Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/jNGkulTCe_il_2EVsNPIdG8UOFw.roa
File: jNGkulTCe_il_2EVsNPIdG8UOFw.roa (raw, json)
Hash identifier: lVV3e32r13OaXIP8FGnHk8cXWsgaetWVpZdJ50ETkgU=
Subject key identifier: 8C:D1:A4:BA:54:C2:7B:F8:A5:FF:61:15:B0:D3:C8:74:6F:14:38:5C
Certificate issuer: /CN=6d650af172444b52116a7a67d74aac7df8a55e1c
Certificate serial: 018C8B81BA257469F303E99B32F61AC924E5
Authority key identifier: 6D:65:0A:F1:72:44:4B:52:11:6A:7A:67:D7:4A:AC:7D:F8:A5:5E:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/jNGkulTCe_il_2EVsNPIdG8UOFw.roa
Signing time: Thu 21 Dec 2023 08:33:03 +0000
ROA not before: Thu 21 Dec 2023 08:33:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43129
IP address blocks: 185.190.249.0/24 maxlen: 24
2a0a:11c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:8b:81:ba:25:74:69:f3:03:e9:9b:32:f6:1a:c9:24:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d650af172444b52116a7a67d74aac7df8a55e1c
Validity
Not Before: Dec 21 08:33:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8cd1a4ba54c27bf8a5ff6115b0d3c8746f14385c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:2e:3a:d1:64:05:ab:b0:c0:0d:e9:e8:c3:99:
a4:a1:a9:50:a2:dd:50:3f:b1:6a:78:9b:6a:d4:47:
92:fc:15:db:02:23:84:0f:36:6e:06:06:67:6c:2b:
0b:03:a9:1f:1b:e1:7f:46:6e:ab:92:0b:5e:24:45:
e2:e4:8a:9d:c8:b5:27:8f:0f:5b:42:bb:c6:ae:44:
9d:b4:f8:9a:ce:0c:08:74:d4:53:84:ef:2c:e5:74:
e1:5d:d5:2b:f2:72:ad:d5:a2:f8:17:f1:e2:be:f7:
a5:b2:3a:e9:b3:42:41:70:19:02:5b:96:be:ab:aa:
13:c5:a3:39:2b:cf:0b:a4:f6:25:15:50:de:03:40:
26:f6:7e:0c:04:fd:7d:5d:95:28:c6:52:a0:a4:09:
91:e6:fc:a6:09:53:d1:f8:ed:e5:11:a9:34:62:f2:
82:60:38:a5:41:fb:ef:67:0d:60:f1:fb:65:f3:12:
f5:b4:1a:91:62:2e:a4:47:aa:f2:e2:27:43:d6:b5:
a0:c6:c0:fe:ac:6d:a7:57:b9:18:89:4e:30:95:30:
01:28:a5:9a:9f:61:5c:69:2d:55:42:f7:94:88:d4:
7c:1e:db:13:ae:67:b4:64:be:9d:0c:9f:1f:ec:a0:
90:f9:e0:8c:7a:30:01:91:ec:da:c5:fa:1e:ab:a5:
a3:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:D1:A4:BA:54:C2:7B:F8:A5:FF:61:15:B0:D3:C8:74:6F:14:38:5C
X509v3 Authority Key Identifier:
keyid:6D:65:0A:F1:72:44:4B:52:11:6A:7A:67:D7:4A:AC:7D:F8:A5:5E:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/jNGkulTCe_il_2EVsNPIdG8UOFw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/bWUK8XJES1IRanpn10qsffilXhw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.249.0/24
IPv6:
2a0a:11c0::/29
Signature Algorithm: sha256WithRSAEncryption
57:de:54:6a:ca:bf:e9:89:0c:b8:b4:0f:e3:16:57:37:82:cb:
