Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lCNGz44er-JqIc1a47dxm66J8tY.roa
File: lCNGz44er-JqIc1a47dxm66J8tY.roa (raw, json)
Hash identifier: Q+7gKF/W+siBptfwGafEUteXEExzfS6Bvo97caRVPrs=
Subject key identifier: 94:23:46:CF:8E:1E:AF:E2:6A:21:CD:5A:E3:B7:71:9B:AE:89:F2:D6
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186C732B161FB4F80A5B28D5CE86461B56E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lCNGz44er-JqIc1a47dxm66J8tY.roa
Signing time: Thu 09 Mar 2023 16:27:13 +0000
ROA not before: Thu 09 Mar 2023 16:27:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
89.40.76.0/24 maxlen: 24
94.176.110.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:c7:32:b1:61:fb:4f:80:a5:b2:8d:5c:e8:64:61:b5:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 9 16:27:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=942346cf8e1eafe26a21cd5ae3b7719bae89f2d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:ee:06:a6:a7:87:23:a3:60:79:cb:f8:61:a8:
29:f6:c5:72:a1:1f:76:4e:d6:5e:32:95:77:40:fc:
5b:43:86:03:2b:28:dd:f8:39:72:19:56:c5:05:c9:
0d:5e:ab:a8:9b:0d:f7:ca:c2:61:ac:d5:62:3a:b0:
66:22:51:aa:a2:29:f6:05:1e:d6:32:b0:6f:23:66:
30:c0:97:09:1b:38:43:21:46:31:3f:c3:d2:2f:aa:
f5:aa:61:f6:dc:c9:d3:ab:6f:67:21:f9:8f:94:f7:
99:20:67:12:fd:54:58:11:dd:fc:6e:39:be:30:37:
b0:86:a7:99:ea:b9:5b:79:a7:e7:d1:e9:33:e2:b9:
df:0c:6b:17:9b:a3:6e:b1:ac:70:7f:1d:5f:03:93:
3d:21:c2:20:28:2f:56:68:27:80:3a:72:59:0a:0a:
ff:8e:4b:38:83:52:3f:14:3b:66:e9:d5:e4:7a:30:
54:bb:b8:0e:7c:5d:17:ab:33:e2:4e:5e:c6:86:da:
56:5a:10:2c:e6:c7:48:1d:11:c2:d9:f2:38:44:f4:
3c:de:84:21:d5:91:44:ce:ee:1d:43:ac:31:95:9c:
d5:3e:56:f6:38:76:a1:f6:eb:fc:3b:1b:30:f0:9d:
65:76:28:e4:76:08:d3:38:d9:78:5f:f1:b2:b8:1f:
90:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:23:46:CF:8E:1E:AF:E2:6A:21:CD:5A:E3:B7:71:9B:AE:89:F2:D6
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lCNGz44er-JqIc1a47dxm66J8tY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/24
89.37.63.0/24
89.40.76.0/24
91.188.204.0/24
93.115.254.0/23
94.176.110.0/24
185.103.72.0/24
185.238.10.0/24
185.241.210.0/23
185.255.169.0-185.255.171.255
188.212.132.0/23
Signature Algorithm: sha256WithRSAEncryption
0a:47:01:51:dc:6f:d4:63:97:ca:bb:ee:3e:f0:cc:91:11:13:
cc:45:12:47:82:7f:4d:60:14:a4:1b:94:29:63:2b:00:0a:bc:
fe:50:ab:25:23:fe:97:a4:48:db:86:7e:a6:48:d7:cf:d4:74:
dc:c3:45:bf:ae:d9:93:e9:5a:ce:bf:f4:d9:f0:58:cf:06:87:
35:a6:f2:98:4f:d3:c0:37:84:03:c1:e2:e8:2b:9d:9a:da:72:
11:fa:e9:b9:35:c1:25:28:ef:08:be:21:e5:18:a8:a6:d9:7a:
54:c6:29:5a:64:99:66:f4:30:3b:8f:4d:fa:1d:06:57:1c:a9:
00:0c:24:0f:25:b6:18:a4:ff:66:f2:b2:c3:e6:c0:e0:31:09:
c2:12:be:e9:f4:ac:38:3b:eb:e1:61:12:dc:ae:f7:58:df:d4:
a4:27:df:7f:b8:eb:0b:21:8a:e4:5d:30:48:76:34:c6:76:3f:
64:bd:9c:e7:c7:58:f0:4f:6e:f1:2c:ed:bf:cd:4f:a1:f5:d4:
0f:a4:6e:d5:1c:70:67:0e:c5:44:38:6e:31:08:1e:bb:72:b1:
29:b5:83:3d:2c:b9:26:1c:f7:30:a6:34:6b:6b:92:6a:2f:fb:
ef:3e:28:91:84:08:9e:ad:10:bd:39:1a:9e:63:1f:db:a8:be:
62:73:0b:7d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYbHMrFh+0+ApbKNXOhkYbVuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA5MTYyNzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDIzNDZjZjhlMWVhZmUyNmEyMWNkNWFlM2I3NzE5YmFlODlmMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO4GpqeHI6Ngecv4Yagp9sVyoR92
TtZeMpV3QPxbQ4YDKyjd+DlyGVbFBckNXquomw33ysJhrNViOrBmIlGqoin2BR7W
MrBvI2YwwJcJGzhDIUYxP8PSL6r1qmH23MnTq29nIfmPlPeZIGcS/VRYEd38bjm+
MDewhqeZ6rlbeafn0ekz4rnfDGsXm6Nusaxwfx1fA5M9IcIgKC9WaCeAOnJZCgr/
jks4g1I/FDtm6dXkejBUu7gOfF0XqzPiTl7GhtpWWhAs5sdIHRHC2fI4RPQ83oQh
1ZFEzu4dQ6wxlZzVPlb2OHah9uv8Oxsw8J1ldijkdgjTONl4X/GyuB+QtwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFJQjRs+OHq/iaiHNWuO3cZuuifLWMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbENOR3o0NGVyLUpxSWMxYTQ3ZHhtNjZKOHRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAV/eUAwQA
WSU/AwQAWShMAwQAW7zMAwQBXXP+AwQAXrBuAwQAuWdIAwQAue4KAwQBufHSMAwD
BAC5/6kDBAK5/6gDBAG81IQwDQYJKoZIhvcNAQELBQADggEBAApHAVHcb9Rjl8q7
7j7wzJERE8xFEkeCf01gFKQblCljKwAKvP5QqyUj/pekSNuGfqZI18/UdNzDRb+u
2ZPpWs6/9NnwWM8GhzWm8phP08A3hAPB4ugrnZrachH66bk1wSUo7wi+IeUYqKbZ
elTGKVpkmWb0MDuPTfodBlccqQAMJA8lthik/2byssPmwOAxCcISvun0rDg76+Fh
Etyu91jf1KQn33+46wshiuRdMEh2NMZ2P2S9nOfHWPBPbvEs7b/NT6H11A+kbtUc
cGcOxUQ4bjEIHrtysSm1gz0suSYc9zCmNGtrkmov++8+KJGECJ6tEL05Gp5jH9uo
vmJzC30=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org