Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ZetFvAPCUBC71zO491Py18rfFts.roa
File: ZetFvAPCUBC71zO491Py18rfFts.roa (raw, json)
Hash identifier: PgYacG9/Fh7ZtrE87xeep3ETUuwZCpu1p0Ybd/9lecI=
Subject key identifier: 65:EB:45:BC:03:C2:50:10:BB:D7:33:B8:F7:53:F2:D7:CA:DF:16:DB
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188C4B9656A405BC3682C75FB421811C4B3
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ZetFvAPCUBC71zO491Py18rfFts.roa
Signing time: Fri 16 Jun 2023 15:01:04 +0000
ROA not before: Fri 16 Jun 2023 15:01:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200017
IP address blocks: 89.35.159.0/24 maxlen: 24
92.114.107.0/24 maxlen: 24
89.43.199.0/24 maxlen: 24
89.38.101.0/24 maxlen: 24
213.32.251.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:c4:b9:65:6a:40:5b:c3:68:2c:75:fb:42:18:11:c4:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 16 15:01:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=65eb45bc03c25010bbd733b8f753f2d7cadf16db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:e2:47:c2:3a:2b:a2:ad:e9:2d:a7:60:a9:35:
c9:95:27:8f:ee:be:3b:ac:02:34:2a:20:dd:3e:c2:
ce:d9:14:0d:6b:1a:54:6d:30:1a:75:f0:fc:a5:1c:
40:d3:b4:5c:91:cf:f1:00:e3:0e:f5:7a:e0:bc:32:
16:bb:68:5a:4b:d0:1a:d9:c0:87:27:d3:66:c7:3b:
2b:e1:77:a0:b9:bf:3f:c2:be:7f:69:1d:6e:f2:35:
55:28:06:ba:96:e9:af:2d:d7:49:26:bb:e7:16:05:
f2:f8:49:10:54:f5:9a:b6:08:89:44:b3:ec:f5:ca:
cc:54:ca:9b:87:d3:29:be:81:6f:06:79:c2:77:71:
a3:ed:7d:2f:60:db:9f:8c:6d:ad:41:ac:1b:0d:db:
f9:88:69:0d:0a:00:36:d1:99:e8:b9:82:92:6a:1e:
73:6e:0f:cf:f9:6f:14:ff:04:ef:68:e4:3d:6b:bc:
b1:d5:55:0a:d0:42:ac:30:ab:35:8c:cc:a0:00:ee:
81:65:fc:54:69:fa:e8:2f:96:57:ae:e2:a0:5a:b4:
a9:13:39:6e:1e:22:c2:ab:bf:ae:e1:10:01:15:ff:
df:6b:ae:6e:61:14:80:0a:d1:53:7d:6e:36:e8:5b:
a3:b1:83:fd:da:a0:6b:b9:dc:f4:52:31:b0:bf:40:
a5:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:EB:45:BC:03:C2:50:10:BB:D7:33:B8:F7:53:F2:D7:CA:DF:16:DB
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ZetFvAPCUBC71zO491Py18rfFts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.159.0/24
89.38.101.0/24
89.43.199.0/24
92.114.107.0/24
213.32.251.0/24
Signature Algorithm: sha256WithRSAEncryption
80:d4:6a:8f:9d:bd:5d:10:57:70:3e:71:e7:c3:8b:b8:d8:3f:
cc:bd:f1:11:d8:61:bd:43:31:ea:d1:6e:57:55:2b:b0:b4:46:
aa:e3:fe:9d:91:15:e5:37:d9:ef:78:31:7b:02:59:7e:15:d0:
09:c8:b9:e0:ea:0b:1d:b5:bb:51:e5:02:a8:07:95:58:44:ff:
0a:25:f4:61:69:e0:6e:60:1e:9e:c8:0e:af:36:36:e8:9d:44:
de:66:a2:3f:7c:6a:b7:ce:71:7a:c5:ef:a9:b5:76:67:ac:17:
46:e2:01:91:e6:ba:6b:a2:bf:c5:20:c7:01:56:76:0d:12:4c:
43:4d:89:88:e4:13:be:ff:e6:ab:c3:62:f3:b7:c1:4e:ed:c3:
72:ce:a6:8f:2b:64:d2:7f:75:85:4e:32:c8:94:3b:03:17:ef:
d2:10:c7:dc:24:47:6d:5d:81:e7:4a:a9:c5:6a:1b:7e:a1:10:
ed:85:e0:fc:63:e9:89:22:18:77:93:fa:61:ab:40:cd:01:2a:
db:8d:f6:7e:76:b4:cf:c1:b9:71:cb:33:b5:9e:79:db:29:69:
8b:8a:f3:bc:45:49:b8:a5:14:e9:d0:c6:6e:d4:b2:3c:6d:a0:
85:93:a7:ca:df:7c:a9:da:3f:3f:b1:fa:3a:86:df:2b:ee:dc:
70:e3:04:2e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYjEuWVqQFvDaCx1+0IYEcSzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjE2MTUwMTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWViNDViYzAzYzI1MDEwYmJkNzMzYjhmNzUzZjJkN2NhZGYxNmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOJHwjoroq3pLadgqTXJlSeP7r47
rAI0KiDdPsLO2RQNaxpUbTAadfD8pRxA07Rckc/xAOMO9XrgvDIWu2haS9Aa2cCH
J9Nmxzsr4Xegub8/wr5/aR1u8jVVKAa6lumvLddJJrvnFgXy+EkQVPWatgiJRLPs
9crMVMqbh9MpvoFvBnnCd3Gj7X0vYNufjG2tQawbDdv5iGkNCgA20ZnouYKSah5z
bg/P+W8U/wTvaOQ9a7yx1VUK0EKsMKs1jMygAO6BZfxUafroL5ZXruKgWrSpEzlu
HiLCq7+u4RABFf/fa65uYRSACtFTfW426FujsYP92qBrudz0UjGwv0ClvQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGXrRbwDwlAQu9czuPdT8tfK3xbbMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWmV0RnZBUENVQkM3MXpPNDkxUHkxOHJmRnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAWSOfAwQA
WSZlAwQAWSvHAwQAXHJrAwQA1SD7MA0GCSqGSIb3DQEBCwUAA4IBAQCA1GqPnb1d
EFdwPnHnw4u42D/MvfER2GG9QzHq0W5XVSuwtEaq4/6dkRXlN9nveDF7All+FdAJ
yLng6gsdtbtR5QKoB5VYRP8KJfRhaeBuYB6eyA6vNjbonUTeZqI/fGq3znF6xe+p
tXZnrBdG4gGR5rpror/FIMcBVnYNEkxDTYmI5BO+/+arw2Lzt8FO7cNyzqaPK2TS
f3WFTjLIlDsDF+/SEMfcJEdtXYHnSqnFaht+oRDtheD8Y+mJIhh3k/phq0DNASrb
jfZ+drTPwblxyzO1nnnbKWmLivO8RUm4pRTp0MZu1LI8baCFk6fK33yp2j8/sfo6
ht8r7txw4wQu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:11 2024 by rpki-client on console-ams.rpki-client.org