e9:99:2c:b7:7c:c5:6c:df:ab:c2:a3:a6:f1:41:0d:33:b1:e5:
44:a6:7b:d4:99:58:ef:b3:45:d4:5d:c1:3b:5a:12:dd:49:52:
67:76:14:81:9b:3e:55:a3:fd:12:a9:39:1d:0a:5f:52:9a:33:
60:2c:06:f0:f4:99:85:07:a3:31:32:15:00:1b:37:11:93:32:
91:b0:a4:2c:3b:1e:29:68:53:e9:07:62:7f:c5:7c:24:01:52:
01:21:39:79:14:7d:2b:45:5c:59:33:a3:db:ce:34:5d:e9:06:
93:84:32:84:f1:7f:f0:5e:c1:ac:6e:0e:ab:48:7a:18:ad:2b:
cd:5a:7e:1e:cb:bf:58:65:7f:c3:e4:7f:89:45:6e:2e:07:f3:
5e:b2:0c:b2:c0:75:58:41:f0:12:3c:f9:ba:a1:59:03:2a:72:
7f:d7:4e:9c:3e:d0:53:d5:aa:2c:ed:cd:00:be:0f:34:0e:c1:
9c:8a:47:96:f1:a9:67:d5:bc:f0:95:86:05:cd:1b:56:23:1d:
6f:4d:45:36:b4:9c:ef:77:8b:56:86:d7:08:c3:d9:d3:ed:be:
db:29:df:c4:c9:33:f7:9c:9f:42:8d:61:f0:bc:20:85:0e:79:
0f:84:17:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYyLgboldGnzA+mbMvYaySTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjUwYWYxNzI0NDRiNTIxMTZhN2E2N2Q3NGFhYzdkZjhh
NTVlMWMwHhcNMjMxMjIxMDgzMzAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2QxYTRiYTU0YzI3YmY4YTVmZjYxMTViMGQzYzg3NDZmMTQzODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoi460WQFq7DADenow5mkoalQot1Q
P7FqeJtq1EeS/BXbAiOEDzZuBgZnbCsLA6kfG+F/Rm6rkgteJEXi5IqdyLUnjw9b
QrvGrkSdtPiazgwIdNRThO8s5XThXdUr8nKt1aL4F/Hivvelsjrps0JBcBkCW5a+
q6oTxaM5K88LpPYlFVDeA0Am9n4MBP19XZUoxlKgpAmR5vymCVPR+O3lEak0YvKC
YDilQfvvZw1g8ftl8xL1tBqRYi6kR6ry4idD1rWgxsD+rG2nV7kYiU4wlTABKKWa
n2FcaS1VQveUiNR8HtsTrme0ZL6dDJ8f7KCQ+eCMejABkezaxfoeq6Wj/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIzRpLpUwnv4pf9hFbDTyHRvFDhcMB8GA1UdIwQY
MBaAFG1lCvFyREtSEWp6Z9dKrH34pV4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYldVSzhYSkVTMUlSYW5wbjEwcXNmZmlsWGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9iN2NhODktNzBmMi00MDhmLWE0ZTQt
YjRhMGNiOGVkODIxLzEvak5Ha3VsVENlX2lsXzJFVnNOUElkRzhVT0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9iN2NhODktNzBmMi00MDhmLWE0ZTQtYjRhMGNiOGVkODIx
LzEvYldVSzhYSkVTMUlSYW5wbjEwcXNmZmlsWGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAub75MA0E
AgACMAcDBQMqChHAMA0GCSqGSIb3DQEBCwUAA4IBAQBX3lRqyr/piQy4tA/jFlc3
gsvpmSy3fMVs36vCo6bxQQ0zseVEpnvUmVjvs0XUXcE7WhLdSVJndhSBmz5Vo/0S
qTkdCl9SmjNgLAbw9JmFB6MxMhUAGzcRkzKRsKQsOx4paFPpB2J/xXwkAVIBITl5
FH0rRVxZM6PbzjRd6QaThDKE8X/wXsGsbg6rSHoYrSvNWn4ey79YZX/D5H+JRW4u
B/NesgyywHVYQfASPPm6oVkDKnJ/106cPtBT1aos7c0Avg80DsGcikeW8aln1bzw
lYYFzRtWIx1vTUU2tJzvd4tWhtcIw9nT7b7bKd/EyTP3nJ9CjWHwvCCFDnkPhBe8
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:45 2024 by rpki-client on console-ams.rpki-client.org