Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_UKpkZhNTo1WYV6fjkO0sUD4aQI.roa
File: _UKpkZhNTo1WYV6fjkO0sUD4aQI.roa (raw, json)
Hash identifier: 1BPt8qKkgt7zmxqRQdhV5G/l/ivnAxvtKLf/egziFDc=
Subject key identifier: FD:42:A9:91:98:4D:4E:8D:56:61:5E:9F:8E:43:B4:B1:40:F8:69:02
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01867D5A080313FD8BD0FB6BDBBFDE698B38
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_UKpkZhNTo1WYV6fjkO0sUD4aQI.roa
Signing time: Thu 23 Feb 2023 08:18:17 +0000
ROA not before: Thu 23 Feb 2023 08:18:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 93.115.254.0/23 maxlen: 24
89.40.76.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.149.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
193.42.52.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:7d:5a:08:03:13:fd:8b:d0:fb:6b:db:bf:de:69:8b:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 23 08:18:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fd42a991984d4e8d56615e9f8e43b4b140f86902
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:bb:aa:a8:fb:a6:80:69:2d:2a:e9:0d:a6:34:
59:85:e3:f1:7f:90:2b:41:8a:62:18:35:27:b4:cc:
10:65:e4:f6:83:5c:9f:eb:c0:e3:3d:6e:c4:1c:f8:
c2:31:be:6c:f3:b9:9b:b9:33:85:cc:ef:bc:e8:d9:
cd:20:8a:0c:b3:e1:e0:06:75:f2:c1:01:fb:74:f1:
cb:6a:c3:b2:8d:17:ab:dc:f2:f8:ad:af:90:11:a4:
d0:71:52:31:e9:8e:f9:b4:34:27:34:b3:42:c3:22:
5e:b7:86:10:6b:8f:e9:fd:76:91:e8:8b:3e:9e:1b:
0b:2b:f2:df:bc:84:5f:1b:7f:fc:4a:1b:54:fe:6e:
a2:35:06:95:44:88:6e:e9:87:de:b6:03:c0:a5:e9:
5c:c1:ff:d9:aa:1b:f7:36:8a:ec:dd:c3:f0:57:73:
52:ff:d8:b4:1a:3f:e6:a0:be:46:43:5f:05:9b:90:
65:71:c8:60:7d:0f:7d:0c:d8:e9:e8:3e:4a:3e:c7:
72:24:09:29:7a:21:ad:29:d7:d8:bd:d7:9a:4f:9f:
7e:34:a9:5e:96:67:2e:a7:ad:f2:67:5b:4e:f9:75:
1a:b3:56:4d:d4:90:45:66:d4:05:6a:9d:d3:fd:d1:
40:e7:81:09:48:6c:01:2e:6c:45:a6:45:9e:12:27:
36:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:42:A9:91:98:4D:4E:8D:56:61:5E:9F:8E:43:B4:B1:40:F8:69:02
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_UKpkZhNTo1WYV6fjkO0sUD4aQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/23
89.40.76.0/24
93.115.254.0/23
185.103.72.0/24
185.241.210.0/23
185.255.170.0/23
193.42.52.0/24
Signature Algorithm: sha256WithRSAEncryption
88:40:c7:b1:51:92:9d:69:27:ce:05:43:37:39:d5:e4:b1:99:
9a:23:49:5a:c2:83:9a:8f:50:30:d9:4b:48:ff:d2:55:0a:fd:
20:ff:77:a4:1e:e6:05:3e:bc:ab:9e:23:0b:7c:bb:63:73:98:
47:57:0e:d2:14:22:ce:09:80:e7:e3:ef:88:ee:b7:c7:e8:53:
e4:e6:e3:cb:b2:f9:5a:8c:5e:5c:4b:ba:9d:40:73:91:a4:f0:
67:63:0e:3e:53:37:b1:96:6d:e6:7c:7d:eb:85:f6:d5:61:b1:
1c:57:cc:d9:8a:1d:23:ee:d6:92:e1:9f:33:b9:0f:4f:cc:f5:
f6:f2:08:56:09:9a:23:f4:e8:44:ca:47:26:31:56:92:bd:2b:
c2:28:5f:90:34:36:69:eb:4c:c9:80:12:7a:f7:03:6c:50:8f:
5e:09:23:90:dc:32:4f:bb:38:25:19:cd:3d:f8:9d:0a:bc:11:
7b:ac:83:50:07:34:96:aa:f4:30:fc:e7:66:61:c8:0b:cb:60:
58:3d:c1:d0:49:82:5f:25:3d:02:dc:58:23:0e:5c:90:51:a6:
b8:af:e1:9f:f1:1a:77:71:b2:52:f2:ba:80:7a:cb:49:a4:5d:
fe:af:f7:94:cf:60:92:a9:13:59:17:dd:8c:65:df:be:e0:79:
24:a9:68:6d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYZ9WggDE/2L0Ptr27/eaYs4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjIzMDgxODE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDQyYTk5MTk4NGQ0ZThkNTY2MTVlOWY4ZTQzYjRiMTQwZjg2OTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7uqqPumgGktKukNpjRZhePxf5Ar
QYpiGDUntMwQZeT2g1yf68DjPW7EHPjCMb5s87mbuTOFzO+86NnNIIoMs+HgBnXy
wQH7dPHLasOyjRer3PL4ra+QEaTQcVIx6Y75tDQnNLNCwyJet4YQa4/p/XaR6Is+
nhsLK/LfvIRfG3/8ShtU/m6iNQaVRIhu6YfetgPApelcwf/Zqhv3Nors3cPwV3NS
/9i0Gj/moL5GQ18Fm5BlcchgfQ99DNjp6D5KPsdyJAkpeiGtKdfYvdeaT59+NKle
lmcup63yZ1tO+XUas1ZN1JBFZtQFap3T/dFA54EJSGwBLmxFpkWeEic2YQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFP1CqZGYTU6NVmFen45DtLFA+GkCMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvX1VLcGtaaE5UbzFXWVY2ZmprTzBzVUQ0YVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBV/eUAwQA
WShMAwQBXXP+AwQAuWdIAwQBufHSAwQBuf+qAwQAwSo0MA0GCSqGSIb3DQEBCwUA
A4IBAQCIQMexUZKdaSfOBUM3OdXksZmaI0lawoOaj1Aw2UtI/9JVCv0g/3ekHuYF
PryrniMLfLtjc5hHVw7SFCLOCYDn4++I7rfH6FPk5uPLsvlajF5cS7qdQHORpPBn
Yw4+Uzexlm3mfH3rhfbVYbEcV8zZih0j7taS4Z8zuQ9PzPX28ghWCZoj9OhEykcm
MVaSvSvCKF+QNDZp60zJgBJ69wNsUI9eCSOQ3DJPuzglGc09+J0KvBF7rINQBzSW
qvQw/OdmYcgLy2BYPcHQSYJfJT0C3FgjDlyQUaa4r+Gf8Rp3cbJS8rqAestJpF3+
r/eUz2CSqRNZF92MZd++4HkkqWht
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org