Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sEwz0FgopXsYPEX3TaUD_rYsxM0.roa
File: sEwz0FgopXsYPEX3TaUD_rYsxM0.roa (raw, json)
Hash identifier: GAzUwInTm7aCaghOonsrP7+JNv4zZ61bscffcgaU3WQ=
Subject key identifier: B0:4C:33:D0:58:28:A5:7B:18:3C:45:F7:4D:A5:03:FE:B6:2C:C4:CD
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186B66818B561A9DA1EAAD22E6E60070BAC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sEwz0FgopXsYPEX3TaUD_rYsxM0.roa
Signing time: Mon 06 Mar 2023 10:12:00 +0000
ROA not before: Mon 06 Mar 2023 10:12:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200017
IP address blocks: 89.35.159.0/24 maxlen: 24
89.43.199.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
213.32.251.0/24 maxlen: 24
91.188.206.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b6:68:18:b5:61:a9:da:1e:aa:d2:2e:6e:60:07:0b:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 6 10:12:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b04c33d05828a57b183c45f74da503feb62cc4cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:80:aa:1e:d4:1d:8c:a3:a5:8f:f9:7e:cd:6c:
6c:0d:b0:38:3c:46:c0:9b:9b:1c:e9:b0:bd:f3:93:
fe:7d:ec:ce:57:e7:70:ac:33:e3:a9:57:a3:6f:fd:
06:78:f9:7e:74:99:48:24:71:57:ed:8c:27:b0:8d:
c3:34:34:7c:99:72:23:f4:37:a3:0d:91:3e:70:7b:
2c:7c:52:0b:26:e9:13:11:66:e7:1f:52:bb:f8:dc:
72:45:18:4f:8f:48:96:93:0e:f9:a4:17:49:8a:b2:
54:a6:1c:63:80:6b:95:ed:f9:ed:45:50:0b:9d:7b:
2e:93:8b:8b:a6:79:e7:84:77:b4:18:6a:54:cc:50:
13:2b:23:85:84:da:0b:96:d1:d6:02:91:97:ed:50:
68:bd:c5:e5:74:1e:fb:cf:df:13:b1:5e:94:e4:d2:
57:d5:e6:04:93:41:25:f0:0b:90:a5:d7:b8:1c:48:
09:3c:3d:be:e7:71:7d:c8:53:b3:9d:32:6a:93:d6:
c7:0f:93:6a:23:76:e2:05:16:b8:87:1d:15:a8:8c:
72:b1:9c:31:29:61:8a:40:a7:8f:80:ec:72:a1:f0:
fd:96:19:ff:56:25:09:25:ca:9b:0a:ef:eb:a1:db:
69:64:70:a9:bc:ad:64:10:a2:d8:c2:f1:06:2e:d2:
08:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:4C:33:D0:58:28:A5:7B:18:3C:45:F7:4D:A5:03:FE:B6:2C:C4:CD
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sEwz0FgopXsYPEX3TaUD_rYsxM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/24
89.35.159.0/24
89.43.199.0/24
91.188.206.0/24
213.32.251.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:97:08:fd:8e:e8:3f:cd:28:35:6c:35:ce:4f:80:48:d9:26:
62:73:db:83:4f:3d:42:18:12:a1:20:f6:e7:86:80:84:38:79:
9f:31:14:01:8b:7d:e7:ab:50:b7:11:3b:12:ed:f9:ec:85:45:
2e:4d:b8:74:80:bf:a8:59:b9:97:9a:da:49:1e:95:c5:b8:b6:
f2:9d:4b:74:14:9a:4e:71:2f:e6:89:b5:1c:4c:4c:51:89:b7:
a3:e4:ea:41:17:38:53:8d:93:ee:7a:05:81:ff:ec:0b:61:70:
f1:9d:67:6a:2d:d5:fb:e7:55:f0:d0:7f:c8:65:ea:b2:57:05:
b3:b5:95:a8:fe:f0:eb:0c:ec:a3:20:b9:94:3e:b8:db:c8:7e:
1d:4a:66:ac:95:5d:88:85:6c:aa:60:d4:bc:4f:89:91:f7:d3:
b3:25:fb:f3:87:77:69:c7:48:45:ca:72:df:7d:69:03:ae:25:
19:97:df:1d:0c:e1:c9:c9:08:a5:76:de:0c:15:7f:2b:d2:33:
11:bc:8d:3f:89:25:6d:68:10:ef:81:ad:4f:73:20:61:05:5d:
3c:dd:1d:27:2c:59:9e:69:eb:f7:27:01:d2:c8:ee:a4:81:35:
be:b8:fd:d6:53:73:39:64:88:cc:e8:07:89:29:31:c8:00:13:
84:0f:7a:b8
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYa2aBi1YanaHqrSLm5gBwusMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA2MTAxMjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDRjMzNkMDU4MjhhNTdiMTgzYzQ1Zjc0ZGE1MDNmZWI2MmNjNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4CqHtQdjKOlj/l+zWxsDbA4PEbA
m5sc6bC985P+fezOV+dwrDPjqVejb/0GePl+dJlIJHFX7YwnsI3DNDR8mXIj9Dej
DZE+cHssfFILJukTEWbnH1K7+NxyRRhPj0iWkw75pBdJirJUphxjgGuV7fntRVAL
nXsuk4uLpnnnhHe0GGpUzFATKyOFhNoLltHWApGX7VBovcXldB77z98TsV6U5NJX
1eYEk0El8AuQpde4HEgJPD2+53F9yFOznTJqk9bHD5NqI3biBRa4hx0VqIxysZwx
KWGKQKePgOxyofD9lhn/ViUJJcqbCu/rodtpZHCpvK1kEKLYwvEGLtIIPQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLBMM9BYKKV7GDxF902lA/62LMTNMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvc0V3ejBGZ29wWHNZUEVYM1RhVURfcllzeE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAV/eUAwQA
WSOfAwQAWSvHAwQAW7zOAwQA1SD7MA0GCSqGSIb3DQEBCwUAA4IBAQBelwj9jug/
zSg1bDXOT4BI2SZic9uDTz1CGBKhIPbnhoCEOHmfMRQBi33nq1C3ETsS7fnshUUu
Tbh0gL+oWbmXmtpJHpXFuLbynUt0FJpOcS/mibUcTExRibej5OpBFzhTjZPuegWB
/+wLYXDxnWdqLdX751Xw0H/IZeqyVwWztZWo/vDrDOyjILmUPrjbyH4dSmaslV2I
hWyqYNS8T4mR99OzJfvzh3dpx0hFynLffWkDriUZl98dDOHJyQildt4MFX8r0jMR
vI0/iSVtaBDvga1PcyBhBV083R0nLFmeaev3JwHSyO6kgTW+uP3WU3M5ZIjM6AeJ
KTHIABOED3q4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org