Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zjSGkOhHUqQGp-1TT6L77AdMu8M.roa
File: zjSGkOhHUqQGp-1TT6L77AdMu8M.roa (raw, json)
Hash identifier: U/vjmIqIFv1bMIYL3TfjE0hNdzIKUnEhshbcy3N5oLQ=
Subject key identifier: CE:34:86:90:E8:47:52:A4:06:A7:ED:53:4F:A2:FB:EC:07:4C:BB:C3
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018779F796A8D33278822C222A4F93A5DB0D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zjSGkOhHUqQGp-1TT6L77AdMu8M.roa
Signing time: Thu 13 Apr 2023 09:34:41 +0000
ROA not before: Thu 13 Apr 2023 09:34:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 178.239.202.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
93.114.195.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.209.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
89.47.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:79:f7:96:a8:d3:32:78:82:2c:22:2a:4f:93:a5:db:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 13 09:34:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ce348690e84752a406a7ed534fa2fbec074cbbc3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:7e:f3:e7:f9:93:fb:34:2a:04:78:65:2e:91:
13:48:a5:1d:84:7d:20:82:51:e9:77:8b:e8:8c:02:
4c:89:16:8f:65:a3:2c:01:5e:e3:59:5a:f3:ff:37:
0a:bc:63:bb:72:d7:54:ce:52:b0:3d:9e:23:a0:39:
31:4c:05:44:66:66:f5:92:c4:8d:4c:b8:1b:11:e0:
66:8c:75:d8:cd:2c:87:c0:23:65:83:e9:4a:6f:b8:
c7:9f:9b:46:90:38:76:d6:dc:30:d6:00:7e:d1:aa:
bc:73:a4:94:68:2d:33:e7:24:ba:ab:53:59:26:57:
d7:55:7c:21:7c:11:96:38:75:0a:06:66:74:6b:cd:
69:1c:af:3d:3d:1a:6a:44:7d:a6:5a:f5:bd:3c:61:
0f:f7:2e:d3:b2:18:de:f9:0e:ea:f9:10:30:3c:a8:
a6:1b:23:01:c0:91:e5:20:75:6e:7a:68:4d:9d:c0:
19:99:1b:44:dc:9d:f2:46:10:e4:9e:db:12:57:71:
a1:65:37:47:02:60:19:6c:c3:dc:f1:14:9e:ef:a7:
e7:67:35:cc:b7:22:eb:6b:3e:7f:b4:aa:fb:8c:ab:
f5:46:01:2f:c5:f8:87:db:09:ab:e5:2f:d8:8c:e3:
52:f7:f7:e1:6d:05:a7:a0:ac:5c:98:2b:db:65:9f:
d8:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:34:86:90:E8:47:52:A4:06:A7:ED:53:4F:A2:FB:EC:07:4C:BB:C3
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zjSGkOhHUqQGp-1TT6L77AdMu8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.43.209.0/24
89.46.92.0/24
89.47.89.0/24
93.114.195.0/24
178.239.201.0-178.239.202.255
185.229.107.0/24
185.230.250.0/24
193.42.54.0/23
Signature Algorithm: sha256WithRSAEncryption
3c:11:45:ec:2c:41:5e:a1:99:2b:0f:b2:6c:10:f3:e4:7b:46:
7c:7d:39:b2:df:b6:b5:73:a0:36:51:6a:ab:42:43:dc:db:4b:
d4:4f:56:04:df:1b:75:27:b3:10:2c:0b:50:cf:bd:5a:f8:8a:
7b:80:60:70:23:f2:25:ea:a4:de:30:66:81:50:a4:34:30:60:
08:32:d3:a1:91:b9:89:a3:e6:cf:02:78:14:f6:9e:4f:e3:cc:
7f:6e:ab:a4:f2:d4:a9:99:08:f3:a6:a7:25:4d:63:4d:9d:c3:
fd:50:28:4e:ff:65:38:9f:42:c1:74:e5:86:ff:8b:58:6c:31:
aa:24:1f:2f:7a:7e:c1:6f:32:a4:0e:f2:7b:fd:eb:d9:50:cb:
a1:f0:93:cf:cd:a1:59:5d:86:f8:98:17:eb:4b:c4:fa:1c:82:
fd:1d:73:14:71:b5:78:bc:a5:df:11:fc:82:d1:0f:a6:d1:e9:
88:45:03:b0:e0:86:0b:84:b3:fe:67:b2:bb:3f:fd:08:8c:ff:
a8:54:d7:49:5c:70:3b:c2:f4:fb:ed:0f:0c:69:0a:a1:a6:b9:
83:84:cd:a2:9c:8e:e1:6c:7c:ea:bf:4b:da:31:db:59:ff:ce:
c2:49:5c:b9:da:84:b8:f8:b9:35:04:b6:12:bb:10:71:fb:c9:
d0:5d:e6:e5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYd595ao0zJ4giwiKk+TpdsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEzMDkzNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTM0ODY5MGU4NDc1MmE0MDZhN2VkNTM0ZmEyZmJlYzA3NGNiYmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqn7z5/mT+zQqBHhlLpETSKUdhH0g
glHpd4vojAJMiRaPZaMsAV7jWVrz/zcKvGO7ctdUzlKwPZ4joDkxTAVEZmb1ksSN
TLgbEeBmjHXYzSyHwCNlg+lKb7jHn5tGkDh21tww1gB+0aq8c6SUaC0z5yS6q1NZ
JlfXVXwhfBGWOHUKBmZ0a81pHK89PRpqRH2mWvW9PGEP9y7Tshje+Q7q+RAwPKim
GyMBwJHlIHVuemhNncAZmRtE3J3yRhDkntsSV3GhZTdHAmAZbMPc8RSe76fnZzXM
tyLraz5/tKr7jKv1RgEvxfiH2wmr5S/YjONS9/fhbQWnoKxcmCvbZZ/YWQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFM40hpDoR1KkBqftU0+i++wHTLvDMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvempTR2tPaEhVcVFHcC0xVFQ2TDc3QWRNdThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAWSvRAwQA
WS5cAwQAWS9ZAwQAXXLDMAwDBACy78kDBACy78oDBAC55WsDBAC55voDBAHBKjYw
DQYJKoZIhvcNAQELBQADggEBADwRRewsQV6hmSsPsmwQ8+R7Rnx9ObLftrVzoDZR
aqtCQ9zbS9RPVgTfG3UnsxAsC1DPvVr4inuAYHAj8iXqpN4wZoFQpDQwYAgy06GR
uYmj5s8CeBT2nk/jzH9uq6Ty1KmZCPOmpyVNY02dw/1QKE7/ZTifQsF05Yb/i1hs
MaokHy96fsFvMqQO8nv969lQy6Hwk8/NoVldhviYF+tLxPocgv0dcxRxtXi8pd8R
/ILRD6bR6YhFA7DghguEs/5nsrs//QiM/6hU10lccDvC9PvtDwxpCqGmuYOEzaKc
juFsfOq/S9ox21n/zsJJXLnahLj4uTUEthK7EHH7ydBd5uU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:15 2024 by rpki-client on console-ams.rpki-client.org