Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/NKcCM0M-qSQsLjoM1nKafkRj6hg.roa
File: NKcCM0M-qSQsLjoM1nKafkRj6hg.roa (raw, json)
Hash identifier: VdA0Y7cr77Etou43rtGtn7EeoIdo2gopWTXSrcJ46OA=
Subject key identifier: 34:A7:02:33:43:3E:A9:24:2C:2E:3A:0C:D6:72:9A:7E:44:63:EA:18
Certificate issuer: /CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Certificate serial: 01830EC80CFBD468FBE26DFE6971E118207E
Authority key identifier: A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/NKcCM0M-qSQsLjoM1nKafkRj6hg.roa
Signing time: Mon 05 Sep 2022 17:52:15 +0000
ROA not before: Mon 05 Sep 2022 17:52:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212988
IP address blocks: 185.230.144.0/24 maxlen: 24
185.230.145.0/24 maxlen: 24
185.230.146.0/23 maxlen: 23
185.232.133.0/24 maxlen: 24
185.232.134.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:0e:c8:0c:fb:d4:68:fb:e2:6d:fe:69:71:e1:18:20:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a849204ca4f0eb4e56e08e099fe3785ce06ffeaa
Validity
Not Before: Sep 5 17:52:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=34a70233433ea9242c2e3a0cd6729a7e4463ea18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:c3:1d:a5:94:e2:fc:0f:cd:c8:f2:b1:bc:a3:
f1:47:44:92:cb:7b:27:d4:df:c3:7a:2b:cb:e4:9a:
ff:57:72:86:32:ef:2f:f8:f8:ee:9c:3f:60:ed:23:
8a:b1:c4:ba:cb:b3:6b:9b:f6:46:2b:f5:3d:59:9e:
a3:f5:6b:03:e0:0d:e3:1d:8b:9f:4f:17:c4:58:53:
56:4a:74:f2:17:e9:6f:6b:87:b9:30:26:47:17:66:
50:d5:36:99:92:d3:14:3b:b5:c2:28:12:2d:02:46:
34:64:a9:7c:e3:a7:e3:30:2e:0d:93:ac:fe:ae:13:
fc:4b:80:c7:8e:e8:03:74:8d:9f:ef:3b:60:24:b3:
7a:8e:ff:03:83:c3:74:c6:ce:a4:9e:9a:4b:10:c3:
5f:ad:65:9a:3d:80:a8:cc:93:72:55:96:9a:68:86:
9a:ee:f4:02:11:d7:93:0b:25:19:e4:36:57:1a:38:
7f:78:b0:b2:15:23:50:4e:f1:1b:d6:90:34:47:4b:
c9:14:b1:5d:07:73:06:3c:ef:81:0b:16:8b:c3:f6:
37:d9:82:38:7e:4e:2b:51:8e:b7:23:c3:89:80:a0:
fd:9e:21:8e:1e:02:f7:ba:b2:0d:67:35:f7:8b:82:
4b:21:4a:4e:c7:68:00:e7:17:32:fa:2c:8c:b0:c9:
76:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:A7:02:33:43:3E:A9:24:2C:2E:3A:0C:D6:72:9A:7E:44:63:EA:18
X509v3 Authority Key Identifier:
keyid:A8:49:20:4C:A4:F0:EB:4E:56:E0:8E:09:9F:E3:78:5C:E0:6F:FE:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEkgTKTw605W4I4Jn-N4XOBv_qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/NKcCM0M-qSQsLjoM1nKafkRj6hg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/45b23f-302b-41f2-9496-9ccbb08428fa/1/qEkgTKTw605W4I4Jn-N4XOBv_qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.230.144.0/22
