Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MwMsHTBbsKb6xC0XVxBLsGtQigA.roa
File: MwMsHTBbsKb6xC0XVxBLsGtQigA.roa (raw, json)
Hash identifier: 0Y4qeZ+xJVGHjGmFUMs3nRiMCdhQWmvvMrM6Ogj+8X4=
Subject key identifier: 33:03:2C:1D:30:5B:B0:A6:FA:C4:2D:17:57:10:4B:B0:6B:50:8A:00
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 04AEBE14
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MwMsHTBbsKb6xC0XVxBLsGtQigA.roa
Signing time: Tue 28 Jun 2022 10:25:02 +0000
ROA not before: Tue 28 Jun 2022 10:25:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60721
IP address blocks: 185.225.23.0/24 maxlen: 24
185.199.156.0/24 maxlen: 24
185.228.75.0/24 maxlen: 24
185.228.72.0/24 maxlen: 24
185.214.111.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 78560788 (0x4aebe14)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: Jun 28 10:25:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=33032c1d305bb0a6fac42d1757104bb06b508a00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:be:be:e7:9b:51:0a:f1:ab:04:32:f9:52:d3:
6c:cb:c4:8e:fe:b8:f2:72:01:e5:dc:46:33:6b:43:
22:00:99:06:36:d3:02:2e:3e:6e:70:14:9e:9d:b6:
81:31:72:35:72:d8:55:6d:c8:c2:a1:43:dc:1f:98:
00:bd:34:f1:f7:6c:91:24:56:34:1c:40:29:4e:f2:
41:71:3f:6d:96:32:6c:24:d1:f3:43:79:9d:2a:fe:
cd:0e:e3:c7:a0:00:33:87:dc:89:a4:90:d4:71:a6:
b5:cc:63:88:a7:d1:18:03:9f:a2:85:a1:76:0d:4a:
51:79:be:66:57:55:8a:26:89:22:50:72:a8:0e:75:
bc:90:61:13:8d:bc:48:46:85:b0:3d:f7:0d:7a:8b:
50:8a:1c:0c:7e:ba:c9:f3:f9:9f:03:dc:08:65:09:
0f:47:37:03:17:25:f6:9d:86:05:72:b8:e8:96:8e:
fe:4f:8d:94:55:cf:04:a2:83:18:12:3a:2c:2c:47:
21:70:bd:f3:07:cc:0c:3c:cb:64:df:b3:fd:dc:a3:
9a:7c:7a:79:d6:93:36:f0:c8:90:a1:ba:3e:6f:4e:
39:a1:17:aa:b2:d7:72:8d:59:9b:51:3b:90:81:9d:
5a:79:8e:21:8b:f5:d8:65:83:e9:a1:b1:74:6e:ff:
99:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:03:2C:1D:30:5B:B0:A6:FA:C4:2D:17:57:10:4B:B0:6B:50:8A:00
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/MwMsHTBbsKb6xC0XVxBLsGtQigA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.199.156.0/24
185.214.111.0/24
185.225.23.0/24
185.228.72.0/24
185.228.75.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:90:c7:0a:36:c5:82:a0:13:56:ca:d3:f5:ea:f9:90:68:e0:
0d:f5:b8:02:36:bc:16:f5:92:c3:06:82:47:f3:06:08:9f:2c:
5d:52:9a:9d:54:ec:21:cc:d0:a8:30:a8:30:f1:df:da:fd:5d:
38:c4:e0:06:5a:db:bb:06:cb:f7:b6:66:92:ec:18:1a:79:03:
56:15:44:e8:1a:76:2b:62:b4:38:18:c3:f9:3e:5d:72:99:12:
77:31:df:20:b5:d1:51:e1:bb:19:2d:02:75:82:62:ff:b7:f7:
f0:1b:08:6a:29:5c:09:82:27:76:14:17:b4:8e:42:8f:88:11:
36:8b:4e:eb:9a:80:c6:f1:01:de:ea:95:ff:5c:69:08:e0:35:
f1:54:8f:d1:d3:67:e2:b2:b7:06:04:bf:10:2e:a6:93:a4:be:
79:0e:05:c4:cd:45:65:83:f7:d2:d8:db:0c:16:37:15:eb:83:
43:c0:fc:82:37:82:e3:d7:04:c9:a1:a0:fe:6c:0b:48:f2:62:
5f:8d:81:6d:4b:a6:54:e6:24:1b:54:a7:c1:c4:16:d4:02:5a:
5b:d8:fe:eb:f0:38:33:a4:60:69:33:c5:01:85:4c:e4:8b:3b:
79:84:bb:bd:95:55:2d:8e:09:20:8f:48:94:9e:77:a8:2f:a7:
83:17:45:05
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEBK6+FDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NjhiZmI4YTVlZWU0OTA4MmVhNjI4ZGYyNWE0YTVkNTBmM2FhOWIzMB4XDTIyMDYy
ODEwMjUwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzMwMzJjMWQzMDVi
YjBhNmZhYzQyZDE3NTcxMDRiYjA2YjUwOGEwMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJq+vuebUQrxqwQy+VLTbMvEjv648nIB5dxGM2tDIgCZBjbT
Ai4+bnAUnp22gTFyNXLYVW3IwqFD3B+YAL008fdskSRWNBxAKU7yQXE/bZYybCTR
80N5nSr+zQ7jx6AAM4fciaSQ1HGmtcxjiKfRGAOfooWhdg1KUXm+ZldViiaJIlBy
qA51vJBhE428SEaFsD33DXqLUIocDH66yfP5nwPcCGUJD0c3Axcl9p2GBXK46JaO
/k+NlFXPBKKDGBI6LCxHIXC98wfMDDzLZN+z/dyjmnx6edaTNvDIkKG6Pm9OOaEX
qrLXco1Zm1E7kIGdWnmOIYv12GWD6aGxdG7/mdcCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBQzAywdMFuwpvrELRdXEEuwa1CKADAfBgNVHSMEGDAWgBQ2i/uKXu5JCC6m
KN8lpKXVDzqpszAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05vdjdpbDd1U1FndXBpamZKYVNsMVE4NnFiTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvYWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8x
L013TXNIVEJic0tiNnhDMFhWeEJMc0d0UWlnQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
YWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8xL05vdjdpbDd1U1Fn
dXBpamZKYVNsMVE4NnFiTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEALnHnAMEALnWbwMEALnhFwMEALnk
SAMEALnkSzANBgkqhkiG9w0BAQsFAAOCAQEAfpDHCjbFgqATVsrT9er5kGjgDfW4
Aja8FvWSwwaCR/MGCJ8sXVKanVTsIczQqDCoMPHf2v1dOMTgBlrbuwbL97ZmkuwY
GnkDVhVE6Bp2K2K0OBjD+T5dcpkSdzHfILXRUeG7GS0CdYJi/7f38BsIailcCYIn
dhQXtI5Cj4gRNotO65qAxvEB3uqV/1xpCOA18VSP0dNn4rK3BgS/EC6mk6S+eQ4F
xM1FZYP30tjbDBY3FeuDQ8D8gjeC49cEyaGg/mwLSPJiX42BbUumVOYkG1SnwcQW
1AJaW9j+6/A4M6RgaTPFAYVM5Is7eYS7vZVVLY4JII9IlJ53qC+ngxdFBQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:35 2024 by rpki-client on console-ams.rpki-client.org