Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vRDLuxTVcB1BG9palQwX1PJVaZM.roa
File: vRDLuxTVcB1BG9palQwX1PJVaZM.roa (raw, json)
Hash identifier: u4U50GNyG8NXwP/O/qj/pQsUysiOy45g+dE66/1SByo=
Subject key identifier: BD:10:CB:BB:14:D5:70:1D:41:1B:DA:5A:95:0C:17:D4:F2:55:69:93
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186A1F5909003FB4F9773A20FA997E8F034
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vRDLuxTVcB1BG9palQwX1PJVaZM.roa
Signing time: Thu 02 Mar 2023 10:54:30 +0000
ROA not before: Thu 02 Mar 2023 10:54:30 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 93.115.254.0/23 maxlen: 24
89.40.76.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
193.42.52.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
213.32.251.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
91.188.204.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a1:f5:90:90:03:fb:4f:97:73:a2:0f:a9:97:e8:f0:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 2 10:54:30 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bd10cbbb14d5701d411bda5a950c17d4f2556993
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:34:2d:f6:76:7f:68:91:87:4c:ef:e0:a9:b9:
46:b6:31:cd:a8:bc:d8:e8:d6:b3:b5:18:d5:74:83:
1f:3f:bc:21:2f:ee:e7:1a:73:99:ac:88:54:03:c5:
e8:44:e0:a9:c1:9b:47:08:ef:5b:92:4b:03:fd:de:
9d:6c:d5:08:b3:56:1c:12:d1:c1:ff:bc:86:70:2c:
6a:ae:4c:26:11:f0:37:4a:b4:af:41:ca:c0:91:b5:
45:14:d0:59:ff:0d:8d:44:bf:ec:66:df:2e:21:bb:
25:6b:7a:21:65:64:bc:cc:e8:a7:5e:34:51:bb:20:
f2:1b:4b:8f:e9:0a:fc:97:0f:bc:9f:ac:60:f4:87:
d4:1f:e8:6f:e3:47:cf:b7:bb:83:54:28:1e:29:00:
05:24:82:45:75:a8:1e:5b:82:b8:05:8c:6f:26:9d:
2c:8c:d1:7a:30:fe:ae:c7:46:69:65:62:fd:f7:53:
d1:11:08:3e:30:b7:a8:1d:56:14:1c:ae:5d:05:f5:
71:d0:13:5a:f7:00:c0:01:79:ec:33:be:68:8a:8d:
29:95:e3:e1:72:20:1e:9e:5b:53:49:c1:36:6f:13:
af:b7:5a:81:c9:8a:d6:c7:61:48:8f:8b:24:ef:5c:
01:70:2f:73:70:fa:2e:dd:c7:44:f8:ef:01:78:9f:
b8:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:10:CB:BB:14:D5:70:1D:41:1B:DA:5A:95:0C:17:D4:F2:55:69:93
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vRDLuxTVcB1BG9palQwX1PJVaZM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/24
89.40.76.0/24
91.188.204.0/24
93.115.254.0/23
185.103.72.0/24
185.238.10.0/24
185.241.210.0/23
185.255.169.0-185.255.171.255
193.42.52.0/24
213.32.251.0/24
Signature Algorithm: sha256WithRSAEncryption
25:3c:df:89:a1:32:db:4c:db:4f:cf:a8:a5:e2:85:a8:cd:2d:
b1:c2:b9:21:2b:88:00:e0:ec:d8:a6:42:ce:43:b2:ff:c9:15:
84:2f:dc:c7:5d:2c:c9:af:8b:0b:ea:b8:c9:d1:74:d3:81:a6:
28:bc:9c:45:64:13:b4:f4:1a:33:1d:33:c5:fc:8f:64:bb:34:
d1:42:9c:0d:06:0f:57:02:50:26:4b:61:23:c4:a7:8e:d3:90:
85:59:90:51:00:cb:ff:dd:fd:62:8f:34:67:8f:0a:f2:51:89:
9d:22:23:dd:2e:7e:ea:7b:be:b9:08:13:3e:3d:19:e2:e1:06:
6d:1d:1b:2a:14:60:6f:9e:66:76:5a:f0:01:52:7c:7e:e8:bf:
4a:38:7c:31:a8:67:66:57:eb:2d:30:52:47:10:06:80:09:11:
f4:7f:58:d2:b6:e1:6d:33:ae:f8:ea:97:f6:f5:5e:ff:a0:d9:
6a:cf:bb:a9:51:e9:59:c4:3e:67:fd:31:73:2f:8c:8a:ae:46:
3f:e5:74:de:0a:a2:91:ac:71:3a:c8:d5:b9:57:70:de:f8:88:
53:8f:d4:f5:39:48:08:af:02:98:02:b8:38:da:50:c8:6e:90:
19:9e:38:87:27:35:ab:10:f6:03:02:78:54:41:22:4f:e5:be:
bf:c9:36:51
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYah9ZCQA/tPl3OiD6mX6PA0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzAyMTA1NDMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDEwY2JiYjE0ZDU3MDFkNDExYmRhNWE5NTBjMTdkNGYyNTU2OTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDQt9nZ/aJGHTO/gqblGtjHNqLzY
6NaztRjVdIMfP7whL+7nGnOZrIhUA8XoROCpwZtHCO9bkksD/d6dbNUIs1YcEtHB
/7yGcCxqrkwmEfA3SrSvQcrAkbVFFNBZ/w2NRL/sZt8uIbsla3ohZWS8zOinXjRR
uyDyG0uP6Qr8lw+8n6xg9IfUH+hv40fPt7uDVCgeKQAFJIJFdageW4K4BYxvJp0s
jNF6MP6ux0ZpZWL991PREQg+MLeoHVYUHK5dBfVx0BNa9wDAAXnsM75oio0plePh
ciAenltTScE2bxOvt1qByYrWx2FIj4sk71wBcC9zcPou3cdE+O8BeJ+4QwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFL0Qy7sU1XAdQRvaWpUMF9TyVWmTMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdlJETHV4VFZjQjFCRzlwYWxRd1gxUEpWYVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAV/eUAwQA
WShMAwQAW7zMAwQBXXP+AwQAuWdIAwQAue4KAwQBufHSMAwDBAC5/6kDBAK5/6gD
BADBKjQDBADVIPswDQYJKoZIhvcNAQELBQADggEBACU834mhMttM20/PqKXihajN
LbHCuSEriADg7NimQs5Dsv/JFYQv3MddLMmviwvquMnRdNOBpii8nEVkE7T0GjMd
M8X8j2S7NNFCnA0GD1cCUCZLYSPEp47TkIVZkFEAy//d/WKPNGePCvJRiZ0iI90u
fup7vrkIEz49GeLhBm0dGyoUYG+eZnZa8AFSfH7ov0o4fDGoZ2ZX6y0wUkcQBoAJ
EfR/WNK24W0zrvjql/b1Xv+g2WrPu6lR6VnEPmf9MXMvjIquRj/ldN4KopGscTrI
1blXcN74iFOP1PU5SAivApgCuDjaUMhukBmeOIcnNasQ9gMCeFRBIk/lvr/JNlE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org