185.232.133.0-185.232.134.255
Signature Algorithm: sha256WithRSAEncryption
63:84:25:63:80:ed:1c:1c:45:6e:fc:6b:65:71:5c:c0:a5:3d:
10:9f:2e:a7:f8:6c:24:c5:c7:2d:eb:ef:b4:b7:04:49:dc:83:
2b:31:65:51:78:33:a0:7e:3e:66:6c:06:04:10:9b:91:3b:d0:
a9:96:d7:3c:cf:a4:49:35:5b:0e:10:3e:99:9b:90:fd:83:66:
2e:c3:71:d9:ee:6d:c6:15:14:ad:9e:33:cb:8a:1b:86:37:b5:
4f:e1:2a:2b:b1:a1:d5:64:b7:69:6c:ab:02:e5:7a:6e:66:92:
a1:7b:52:50:43:61:b4:7a:8b:2d:7a:eb:74:71:10:31:5a:5b:
91:19:43:51:8c:fd:34:ba:22:98:d3:5c:07:89:c7:2d:43:e5:
ff:9b:20:6f:1d:b6:5c:85:64:b1:60:89:cb:cd:79:81:9e:f2:
f1:31:90:27:b8:4a:8d:09:fe:e4:3f:08:63:da:36:ff:c8:49:
12:e6:5c:84:47:33:77:53:20:04:2d:b4:64:2f:f2:14:1d:db:
e8:65:6e:f7:56:94:3b:8f:a0:2c:b7:c7:04:dc:05:08:39:b8:
2a:6c:e0:1b:4e:69:4a:3f:9f:22:90:6b:f3:5b:e1:48:7d:ec:
01:21:49:f4:0c:28:87:f8:38:01:24:bb:cb:1d:87:8a:f9:4b:
45:5a:c0:58
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYMOyAz71Gj74m3+aXHhGCB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDkyMDRjYTRmMGViNGU1NmUwOGUwOTlmZTM3ODVjZTA2
ZmZlYWEwHhcNMjIwOTA1MTc1MjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGE3MDIzMzQzM2VhOTI0MmMyZTNhMGNkNjcyOWE3ZTQ0NjNlYTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncMdpZTi/A/NyPKxvKPxR0SSy3sn
1N/DeivL5Jr/V3KGMu8v+PjunD9g7SOKscS6y7Nrm/ZGK/U9WZ6j9WsD4A3jHYuf
TxfEWFNWSnTyF+lva4e5MCZHF2ZQ1TaZktMUO7XCKBItAkY0ZKl846fjMC4Nk6z+
rhP8S4DHjugDdI2f7ztgJLN6jv8Dg8N0xs6knppLEMNfrWWaPYCozJNyVZaaaIaa
7vQCEdeTCyUZ5DZXGjh/eLCyFSNQTvEb1pA0R0vJFLFdB3MGPO+BCxaLw/Y32YI4
fk4rUY63I8OJgKD9niGOHgL3urINZzX3i4JLIUpOx2gA5xcy+iyMsMl2SwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDSnAjNDPqkkLC46DNZymn5EY+oYMB8GA1UdIwQY
MBaAFKhJIEyk8OtOVuCOCZ/jeFzgb/6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYt
OWNjYmIwODQyOGZhLzEvTktjQ00wTS1xU1FzTGpvTTFuS2Fma1JqNmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80NWIyM2YtMzAyYi00MWYyLTk0OTYtOWNjYmIwODQyOGZh
LzEvcUVrZ1RLVHc2MDVXNEk0Sm4tTjRYT0J2X3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCueaQMAwD
BAC56IUDBAC56IYwDQYJKoZIhvcNAQELBQADggEBAGOEJWOA7RwcRW78a2VxXMCl
PRCfLqf4bCTFxy3r77S3BEncgysxZVF4M6B+PmZsBgQQm5E70KmW1zzPpEk1Ww4Q
PpmbkP2DZi7DcdnubcYVFK2eM8uKG4Y3tU/hKiuxodVkt2lsqwLlem5mkqF7UlBD
YbR6iy1663RxEDFaW5EZQ1GM/TS6IpjTXAeJxy1D5f+bIG8dtlyFZLFgicvNeYGe
8vExkCe4So0J/uQ/CGPaNv/ISRLmXIRHM3dTIAQttGQv8hQd2+hlbvdWlDuPoCy3
xwTcBQg5uCps4BtOaUo/nyKQa/Nb4Uh97AEhSfQMKIf4OAEku8sdh4r5S0VawFg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:06 2024 by rpki-client on console-ams.rpki-client.org