Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/u9iWpM0yCil92B8fE0zp5aePZIM.roa
File: u9iWpM0yCil92B8fE0zp5aePZIM.roa (raw, json)
Hash identifier: /McjmNdnI8FxpuvTWxgdNLSKiDY+9mvc2cCZ2PVT9J0=
Subject key identifier: BB:D8:96:A4:CD:32:0A:29:7D:D8:1F:1F:13:4C:E9:E5:A7:8F:64:83
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01891FA2BE0288DF0BD295335F5E3206F555
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/u9iWpM0yCil92B8fE0zp5aePZIM.roa
Signing time: Tue 04 Jul 2023 06:41:46 +0000
ROA not before: Tue 04 Jul 2023 06:41:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60721
IP address blocks: 185.230.251.0/24 maxlen: 24
89.35.154.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:1f:a2:be:02:88:df:0b:d2:95:33:5f:5e:32:06:f5:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jul 4 06:41:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bbd896a4cd320a297dd81f1f134ce9e5a78f6483
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:6f:5c:45:49:05:90:63:7f:d1:97:17:b0:15:
49:cd:55:2b:c8:73:22:d7:8c:45:0d:ad:4b:64:2a:
c5:60:93:62:bf:1f:b0:4f:e5:8a:57:47:67:89:a7:
e2:48:24:b3:25:76:82:b7:95:d2:ca:20:5d:d5:85:
d0:58:1b:57:91:ca:57:59:40:90:6f:84:b2:27:f8:
4c:9d:46:3a:f2:bf:9f:e3:1c:0a:d1:2b:c3:b8:84:
88:d8:35:4e:cf:28:b6:4a:66:e8:b3:88:7d:c8:21:
99:94:fc:e5:9a:bf:72:d8:90:88:a2:85:7d:9e:2c:
a0:0d:0f:39:b3:e3:b6:ae:39:4d:a9:43:c4:ff:65:
51:35:1d:f8:5e:41:8a:c2:4a:56:7a:31:45:5b:d0:
63:de:10:bc:c0:eb:09:d3:e7:01:ee:98:d6:22:9c:
97:61:a1:f9:8e:ce:0a:2e:22:c9:81:85:b1:e4:1b:
2f:6e:a4:59:dc:38:16:e6:67:42:08:1f:d6:de:a3:
fa:01:56:b8:e5:9b:2e:94:76:fa:23:61:ca:9b:90:
4a:4a:64:48:7a:d4:7b:30:df:f7:2e:e8:75:33:3d:
80:fe:ec:86:d3:ae:50:9f:f0:ff:2d:39:3e:44:2e:
50:48:bc:c2:73:2d:56:7e:75:ee:41:87:16:86:6c:
96:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:D8:96:A4:CD:32:0A:29:7D:D8:1F:1F:13:4C:E9:E5:A7:8F:64:83
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/u9iWpM0yCil92B8fE0zp5aePZIM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.154.0/24
185.230.251.0/24
Signature Algorithm: sha256WithRSAEncryption
73:85:a3:f8:77:9c:ed:53:52:7a:5e:6a:5f:d8:dd:cb:b1:6c:
1c:ed:4e:cb:54:6f:92:b8:62:94:29:09:b6:d1:2a:47:d3:de:
eb:fa:84:93:24:7b:de:c0:f9:6e:bc:06:f6:a0:1a:2f:3b:69:
17:af:ef:0b:45:dd:6d:40:a7:29:d1:87:41:9c:bf:68:28:91:
80:b6:c7:ee:10:e4:52:44:05:24:f5:a3:ee:c3:0f:6f:c2:6f:
fa:90:dc:d8:39:d7:ab:98:8f:46:70:5b:bf:12:93:a2:a7:75:
c7:1c:64:b2:88:b1:47:77:d6:91:2d:14:66:04:44:9b:95:ab:
55:a1:58:d3:a1:e8:fd:7b:83:5a:d3:fb:b6:9b:95:f4:c8:61:
e2:94:56:13:e0:b6:15:2c:17:cf:45:1d:1c:cb:dc:ef:98:cb:
f0:ef:79:8b:57:4b:b4:8d:93:19:6d:35:bf:fc:83:6d:60:15:
c0:5c:47:a9:bf:b3:7b:14:1c:da:9d:3f:85:44:b6:f3:d5:1e:
88:09:d7:c9:a1:cd:8f:81:fb:af:17:76:cf:fc:f2:20:de:29:
2f:ec:4a:7d:b9:0c:34:d4:3a:38:2e:5a:e0:b0:7d:0a:dd:29:
a9:9c:ab:02:2f:79:81:d0:87:26:a1:88:88:f4:cf:d2:03:97:
3f:f0:e2:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYkfor4CiN8L0pUzX14yBvVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzA0MDY0MTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmQ4OTZhNGNkMzIwYTI5N2RkODFmMWYxMzRjZTllNWE3OGY2NDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu29cRUkFkGN/0ZcXsBVJzVUryHMi
14xFDa1LZCrFYJNivx+wT+WKV0dniafiSCSzJXaCt5XSyiBd1YXQWBtXkcpXWUCQ
b4SyJ/hMnUY68r+f4xwK0SvDuISI2DVOzyi2Smbos4h9yCGZlPzlmr9y2JCIooV9
niygDQ85s+O2rjlNqUPE/2VRNR34XkGKwkpWejFFW9Bj3hC8wOsJ0+cB7pjWIpyX
YaH5js4KLiLJgYWx5BsvbqRZ3DgW5mdCCB/W3qP6AVa45ZsulHb6I2HKm5BKSmRI
etR7MN/3Luh1Mz2A/uyG065Qn/D/LTk+RC5QSLzCcy1WfnXuQYcWhmyW2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLvYlqTNMgopfdgfHxNM6eWnj2SDMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdTlpV3BNMHlDaWw5MkI4ZkUwenA1YWVQWklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSOaAwQA
ueb7MA0GCSqGSIb3DQEBCwUAA4IBAQBzhaP4d5ztU1J6Xmpf2N3LsWwc7U7LVG+S
uGKUKQm20SpH097r+oSTJHvewPluvAb2oBovO2kXr+8LRd1tQKcp0YdBnL9oKJGA
tsfuEORSRAUk9aPuww9vwm/6kNzYOdermI9GcFu/EpOip3XHHGSyiLFHd9aRLRRm
BESblatVoVjToej9e4Na0/u2m5X0yGHilFYT4LYVLBfPRR0cy9zvmMvw73mLV0u0
jZMZbTW//INtYBXAXEepv7N7FBzanT+FRLbz1R6ICdfJoc2PgfuvF3bP/PIg3ikv
7Ep9uQw01Do4LlrgsH0K3SmpnKsCL3mB0IcmoYiI9M/SA5c/8OL3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org