6e:
68:4c:42:ba:3b:92:8c:47:a3:aa:f2:ad:77:c2:6e:3d:a9:ef:
05:a5:4d:2c:ab:f7:70:56:d2:f4:fa:12:eb:b4:5f:08:0f:69:
5c:4e:60:b5:b5:10:88:a3:6e:24:64:8d:2e:79:0e:38:f6:89:
03:92:35:66:87:11:a5:09:f4:e5:70:1c:85:18:7f:4d:93:55:
08:28:95:2a:ab:d9:4e:d5:0f:24:3c:b2:c4:a9:81:2f:44:55:
a2:13:a3:45:34:ca:43:20:47:ac:5a:75:e6:15:c1:0d:45:ae:
d2:ca:f9:e2:6e:65:79:fa:a9:82:93:6c:78:25:c5:ff:9a:fa:
99:5a:e5:36:20:72:aa:36:ff:b6:7e:9c:82:e0:a0:6c:a1:50:
f4:56:29:4b:99:5d:e1:f1:7d:e4:30:e0:be:c2:37:29:ec:b4:
e8:9b:88:bd:a2:b4:ba:cd:2f:c1:26:e2:b6:ba:0d:d8:77:c3:
e1:4a:d5:2f:ad:3e:dd:04:8e:82:b1:6a:39:fa:5c:1d:26:a2:
b2:12:ec:fd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYctC1N3BZsG9mBJ3SbodWV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI5MTEwNTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDZiMzM0MzNhZTIwNWUyZjBhYTUxMDE5NmIxODhmMDI3MmNlODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf2uSEFniVUI4PXxNjLjzw5kuL0M
SXKqjaLo+gFGlunsHeGFu4UHuW8Wl1tzWPwBgwuYr+gKE7itVT2uhh+S5AtEh3mG
v2VevsJHsDOiu+9Vty+rYwVTiqdbvMNyc23A1HIPe4yxamMY4+6zlZx4ATmRRfKZ
K0tMhnZc5f92FwnZZa0GXiNGmNlISBbcXSElO2GL1R7Cll/GHvlfsJUKVQYZrDOY
ask/ol+3QtznA/uiixpDgT41EEYyRjwQUh/8ihpqSAwROZYbnvTtF3ho+feUXJ+S
+EaoXjv/UEv/Kuk3YX9V8RNE8Zl1Af7PUDIA30t0oa66OOHqyPhG9HNIQQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFF1rM0M64gXi8KpRAZaxiPAnLOgjMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWFdzelF6cmlCZUx3cWxFQmxyR0k4Q2NzNkNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAWSvRAwQA
WS5cAwQAXXLDMAwDBACy78kDBACy78oDBAC5Z0sDBAC55WsDBAC55voDBAHBKjYw
DQYJKoZIhvcNAQELBQADggEBAGSa56abtkYH1cvIqe/YsjMhuYcEjmgMy54Uap3b
xL+hjEKyco6ixzNxL3pFcYi9G8fGKIIVbmhMQro7koxHo6ryrXfCbj2p7wWlTSyr
93BW0vT6Euu0XwgPaVxOYLW1EIijbiRkjS55Djj2iQOSNWaHEaUJ9OVwHIUYf02T
VQgolSqr2U7VDyQ8ssSpgS9EVaITo0U0ykMgR6xadeYVwQ1FrtLK+eJuZXn6qYKT
bHglxf+a+pla5TYgcqo2/7Z+nILgoGyhUPRWKUuZXeHxfeQw4L7CNynstOibiL2i
tLrNL8Em4ra6Ddh3w+FK1S+tPt0EjoKxajn6XB0morIS7P0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:11 2024 by rpki-client on console-ams.rpki-client.org