Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U2NIqLcsrFKT0vb9YTc4CGPZhCo.roa
File: U2NIqLcsrFKT0vb9YTc4CGPZhCo.roa (raw, json)
Hash identifier: cfYn66gDp91LyjsAniwWszp66Woi0s060Ktbzlz4U6c=
Subject key identifier: 53:63:48:A8:B7:2C:AC:52:93:D2:F6:FD:61:37:38:08:63:D9:84:2A
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018614F3D49CCD9B03631FC7F4E69D5D43AA
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U2NIqLcsrFKT0vb9YTc4CGPZhCo.roa
Signing time: Fri 03 Feb 2023 01:46:09 +0000
ROA not before: Fri 03 Feb 2023 01:46:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211975
IP address blocks: 89.36.231.0/24 maxlen: 24
89.37.106.0/24 maxlen: 24
89.44.210.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:14:f3:d4:9c:cd:9b:03:63:1f:c7:f4:e6:9d:5d:43:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Feb 3 01:46:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=536348a8b72cac5293d2f6fd6137380863d9842a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:20:44:e8:02:b1:79:81:76:46:bc:f1:75:05:
2e:81:ba:0c:3e:c8:ae:1d:92:8c:ea:47:2a:e3:b5:
eb:d8:fa:0f:9a:19:23:81:7c:f3:9a:54:26:ee:fe:
b4:7d:14:50:fd:08:6d:38:c0:75:10:c9:c4:d7:9d:
6d:99:ad:d6:d8:62:e5:26:2b:23:65:9d:89:4a:ef:
f9:93:09:0a:0b:87:db:55:2b:4e:3e:43:fa:8e:ba:
6b:37:18:bc:99:7e:bf:0a:c9:7a:c4:e7:f3:0d:44:
a7:11:bd:ab:c5:a8:4e:c7:71:57:d3:86:bd:ce:24:
a2:8f:dc:b1:37:e5:22:9a:7d:cd:39:16:21:f4:b4:
e1:5a:ab:92:86:71:33:c1:8b:a1:62:9a:98:aa:35:
bd:8b:fb:6c:f0:4e:04:0c:41:fd:0c:d0:74:47:d7:
62:a6:5a:60:b4:f8:23:1f:59:f1:a9:27:70:f5:f2:
a0:83:1d:3d:eb:06:34:99:26:da:8f:23:c4:95:61:
bb:12:3a:83:8d:d1:02:a0:4f:aa:e7:4a:1a:a4:82:
4d:7a:7c:04:97:09:c1:7b:55:be:1d:f8:41:3b:12:
c1:b1:d4:60:fe:84:f4:07:cb:a2:4a:32:14:eb:9b:
2e:70:56:fd:8a:24:94:55:66:78:50:b4:c3:c6:48:
6e:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:63:48:A8:B7:2C:AC:52:93:D2:F6:FD:61:37:38:08:63:D9:84:2A
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U2NIqLcsrFKT0vb9YTc4CGPZhCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.36.231.0/24
89.37.106.0/24
89.44.210.0/24
Signature Algorithm: sha256WithRSAEncryption
53:41:b1:8c:53:c8:2e:28:53:e4:91:9f:e6:91:35:d3:56:9e:
a3:7c:99:7c:fb:23:f3:42:42:b3:48:e1:cc:24:cb:92:71:05:
6f:c4:dd:71:32:a4:33:94:3a:e1:4f:7b:89:26:a8:09:6c:f4:
49:10:d4:bc:c6:72:0f:29:4f:99:2a:d0:7c:52:d3:70:15:4b:
f4:54:0a:b0:69:61:77:19:22:d1:e8:bc:ff:8f:43:86:07:53:
65:c4:a4:2a:a6:d0:90:c3:39:c3:98:c5:a4:d2:0a:96:4f:64:
48:24:8a:1b:68:75:0d:ee:cd:a7:3d:93:64:d0:eb:90:ad:09:
7e:5e:cb:c8:1b:fb:0a:a7:f4:c4:46:d4:b2:2b:fa:d4:35:7e:
f8:b1:6b:78:f6:85:81:f9:6f:88:1e:ce:34:d3:d9:34:44:75:
5c:35:97:2c:48:ba:e9:37:0a:2b:5f:07:a7:ff:4a:50:0a:d6:
ca:25:c7:f7:e1:f1:6b:cd:48:4c:cb:20:f5:01:5e:49:f7:28:
aa:51:e7:3f:65:d6:17:c8:99:40:fe:b2:01:cf:25:ba:70:76:
81:a6:9f:27:94:37:ef:c3:c5:0a:1a:e3:75:09:46:13:66:7f:
58:33:c1:1c:f6:e6:92:c0:1c:f0:e4:19:24:1a:22:28:7e:5d:
c7:ca:ab:2b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYYU89SczZsDYx/H9OadXUOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwMjAzMDE0NjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzYzNDhhOGI3MmNhYzUyOTNkMmY2ZmQ2MTM3MzgwODYzZDk4NDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiBE6AKxeYF2RrzxdQUugboMPsiu
HZKM6kcq47Xr2PoPmhkjgXzzmlQm7v60fRRQ/QhtOMB1EMnE151tma3W2GLlJisj
ZZ2JSu/5kwkKC4fbVStOPkP6jrprNxi8mX6/Csl6xOfzDUSnEb2rxahOx3FX04a9
ziSij9yxN+Uimn3NORYh9LThWquShnEzwYuhYpqYqjW9i/ts8E4EDEH9DNB0R9di
plpgtPgjH1nxqSdw9fKggx096wY0mSbajyPElWG7EjqDjdECoE+q50oapIJNenwE
lwnBe1W+HfhBOxLBsdRg/oT0B8uiSjIU65sucFb9iiSUVWZ4ULTDxkhuUwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFNjSKi3LKxSk9L2/WE3OAhj2YQqMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvVTJOSXFMY3NyRktUMHZiOVlUYzRDR1BaaENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSTnAwQA
WSVqAwQAWSzSMA0GCSqGSIb3DQEBCwUAA4IBAQBTQbGMU8guKFPkkZ/mkTXTVp6j
fJl8+yPzQkKzSOHMJMuScQVvxN1xMqQzlDrhT3uJJqgJbPRJENS8xnIPKU+ZKtB8
UtNwFUv0VAqwaWF3GSLR6Lz/j0OGB1NlxKQqptCQwznDmMWk0gqWT2RIJIobaHUN
7s2nPZNk0OuQrQl+XsvIG/sKp/TERtSyK/rUNX74sWt49oWB+W+IHs4009k0RHVc
NZcsSLrpNworXwen/0pQCtbKJcf34fFrzUhMyyD1AV5J9yiqUec/ZdYXyJlA/rIB
zyW6cHaBpp8nlDfvw8UKGuN1CUYTZn9YM8Ec9uaSwBzw5BkkGiIofl3Hyqsr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org