Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lg8jheW9F_cDwoneXRB1MJxNG4s.roa
File: lg8jheW9F_cDwoneXRB1MJxNG4s.roa (raw, json)
Hash identifier: VYxB/1tX+7CcwnmZ2OEPd8Q/vhciOT8R1vBeV9bhx34=
Subject key identifier: 96:0F:23:85:E5:BD:17:F7:03:C2:89:DE:5D:10:75:30:9C:4D:1B:8B
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01870EF718F2DBCAC974415D98E54FA2A267
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lg8jheW9F_cDwoneXRB1MJxNG4s.roa
Signing time: Thu 23 Mar 2023 14:54:47 +0000
ROA not before: Thu 23 Mar 2023 14:54:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 178.239.202.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
93.114.195.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:0e:f7:18:f2:db:ca:c9:74:41:5d:98:e5:4f:a2:a2:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 23 14:54:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=960f2385e5bd17f703c289de5d1075309c4d1b8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:c1:aa:95:cf:eb:66:7f:45:53:fb:fd:80:d2:
2b:10:45:da:53:7e:8b:bb:0d:3a:03:33:20:f9:4e:
33:83:b6:da:03:88:7d:d1:6d:78:a7:0e:22:9d:ce:
ff:3c:2e:26:9b:00:a7:ca:cc:84:a1:ae:2f:6a:f9:
cd:9f:df:85:60:de:e3:46:c7:5a:a8:8b:86:97:ca:
fe:b3:ed:d8:a3:92:c4:54:fe:3b:12:88:32:21:8a:
59:98:af:1f:cc:a0:4c:a5:70:7a:e4:b5:5d:1f:ac:
a3:ef:9e:d1:4f:64:8b:4c:a3:76:08:2d:9e:11:0c:
78:dc:4e:c7:a9:5d:80:52:58:44:13:e8:f4:dd:1b:
55:67:5a:b5:70:1a:c9:15:66:9b:1c:39:42:93:20:
e2:22:22:41:02:08:c9:0d:9a:0d:f3:53:60:cf:74:
bb:b3:bd:cd:99:9a:3f:1b:16:f6:7f:39:e5:91:82:
7b:fa:25:20:ad:ee:32:8a:5b:25:81:48:29:f8:b0:
da:91:64:df:37:7f:5e:7e:93:df:d1:0a:89:14:0d:
a6:b9:3b:56:db:0a:cf:34:12:d8:f9:06:88:1e:6a:
93:c5:28:df:da:a4:d7:05:d1:1a:3c:1e:b4:f9:c0:
fd:3a:2a:a9:ed:5a:41:0c:ec:cc:2f:88:04:f5:b2:
89:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:0F:23:85:E5:BD:17:F7:03:C2:89:DE:5D:10:75:30:9C:4D:1B:8B
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lg8jheW9F_cDwoneXRB1MJxNG4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.92.0/24
93.114.195.0/24
178.239.201.0-178.239.202.255
185.103.75.0/24
185.229.107.0/24
185.230.250.0/24
193.42.54.0/23
Signature Algorithm: sha256WithRSAEncryption
3b:4d:01:6a:da:2a:de:c2:3f:9e:45:18:ad:ac:15:8f:b6:8c:
e4:b9:01:92:18:d9:db:fb:7f:2e:b8:63:90:a3:d0:cc:de:a2:
ca:7b:f4:0f:ed:25:ea:92:33:b5:64:a8:83:df:00:89:e9:79:
80:e6:1e:35:e0:8e:14:e1:75:58:12:73:ac:50:93:3e:b6:04:
19:c9:3d:fe:a7:a2:b0:53:94:c8:86:87:4a:cd:8a:6f:81:f6:
21:72:a0:16:ea:fe:91:77:9f:2c:01:39:d1:3f:3f:79:3f:9c:
9d:eb:b6:a3:09:d8:22:af:f6:44:96:5d:68:32:10:f8:6f:e9:
3a:79:7e:20:80:7e:36:5f:7a:52:da:19:d4:23:fa:bc:d9:0e:
d2:68:d1:06:56:92:15:5c:f3:6d:ea:5b:e8:56:ca:ce:2c:02:
f6:a4:ab:31:ff:7f:36:40:fa:fe:43:f3:9e:0a:5f:03:12:15:
c0:af:3b:d2:50:ec:c8:3a:78:56:0a:bb:44:60:60:bf:b3:80:
54:7c:94:c3:cb:96:06:ed:2a:68:1e:56:53:40:16:11:2f:0d:
20:c8:55:bb:1a:c5:05:f0:1e:40:02:8d:2a:91:a3:06:a0:93:
5b:76:d1:f4:5b:d8:b1:b5:d2:00:91:ed:d3:d2:5a:ff:70:6b:
6b:ec:f6:9e
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYcO9xjy28rJdEFdmOVPoqJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzIzMTQ1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjBmMjM4NWU1YmQxN2Y3MDNjMjg5ZGU1ZDEwNzUzMDljNGQxYjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8Gqlc/rZn9FU/v9gNIrEEXaU36L
uw06AzMg+U4zg7baA4h90W14pw4inc7/PC4mmwCnysyEoa4vavnNn9+FYN7jRsda
qIuGl8r+s+3Yo5LEVP47EogyIYpZmK8fzKBMpXB65LVdH6yj757RT2SLTKN2CC2e
EQx43E7HqV2AUlhEE+j03RtVZ1q1cBrJFWabHDlCkyDiIiJBAgjJDZoN81Ngz3S7
s73NmZo/Gxb2fznlkYJ7+iUgre4yilslgUgp+LDakWTfN39efpPf0QqJFA2muTtW
2wrPNBLY+QaIHmqTxSjf2qTXBdEaPB60+cD9Oiqp7VpBDOzML4gE9bKJYQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFJYPI4XlvRf3A8KJ3l0QdTCcTRuLMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbGc4amhlVzlGX2NEd29uZVhSQjFNSnhORzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAWS5cAwQA
XXLDMAwDBACy78kDBACy78oDBAC5Z0sDBAC55WsDBAC55voDBAHBKjYwDQYJKoZI
hvcNAQELBQADggEBADtNAWraKt7CP55FGK2sFY+2jOS5AZIY2dv7fy64Y5Cj0Mze
osp79A/tJeqSM7VkqIPfAInpeYDmHjXgjhThdVgSc6xQkz62BBnJPf6norBTlMiG
h0rNim+B9iFyoBbq/pF3nywBOdE/P3k/nJ3rtqMJ2CKv9kSWXWgyEPhv6Tp5fiCA
fjZfelLaGdQj+rzZDtJo0QZWkhVc823qW+hWys4sAvakqzH/fzZA+v5D854KXwMS
FcCvO9JQ7Mg6eFYKu0RgYL+zgFR8lMPLlgbtKmgeVlNAFhEvDSDIVbsaxQXwHkAC
jSqRowagk1t20fRb2LG10gCR7dPSWv9wa2vs9p4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org