Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rFakxRsRH48nEU-8OgiybMmI1YE.roa
File: rFakxRsRH48nEU-8OgiybMmI1YE.roa (raw, json)
Hash identifier: Ra/3HVz5eB0tVfNmeo5HkbPzdCO3rNgy1D2GqZ4pYGg=
Subject key identifier: AC:56:A4:C5:1B:11:1F:8F:27:11:4F:BC:3A:08:B2:6C:C9:88:D5:81
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018746DBFD16A25DE4EE2D6D93715E859199
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rFakxRsRH48nEU-8OgiybMmI1YE.roa
Signing time: Mon 03 Apr 2023 11:23:54 +0000
ROA not before: Mon 03 Apr 2023 11:23:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
94.176.110.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:46:db:fd:16:a2:5d:e4:ee:2d:6d:93:71:5e:85:91:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 3 11:23:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac56a4c51b111f8f27114fbc3a08b26cc988d581
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:da:e9:ee:f9:07:4a:c3:d8:36:46:21:a9:be:
5c:fb:0e:68:20:d7:39:e2:71:e8:12:60:51:ec:3a:
4b:8e:cb:16:8d:2c:57:56:92:44:89:b8:47:37:1f:
aa:b0:2c:02:c5:b9:47:e9:cd:61:13:4d:06:a9:cb:
ed:d0:9b:da:32:57:75:4a:fc:05:f3:5a:67:e3:ca:
f2:fc:28:75:16:24:06:71:35:17:7e:17:a0:c2:79:
2f:75:81:9e:d1:c4:c7:38:e0:6a:91:a4:44:0a:07:
28:44:63:f8:5b:c9:59:dd:4a:98:65:38:13:5e:6a:
ff:a0:33:7e:82:f9:c0:9f:22:09:ef:e2:75:24:8e:
1f:46:29:62:db:b6:b6:44:30:e0:5e:7d:13:65:5b:
90:d2:0a:d1:c2:a1:2d:1d:77:c8:02:85:9c:16:6e:
8e:5b:d1:bc:59:80:ba:01:4d:1f:33:b7:a5:35:60:
64:fc:6b:26:80:b6:3c:c1:02:55:ca:71:55:e2:f9:
07:0d:dc:56:5a:dc:e3:ac:24:e8:f2:b7:ac:5c:5d:
f8:4e:a8:70:31:4e:d3:36:c6:6c:9a:9c:1a:de:3d:
30:ca:d3:ba:e4:03:0f:91:32:2d:6c:85:06:20:f0:
37:f3:96:3b:af:8d:38:dc:e7:dd:0c:f3:77:11:40:
c3:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:56:A4:C5:1B:11:1F:8F:27:11:4F:BC:3A:08:B2:6C:C9:88:D5:81
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rFakxRsRH48nEU-8OgiybMmI1YE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
94.176.110.0/24
185.103.72.0/24
185.238.10.0/24
185.241.209.0-185.241.211.255
185.255.169.0-185.255.170.255
188.212.132.0/23
188.240.232.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:e4:11:6d:5c:83:99:e2:76:41:5e:49:32:bf:69:87:89:b1:
19:64:09:31:5d:63:c9:7b:9a:fe:85:14:d2:b9:43:be:31:78:
ee:a8:6d:3d:eb:c7:36:d4:1e:a4:69:16:94:7e:7d:17:88:7d:
87:d9:1e:88:8f:be:63:eb:0e:f5:04:11:a4:de:dd:0c:0f:24:
08:5a:0e:49:c3:c3:f0:f5:bf:88:f3:ec:d8:fe:3e:45:1f:05:
46:38:99:94:dc:2c:1a:e7:bf:97:51:e8:a1:98:5f:ec:6f:db:
44:f5:cd:90:a3:7d:b2:c6:97:5a:84:66:81:94:79:91:87:99:
f8:1f:e7:a1:c9:31:ba:11:73:2d:2a:b5:e3:d1:91:b0:41:b6:
db:bf:24:d4:63:72:d6:d1:a6:1d:2c:6e:28:aa:ed:ee:c1:2f:
ad:e7:f1:15:ca:f4:21:d3:c0:f0:10:ce:44:bc:77:59:02:e0:
4a:02:13:6d:48:f8:e3:01:fb:23:3d:d2:1d:cd:bd:84:e2:48:
47:d5:63:6d:10:50:f8:42:a2:3f:c3:54:b2:19:8f:2e:0a:c7:
dc:37:48:0a:c3:35:3a:e4:9a:a1:dd:6c:07:89:f1:56:e2:e8:
bb:dd:4c:6f:55:f2:3c:63:b8:09:f6:0d:32:56:5e:6e:3c:bc:
a5:83:33:c7
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYdG2/0Wol3k7i1tk3FehZGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDAzMTEyMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzU2YTRjNTFiMTExZjhmMjcxMTRmYmMzYTA4YjI2Y2M5ODhkNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtrp7vkHSsPYNkYhqb5c+w5oINc5
4nHoEmBR7DpLjssWjSxXVpJEibhHNx+qsCwCxblH6c1hE00Gqcvt0JvaMld1SvwF
81pn48ry/Ch1FiQGcTUXfhegwnkvdYGe0cTHOOBqkaRECgcoRGP4W8lZ3UqYZTgT
Xmr/oDN+gvnAnyIJ7+J1JI4fRili27a2RDDgXn0TZVuQ0grRwqEtHXfIAoWcFm6O
W9G8WYC6AU0fM7elNWBk/GsmgLY8wQJVynFV4vkHDdxWWtzjrCTo8resXF34Tqhw
MU7TNsZsmpwa3j0wytO65AMPkTItbIUGIPA385Y7r4043OfdDPN3EUDDeQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFKxWpMUbER+PJxFPvDoIsmzJiNWBMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvckZha3hSc1JINDhuRVUtOE9naXliTW1JMVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAV/eUAwQA
WSU/AwQAW7zMAwQBXXP+AwQAXrBuAwQAuWdIAwQAue4KMAwDBAC58dEDBAK58dAw
DAMEALn/qQMEALn/qgMEAbzUhAMEALzw6DANBgkqhkiG9w0BAQsFAAOCAQEAHeQR
bVyDmeJ2QV5JMr9ph4mxGWQJMV1jyXua/oUU0rlDvjF47qhtPevHNtQepGkWlH59
F4h9h9keiI++Y+sO9QQRpN7dDA8kCFoOScPD8PW/iPPs2P4+RR8FRjiZlNwsGue/
l1HooZhf7G/bRPXNkKN9ssaXWoRmgZR5kYeZ+B/nockxuhFzLSq149GRsEG2278k
1GNy1tGmHSxuKKrt7sEvrefxFcr0IdPA8BDORLx3WQLgSgITbUj44wH7Iz3SHc29
hOJIR9VjbRBQ+EKiP8NUshmPLgrH3DdICsM1OuSaod1sB4nxVuLou91Mb1XyPGO4
CfYNMlZebjy8pYMzxw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org