Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bXpWc4bd6EmZ3trWoU3jaPs9OA4.roa
File: bXpWc4bd6EmZ3trWoU3jaPs9OA4.roa (raw, json)
Hash identifier: Mibmn4+GcpzvXxdrYd3CasHlYY0zplqLtNjd4csG2II=
Subject key identifier: 6D:7A:56:73:86:DD:E8:49:99:DE:DA:D6:A1:4D:E3:68:FB:3D:38:0E
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01870DF4E9DCEDE749CEFA06A6CB839F0CC7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bXpWc4bd6EmZ3trWoU3jaPs9OA4.roa
Signing time: Thu 23 Mar 2023 10:12:47 +0000
ROA not before: Thu 23 Mar 2023 10:12:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200017
IP address blocks: 89.35.159.0/24 maxlen: 24
92.114.107.0/24 maxlen: 24
89.43.199.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
89.38.101.0/24 maxlen: 24
213.32.251.0/24 maxlen: 24
91.188.206.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:0d:f4:e9:dc:ed:e7:49:ce:fa:06:a6:cb:83:9f:0c:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 23 10:12:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6d7a567386dde84999dedad6a14de368fb3d380e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:15:d6:7f:bd:7c:5f:25:2d:5e:c4:0f:00:13:
4c:3d:6d:11:f1:85:34:73:09:84:4b:c2:65:d7:fb:
95:a0:f8:52:76:36:01:8b:72:97:df:5f:60:3d:a3:
66:96:40:8d:5c:7e:a9:43:8a:34:96:ea:3d:6e:d4:
48:59:a3:aa:7b:3c:21:11:02:71:40:fb:09:fa:a9:
c6:39:e9:1e:e1:ef:d0:bc:fa:38:5a:7f:93:ed:69:
a3:62:47:2d:82:41:53:4c:2c:4a:ec:53:78:51:4c:
f8:8e:12:c5:2f:f9:a5:97:1f:51:fc:5c:4c:39:69:
1f:3a:30:86:36:dc:5e:3c:ac:ac:b3:ec:6a:63:b4:
a6:ea:e3:72:12:f5:64:d3:a5:16:8e:29:7c:90:ea:
b4:a1:47:ce:fd:ff:52:7b:c5:82:bc:26:aa:d5:1c:
be:ae:fc:e3:78:72:9c:25:e1:2f:8a:b8:b1:e9:05:
cc:ef:23:7a:d5:bd:da:80:aa:4b:2d:38:69:d0:cb:
16:8a:3f:f0:7f:c2:f4:d1:d6:b2:52:82:74:f9:4d:
9f:08:05:ea:11:25:29:0f:38:07:b7:2e:b7:ad:3d:
2c:62:2b:55:5f:cd:4e:38:74:06:dc:ff:c4:af:8b:
36:6c:b1:48:06:57:4e:2a:d2:11:fa:a8:50:b4:ac:
1c:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:7A:56:73:86:DD:E8:49:99:DE:DA:D6:A1:4D:E3:68:FB:3D:38:0E
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bXpWc4bd6EmZ3trWoU3jaPs9OA4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/24
89.35.159.0/24
89.38.101.0/24
89.43.199.0/24
91.188.206.0/24
92.114.107.0/24
213.32.251.0/24
Signature Algorithm: sha256WithRSAEncryption
7c:f7:62:32:05:d4:2f:83:0b:51:a5:46:98:ea:7d:35:aa:0b:
5d:24:80:6e:2f:73:4e:97:3d:e9:04:57:39:c7:59:28:f6:e1:
e7:55:f8:ac:19:81:c7:cb:8e:a6:3d:2f:a6:39:c0:aa:db:f6:
33:09:85:13:95:94:2a:ab:d0:05:09:42:1c:17:2f:5b:9a:31:
68:67:fc:9d:6f:7a:17:80:27:63:e6:72:3a:32:da:40:38:f2:
d0:fa:06:97:b7:27:d6:56:ff:49:64:dc:9e:09:90:92:d1:ec:
aa:ee:13:3f:8b:35:ee:b5:c4:15:98:ca:4e:3b:70:2e:2b:c2:
9b:70:d5:14:02:c1:88:db:05:b6:6c:d6:65:54:ef:c7:8a:41:
17:58:be:25:6b:b3:24:bf:3e:4b:91:61:6a:35:b8:9a:b9:c2:
34:16:c0:e2:b6:1e:83:22:09:d3:01:e4:73:78:02:02:4c:d1:
c6:de:45:32:76:48:54:50:38:a1:3f:1c:c1:d7:a4:66:cd:4d:
2e:ec:fa:7b:b0:d7:82:48:e2:00:f2:51:d8:2e:f1:fc:8e:24:
58:e1:7a:0e:0a:75:17:c5:a9:5f:11:8b:0f:8a:1b:34:67:dc:
89:1b:39:62:fe:c2:2a:50:af:26:d4:d6:fb:d5:83:88:07:d4:
10:cf:de:a6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYcN9Onc7edJzvoGpsuDnwzHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzIzMTAxMjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdhNTY3Mzg2ZGRlODQ5OTlkZWRhZDZhMTRkZTM2OGZiM2QzODBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRXWf718XyUtXsQPABNMPW0R8YU0
cwmES8Jl1/uVoPhSdjYBi3KX319gPaNmlkCNXH6pQ4o0luo9btRIWaOqezwhEQJx
QPsJ+qnGOeke4e/QvPo4Wn+T7WmjYkctgkFTTCxK7FN4UUz4jhLFL/mllx9R/FxM
OWkfOjCGNtxePKyss+xqY7Sm6uNyEvVk06UWjil8kOq0oUfO/f9Se8WCvCaq1Ry+
rvzjeHKcJeEvirix6QXM7yN61b3agKpLLThp0MsWij/wf8L00dayUoJ0+U2fCAXq
ESUpDzgHty63rT0sYitVX81OOHQG3P/Er4s2bLFIBldOKtIR+qhQtKwchQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFG16VnOG3ehJmd7a1qFN42j7PTgOMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYlhwV2M0YmQ2RW1aM3RyV29VM2phUHM5T0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAV/eUAwQA
WSOfAwQAWSZlAwQAWSvHAwQAW7zOAwQAXHJrAwQA1SD7MA0GCSqGSIb3DQEBCwUA
A4IBAQB892IyBdQvgwtRpUaY6n01qgtdJIBuL3NOlz3pBFc5x1ko9uHnVfisGYHH
y46mPS+mOcCq2/YzCYUTlZQqq9AFCUIcFy9bmjFoZ/ydb3oXgCdj5nI6MtpAOPLQ
+gaXtyfWVv9JZNyeCZCS0eyq7hM/izXutcQVmMpOO3AuK8KbcNUUAsGI2wW2bNZl
VO/HikEXWL4la7Mkvz5LkWFqNbiaucI0FsDith6DIgnTAeRzeAICTNHG3kUydkhU
UDihPxzB16RmzU0u7Pp7sNeCSOIA8lHYLvH8jiRY4XoOCnUXxalfEYsPihs0Z9yJ
Gzli/sIqUK8m1Nb71YOIB9QQz96m
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org