Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lqDTTNqDjBzqwuGW0p87CYyoU64.roa
File: lqDTTNqDjBzqwuGW0p87CYyoU64.roa (raw, json)
Hash identifier: v3cNBbR1XOcKkJM1UksoY74HHJcXWECra+nuwrJVyoc=
Subject key identifier: 96:A0:D3:4C:DA:83:8C:1C:EA:C2:E1:96:D2:9F:3B:09:8C:A8:53:AE
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018803CF2DF62ABD28D6533F617DCAFC459E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lqDTTNqDjBzqwuGW0p87CYyoU64.roa
Signing time: Wed 10 May 2023 03:58:09 +0000
ROA not before: Wed 10 May 2023 03:58:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:03:cf:2d:f6:2a:bd:28:d6:53:3f:61:7d:ca:fc:45:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 10 03:58:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=96a0d34cda838c1ceac2e196d29f3b098ca853ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:c7:df:cf:aa:bb:62:7a:6a:99:ea:b2:d2:b0:
dd:0b:b7:93:fe:2f:cc:b2:72:1e:04:c9:1a:8a:09:
cc:76:b7:09:73:1c:b9:1e:73:da:c7:02:01:a7:2f:
68:22:76:7b:41:15:57:e6:70:64:1d:61:b2:ff:e6:
04:61:7a:09:ca:07:e4:1f:21:42:27:b5:88:78:fd:
d0:95:a5:e3:93:ff:24:7d:8a:28:bd:5f:1f:ec:48:
23:3f:9f:02:b5:45:a0:ff:55:89:e1:b1:62:2a:d5:
fc:ca:6e:fe:df:d0:79:ba:5f:d6:13:9d:ea:6b:72:
24:6a:70:52:13:75:c4:18:66:3c:e4:fd:1e:5e:b5:
8e:75:14:14:33:ce:c4:ca:6c:21:ed:e9:7b:39:c6:
2b:30:7c:df:1a:11:3b:04:71:93:70:69:18:0d:0f:
65:ab:00:42:9c:20:b0:8c:7b:0f:94:de:09:3e:01:
0b:12:0e:04:68:e0:18:9c:8f:1d:ac:fe:25:64:fd:
b8:67:95:74:03:03:a0:9b:51:f9:2f:8b:f3:80:2d:
39:30:e7:d3:6e:53:5a:21:01:07:db:60:43:b2:3b:
a3:90:88:93:7b:12:c2:f5:79:aa:f6:b4:f5:af:9e:
de:3a:0a:f4:07:2b:44:24:37:37:fa:33:ac:9d:12:
6e:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:A0:D3:4C:DA:83:8C:1C:EA:C2:E1:96:D2:9F:3B:09:8C:A8:53:AE
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lqDTTNqDjBzqwuGW0p87CYyoU64.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
185.103.72.0/24
185.135.143.0/24
185.238.10.0/24
185.241.209.0-185.241.211.255
185.255.169.0-185.255.170.255
188.212.132.0/23
188.213.203.0/24
188.240.230.0/24
188.240.232.0/24
Signature Algorithm: sha256WithRSAEncryption
83:28:64:71:a3:ad:39:10:7e:67:a0:53:46:4f:75:9b:61:77:
1a:89:5c:24:c7:c1:2c:e5:f0:36:c8:e7:3c:a8:40:4d:f4:e9:
d1:c6:47:42:98:fe:df:91:14:4e:20:97:3e:71:1c:f1:c5:02:
49:75:e2:6d:fa:47:c1:cf:d3:00:1f:c4:ba:ee:01:f6:fa:1c:
07:f4:79:c5:e4:0b:e3:ce:b7:ae:dd:b2:5c:cc:db:27:a9:71:
2b:da:88:67:48:36:c2:d1:3b:34:4a:dc:d2:31:09:20:5e:7a:
86:21:dc:d1:f1:a2:3a:a8:39:db:56:49:4b:40:16:f9:94:90:
20:64:91:35:49:3e:38:d9:e4:01:d6:9d:90:d2:3f:88:04:a1:
fe:5a:c1:da:f9:66:72:27:33:ad:b6:08:11:e1:b2:f4:5c:67:
bc:e8:c3:77:af:48:62:40:b4:f7:4b:f6:72:13:00:09:ee:30:
d6:d1:5a:65:b4:0d:b5:7e:39:89:8f:4b:b4:90:31:de:20:89:
03:9e:7a:64:72:58:2c:da:e4:1e:2a:fd:a9:da:15:8b:a1:ed:
92:4a:fa:01:8b:22:c2:e8:67:6b:e3:2e:e5:8d:b2:f5:8d:9d:
f5:54:e8:7a:b0:c8:43:10:91:17:7d:c5:69:79:47:d5:8e:35:
f0:da:d9:6c
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYgDzy32Kr0o1lM/YX3K/EWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTEwMDM1ODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmEwZDM0Y2RhODM4YzFjZWFjMmUxOTZkMjlmM2IwOThjYTg1M2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8ffz6q7Ynpqmeqy0rDdC7eT/i/M
snIeBMkaignMdrcJcxy5HnPaxwIBpy9oInZ7QRVX5nBkHWGy/+YEYXoJygfkHyFC
J7WIeP3QlaXjk/8kfYoovV8f7EgjP58CtUWg/1WJ4bFiKtX8ym7+39B5ul/WE53q
a3IkanBSE3XEGGY85P0eXrWOdRQUM87Eymwh7el7OcYrMHzfGhE7BHGTcGkYDQ9l
qwBCnCCwjHsPlN4JPgELEg4EaOAYnI8drP4lZP24Z5V0AwOgm1H5L4vzgC05MOfT
blNaIQEH22BDsjujkIiTexLC9Xmq9rT1r57eOgr0BytEJDc3+jOsnRJuqQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFJag00zag4wc6sLhltKfOwmMqFOuMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbHFEVFROcURqQnpxd3VHVzBwODdDWXlvVTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQAV/eUAwQA
WSU/AwQAW7zMAwQBXXP+AwQAuWdIAwQAuYePAwQAue4KMAwDBAC58dEDBAK58dAw
DAMEALn/qQMEALn/qgMEAbzUhAMEALzVywMEALzw5gMEALzw6DANBgkqhkiG9w0B
AQsFAAOCAQEAgyhkcaOtORB+Z6BTRk91m2F3GolcJMfBLOXwNsjnPKhATfTp0cZH
Qpj+35EUTiCXPnEc8cUCSXXibfpHwc/TAB/Euu4B9vocB/R5xeQL4863rt2yXMzb
J6lxK9qIZ0g2wtE7NErc0jEJIF56hiHc0fGiOqg521ZJS0AW+ZSQIGSRNUk+ONnk
AdadkNI/iASh/lrB2vlmciczrbYIEeGy9FxnvOjDd69IYkC090v2chMACe4w1tFa
ZbQNtX45iY9LtJAx3iCJA556ZHJYLNrkHir9qdoVi6Htkkr6AYsiwuhna+Mu5Y2y
9Y2d9VToerDIQxCRF33FaXlH1Y418NrZbA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org