Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fN-inX1zJxR2VtGhmc2IhyjOrsE.roa
File: fN-inX1zJxR2VtGhmc2IhyjOrsE.roa (raw, json)
Hash identifier: TO0/cIvrGDsZH9JHVk4K9m87h4l58/EmgB/H7OAdM3k=
Subject key identifier: 7C:DF:A2:9D:7D:73:27:14:76:56:D1:A1:99:CD:88:87:28:CE:AE:C1
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0189497504467850ED2E8A6B870ED7D5C6F2
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fN-inX1zJxR2VtGhmc2IhyjOrsE.roa
Signing time: Wed 12 Jul 2023 09:35:52 +0000
ROA not before: Wed 12 Jul 2023 09:35:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200017
IP address blocks: 89.35.159.0/24 maxlen: 24
92.114.107.0/24 maxlen: 24
89.43.199.0/24 maxlen: 24
213.32.251.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:49:75:04:46:78:50:ed:2e:8a:6b:87:0e:d7:d5:c6:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jul 12 09:35:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7cdfa29d7d7327147656d1a199cd888728ceaec1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:eb:90:00:1c:1f:4a:89:ea:3b:80:60:b8:39:
ab:47:84:b0:8a:65:e3:0f:ec:ce:35:21:a3:35:92:
74:ae:8c:30:95:37:45:fb:7f:3e:c7:b9:5a:35:17:
40:ce:b3:70:bd:7e:1b:21:4e:de:36:c8:d6:bd:61:
0d:92:3b:b0:91:5f:3d:e7:ff:32:65:d2:e8:16:b5:
74:3a:ac:0e:73:40:e1:ea:87:f6:77:90:1e:9d:1e:
cd:4a:28:85:43:51:22:e2:a7:df:81:23:ac:de:e9:
52:85:29:88:f2:c3:76:e3:24:d9:af:b9:a0:c6:c3:
75:df:d2:c5:6f:40:1b:29:d2:f4:b5:70:3e:7a:e1:
22:04:bf:47:41:19:e7:d6:92:e4:ab:6c:3b:47:a5:
bf:de:94:68:e5:ce:e1:e6:83:fd:13:eb:fb:3c:4e:
93:7b:2c:36:8d:ab:a6:02:4c:f7:51:2d:c2:54:b3:
c2:b8:3d:f8:a4:a0:0f:f7:18:fa:21:20:ed:c5:19:
c6:f9:d5:e8:33:9f:80:e4:29:65:21:0d:a3:ba:8e:
f2:9f:1d:cb:09:de:dd:64:e5:a2:30:59:03:be:1c:
b7:39:eb:51:c7:41:50:ba:3e:91:70:c6:47:60:d3:
7e:dd:45:a6:9b:35:64:b8:62:61:c1:74:bb:2c:43:
0b:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:DF:A2:9D:7D:73:27:14:76:56:D1:A1:99:CD:88:87:28:CE:AE:C1
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fN-inX1zJxR2VtGhmc2IhyjOrsE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.159.0/24
89.43.199.0/24
92.114.107.0/24
213.32.251.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:c2:d6:3b:bb:38:ac:41:aa:6a:d6:b7:03:9b:5c:1a:ad:80:
dd:92:22:64:91:9a:23:56:98:5b:eb:8f:4c:84:65:21:51:48:
5d:09:61:31:fa:ce:7b:ec:1f:00:de:12:4a:23:50:c9:15:22:
de:76:48:f7:f4:59:c1:40:ae:06:9f:f8:78:34:96:64:35:5b:
5c:99:f0:61:6c:3d:3b:bc:2f:22:32:52:41:ae:56:a6:80:6a:
42:fa:ca:c0:ca:5e:ef:3d:65:07:18:41:cf:c0:f6:ad:25:71:
04:33:7a:fb:ad:bd:e9:39:3d:75:a5:78:93:58:94:52:6e:44:
e3:13:52:44:1c:d8:d0:fe:48:1f:65:58:15:6b:26:ae:bd:98:
d3:64:7b:e9:d7:b3:a3:76:d5:fa:c9:a2:05:2c:6b:26:24:27:
28:78:8a:ac:ef:65:fe:50:74:34:2d:0d:3a:d3:1a:15:b1:cf:
32:e0:c3:c9:45:c3:1f:c4:db:6a:5e:2c:be:02:06:11:a9:2a:
38:3a:5f:bc:5c:07:97:db:a7:e3:f5:f8:3e:67:37:e9:5b:f5:
23:c7:b7:a2:43:e4:64:4e:10:25:c7:97:fd:bb:09:57:99:7f:
60:65:df:00:e0:54:70:22:dd:45:b5:8c:a8:0d:4c:17:66:4e:
84:08:0e:b9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYlJdQRGeFDtLoprhw7X1cbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzEyMDkzNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2RmYTI5ZDdkNzMyNzE0NzY1NmQxYTE5OWNkODg4NzI4Y2VhZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7euQABwfSonqO4BguDmrR4SwimXj
D+zONSGjNZJ0rowwlTdF+38+x7laNRdAzrNwvX4bIU7eNsjWvWENkjuwkV895/8y
ZdLoFrV0OqwOc0Dh6of2d5AenR7NSiiFQ1Ei4qffgSOs3ulShSmI8sN24yTZr7mg
xsN139LFb0AbKdL0tXA+euEiBL9HQRnn1pLkq2w7R6W/3pRo5c7h5oP9E+v7PE6T
eyw2jaumAkz3US3CVLPCuD34pKAP9xj6ISDtxRnG+dXoM5+A5CllIQ2juo7ynx3L
Cd7dZOWiMFkDvhy3OetRx0FQuj6RcMZHYNN+3UWmmzVkuGJhwXS7LEMLIwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHzfop19cycUdlbRoZnNiIcozq7BMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZk4taW5YMXpKeFIyVnRHaG1jMkloeWpPcnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWSOfAwQA
WSvHAwQAXHJrAwQA1SD7MA0GCSqGSIb3DQEBCwUAA4IBAQAdwtY7uzisQapq1rcD
m1warYDdkiJkkZojVphb649MhGUhUUhdCWEx+s577B8A3hJKI1DJFSLedkj39FnB
QK4Gn/h4NJZkNVtcmfBhbD07vC8iMlJBrlamgGpC+srAyl7vPWUHGEHPwPatJXEE
M3r7rb3pOT11pXiTWJRSbkTjE1JEHNjQ/kgfZVgVayauvZjTZHvp17OjdtX6yaIF
LGsmJCcoeIqs72X+UHQ0LQ060xoVsc8y4MPJRcMfxNtqXiy+AgYRqSo4Ol+8XAeX
26fj9fg+ZzfpW/Ujx7eiQ+RkThAlx5f9uwlXmX9gZd8A4FRwIt1FtYyoDUwXZk6E
CA65
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:47 2024 by rpki-client on console-fra.rpki-client.org