Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tZigrieivRH7FzMRdVyQZbxrYHA.roa
File: tZigrieivRH7FzMRdVyQZbxrYHA.roa (raw, json)
Hash identifier: t3rtTYwlSYdYGynCRd67iYziN2ylB3l/JyXSJRxKxac=
Subject key identifier: B5:98:A0:AE:27:A2:BD:11:FB:17:33:11:75:5C:90:65:BC:6B:60:70
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01879455C5F77CAAA0CF52359DB2AB1B996B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tZigrieivRH7FzMRdVyQZbxrYHA.roa
Signing time: Tue 18 Apr 2023 12:27:41 +0000
ROA not before: Tue 18 Apr 2023 12:27:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 178.239.202.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
93.114.195.0/24 maxlen: 24
89.43.209.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:94:55:c5:f7:7c:aa:a0:cf:52:35:9d:b2:ab:1b:99:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 18 12:27:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b598a0ae27a2bd11fb173311755c9065bc6b6070
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:e7:a2:13:13:33:77:49:f8:bd:76:36:92:7d:
cf:44:53:1a:38:56:82:62:8b:48:d8:1d:29:ea:a9:
fd:5a:e9:07:2a:c6:10:6a:3d:67:d5:51:91:c4:0a:
f1:0c:6f:a6:8f:55:ea:11:0d:ab:cb:8d:54:c7:0b:
df:3f:81:58:63:cd:57:6e:8b:89:77:31:c7:ef:89:
c8:64:47:36:4f:c8:36:aa:32:3c:ee:75:cb:a5:75:
29:2b:31:e5:d8:76:c7:0b:e2:97:9d:61:8c:ab:bc:
0d:45:f7:76:f0:58:28:22:3d:67:55:ad:0a:a6:cb:
d5:79:f6:18:f4:a4:57:69:73:5f:9a:40:03:d1:4e:
c0:31:08:6b:c7:14:09:59:f1:d7:eb:94:3f:bc:85:
99:41:9a:45:e2:02:b2:ef:c5:01:cf:d1:13:84:93:
9d:f3:80:72:3a:8d:af:9d:96:b3:11:7c:47:ab:d1:
1a:25:ef:87:d7:24:52:a8:f4:44:d0:13:66:a1:8f:
32:6b:8f:36:4b:d2:e6:ea:2b:1c:69:8d:70:44:85:
5d:65:25:3d:4f:13:cf:38:a9:e0:f5:2d:67:a5:d9:
0e:77:cd:11:c5:e0:5a:33:00:9c:fd:3d:e3:da:34:
ec:48:d6:fb:d6:f6:af:49:9c:12:54:ce:b4:11:9e:
54:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:98:A0:AE:27:A2:BD:11:FB:17:33:11:75:5C:90:65:BC:6B:60:70
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tZigrieivRH7FzMRdVyQZbxrYHA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.43.209.0/24
89.46.92.0/24
93.114.195.0/24
178.239.201.0-178.239.202.255
193.42.54.0/23
Signature Algorithm: sha256WithRSAEncryption
7f:37:26:30:c9:c3:cc:f3:ed:0e:de:ae:16:a8:e4:0f:c0:91:
01:d6:2b:65:83:98:20:8d:ae:15:8e:79:35:e9:44:50:23:fe:
f3:88:92:40:ce:5e:ca:2e:89:89:fa:a4:87:6c:a1:ac:26:f8:
35:e0:51:45:30:bc:71:37:a1:63:55:62:e6:fe:d2:7a:c3:a4:
89:8f:18:bf:1d:f2:e4:d3:31:c1:f9:ce:2f:d6:a3:cd:98:31:
65:0a:76:2a:03:c2:5d:19:a7:e0:10:5a:79:07:0b:d3:52:51:
e3:1d:7b:88:32:8a:b9:ad:57:07:98:ea:56:5e:b2:d3:6b:86:
eb:37:52:08:17:9a:e7:2e:c5:83:37:1c:f9:82:e2:d8:d8:01:
99:3f:7b:be:35:1b:69:06:ae:91:4f:5c:ed:20:26:b3:b3:0d:
3b:4d:d4:f1:19:7a:ad:61:4f:e8:91:f6:f4:cb:64:62:f9:b1:
55:30:ba:61:cb:7c:d1:1a:52:c9:c4:a0:0e:9f:b3:96:3e:6b:
e6:84:13:cb:7b:71:e0:3e:23:26:17:ad:98:77:bd:d4:17:87:
9c:52:b7:99:0d:3e:0d:04:68:80:1a:90:5c:1b:d8:a8:f0:9c:
cb:f6:56:5b:9e:cc:33:97:e2:f5:7f:e7:b4:be:0d:a5:35:c4:
ee:e2:26:b3
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYeUVcX3fKqgz1I1nbKrG5lrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDE4MTIyNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTk4YTBhZTI3YTJiZDExZmIxNzMzMTE3NTVjOTA2NWJjNmI2MDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ueiExMzd0n4vXY2kn3PRFMaOFaC
YotI2B0p6qn9WukHKsYQaj1n1VGRxArxDG+mj1XqEQ2ry41UxwvfP4FYY81XbouJ
dzHH74nIZEc2T8g2qjI87nXLpXUpKzHl2HbHC+KXnWGMq7wNRfd28FgoIj1nVa0K
psvVefYY9KRXaXNfmkAD0U7AMQhrxxQJWfHX65Q/vIWZQZpF4gKy78UBz9EThJOd
84ByOo2vnZazEXxHq9EaJe+H1yRSqPRE0BNmoY8ya482S9Lm6iscaY1wRIVdZSU9
TxPPOKng9S1npdkOd80RxeBaMwCc/T3j2jTsSNb71vavSZwSVM60EZ5UaQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLWYoK4nor0R+xczEXVckGW8a2BwMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdFppZ3JpZWl2Ukg3RnpNUmRWeVFaYnhyWUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAWSvRAwQA
WS5cAwQAXXLDMAwDBACy78kDBACy78oDBAHBKjYwDQYJKoZIhvcNAQELBQADggEB
AH83JjDJw8zz7Q7erhao5A/AkQHWK2WDmCCNrhWOeTXpRFAj/vOIkkDOXsouiYn6
pIdsoawm+DXgUUUwvHE3oWNVYub+0nrDpImPGL8d8uTTMcH5zi/Wo82YMWUKdioD
wl0Zp+AQWnkHC9NSUeMde4gyirmtVweY6lZestNrhus3UggXmucuxYM3HPmC4tjY
AZk/e741G2kGrpFPXO0gJrOzDTtN1PEZeq1hT+iR9vTLZGL5sVUwumHLfNEaUsnE
oA6fs5Y+a+aEE8t7ceA+IyYXrZh3vdQXh5xSt5kNPg0EaIAakFwb2KjwnMv2Vlue
zDOX4vV/57S+DaU1xO7iJrM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org