Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qyQL6YAhNkxeesFeInWzTiayTS4.roa
File: qyQL6YAhNkxeesFeInWzTiayTS4.roa (raw, json)
Hash identifier: TMFoaPcVSLwJ/xhEBae8poxEDeET6pWCcRLWP2WzNmA=
Subject key identifier: AB:24:0B:E9:80:21:36:4C:5E:7A:C1:5E:22:75:B3:4E:26:B2:4D:2E
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018757251CB3007786D93E25634163306610
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qyQL6YAhNkxeesFeInWzTiayTS4.roa
Signing time: Thu 06 Apr 2023 15:17:42 +0000
ROA not before: Thu 06 Apr 2023 15:17:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.121.229.0/24 maxlen: 24
89.38.136.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:57:25:1c:b3:00:77:86:d9:3e:25:63:41:63:30:66:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 6 15:17:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ab240be98021364c5e7ac15e2275b34e26b24d2e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:29:13:4f:a3:ee:0f:e2:5e:81:09:47:5f:b5:
b0:4a:25:f9:bf:2f:8d:cd:ed:27:de:ef:26:6c:38:
e2:ac:63:9e:00:8d:a1:a7:cc:fd:01:23:6f:e6:75:
44:ec:fb:d6:ae:de:02:3b:37:0c:75:d2:69:53:a3:
32:e1:06:c8:2a:d4:4e:2c:3a:70:6f:d9:5d:28:92:
0b:3d:6f:97:8e:39:7b:bc:de:bd:59:92:f4:86:51:
df:6f:c4:3e:ab:02:e1:df:6f:17:84:3d:47:bc:f6:
d5:26:06:1d:cc:b3:88:20:8a:ec:7b:9c:ed:3a:48:
2c:94:f1:52:25:49:73:0a:56:3b:4c:0d:dc:5a:96:
7a:b4:5d:f5:47:36:96:6e:65:87:4c:eb:2c:82:23:
48:5f:31:c6:64:29:ad:2e:e5:8d:af:50:c3:c8:f0:
fd:37:c9:4a:1b:8f:1d:f9:e8:d4:13:5f:22:2c:89:
18:ae:c2:97:1c:2d:6e:8c:6d:84:b1:d0:d4:d4:c6:
d2:0a:f3:a3:a2:6b:87:d8:f7:0d:d9:96:ca:30:16:
99:d2:a7:82:f2:6e:fe:29:04:84:e4:bd:45:2f:4a:
50:0b:51:24:22:60:7c:02:38:0a:51:bb:71:0a:5c:
13:73:5a:49:08:95:cb:7d:22:2f:11:e0:96:46:31:
cf:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:24:0B:E9:80:21:36:4C:5E:7A:C1:5E:22:75:B3:4E:26:B2:4D:2E
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/qyQL6YAhNkxeesFeInWzTiayTS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.38.136.0/24
89.43.210.0/23
93.114.246.0/24
185.103.74.0/24
185.115.144.0/24
185.121.229.0/24
185.236.62.0/24
194.4.158.0/24
213.32.248.0/24
Signature Algorithm: sha256WithRSAEncryption
68:78:ee:56:48:82:ce:c4:6b:4d:ef:f3:e0:a6:39:77:2c:89:
41:2e:fb:ac:cd:cf:31:f0:89:0c:fd:fb:0b:c7:53:f5:9c:34:
af:8a:14:18:a6:30:c2:69:d7:2c:00:91:8c:6d:21:df:34:33:
10:41:80:f2:12:04:72:8b:27:42:03:0a:ed:c7:2c:77:97:b9:
fc:9f:33:35:39:73:8a:ea:a0:90:0d:46:fc:8a:6e:12:d2:c9:
d0:07:3a:38:a3:d4:38:d6:17:cb:38:5c:c5:bd:70:a1:03:20:
c4:ea:f6:45:30:04:61:16:4c:6f:2b:ba:f5:8e:dd:33:19:f3:
66:b6:4c:90:12:7d:3a:09:bd:2a:c1:0e:52:f3:56:35:2a:ce:
a5:f6:14:2d:ac:67:36:df:15:1d:8d:9f:7a:e8:9e:81:b9:6f:
96:45:1c:e0:44:08:2b:67:c9:b3:bc:ff:9c:86:c9:bb:a4:8d:
37:d8:04:5d:d5:72:75:e7:12:9c:92:0d:f4:cd:e5:f6:90:07:
04:aa:81:4c:07:12:3b:13:f2:a0:9f:c2:26:c4:a7:0a:15:03:
e2:27:ee:32:1d:22:44:ff:b5:8a:b8:69:b2:a2:34:ea:19:17:
e4:da:09:93:15:24:dc:85:3d:c6:b2:b9:2f:66:c4:b8:7b:48:
6d:04:1c:c4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYdXJRyzAHeG2T4lY0FjMGYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA2MTUxNzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjI0MGJlOTgwMjEzNjRjNWU3YWMxNWUyMjc1YjM0ZTI2YjI0ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSkTT6PuD+JegQlHX7WwSiX5vy+N
ze0n3u8mbDjirGOeAI2hp8z9ASNv5nVE7PvWrt4COzcMddJpU6My4QbIKtROLDpw
b9ldKJILPW+Xjjl7vN69WZL0hlHfb8Q+qwLh328XhD1HvPbVJgYdzLOIIIrse5zt
OkgslPFSJUlzClY7TA3cWpZ6tF31RzaWbmWHTOssgiNIXzHGZCmtLuWNr1DDyPD9
N8lKG48d+ejUE18iLIkYrsKXHC1ujG2EsdDU1MbSCvOjomuH2PcN2ZbKMBaZ0qeC
8m7+KQSE5L1FL0pQC1EkImB8AjgKUbtxClwTc1pJCJXLfSIvEeCWRjHPawIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKskC+mAITZMXnrBXiJ1s04msk0uMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcXlRTDZZQWhOa3hlZXNGZUluV3pUaWF5VFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAWSaIAwQB
WSvSAwQAXXL2AwQAuWdKAwQAuXOQAwQAuXnlAwQAuew+AwQAwgSeAwQA1SD4MA0G
CSqGSIb3DQEBCwUAA4IBAQBoeO5WSILOxGtN7/Pgpjl3LIlBLvuszc8x8IkM/fsL
x1P1nDSvihQYpjDCadcsAJGMbSHfNDMQQYDyEgRyiydCAwrtxyx3l7n8nzM1OXOK
6qCQDUb8im4S0snQBzo4o9Q41hfLOFzFvXChAyDE6vZFMARhFkxvK7r1jt0zGfNm
tkyQEn06Cb0qwQ5S81Y1Ks6l9hQtrGc23xUdjZ966J6BuW+WRRzgRAgrZ8mzvP+c
hsm7pI032ARd1XJ15xKckg30zeX2kAcEqoFMBxI7E/Kgn8ImxKcKFQPiJ+4yHSJE
/7WKuGmyojTqGRfk2gmTFSTchT3GsrkvZsS4e0htBBzE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org