Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/P-8CG1shV5W7BLww5sE-AtQ7tNk.roa
File: P-8CG1shV5W7BLww5sE-AtQ7tNk.roa (raw, json)
Hash identifier: 9ONHqP3PRGRerx71r2RK1yppiVbf+sBrtI51ihq63+w=
Subject key identifier: 3F:EF:02:1B:5B:21:57:95:BB:04:BC:30:E6:C1:3E:02:D4:3B:B4:D9
Certificate issuer: /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial: 01880063F28A5F808E53312D0D895420DAC9
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/P-8CG1shV5W7BLww5sE-AtQ7tNk.roa
Signing time: Tue 09 May 2023 12:02:10 +0000
ROA not before: Tue 09 May 2023 12:02:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200450
IP address blocks: 185.225.236.0/24 maxlen: 24
77.104.187.0/24 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:00:63:f2:8a:5f:80:8e:53:31:2d:0d:89:54:20:da:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
Validity
Not Before: May 9 12:02:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3fef021b5b215795bb04bc30e6c13e02d43bb4d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:cb:3d:38:80:66:fa:5e:15:f3:53:0f:ae:53:
97:e7:4a:7a:62:1e:0a:70:23:6f:22:37:a7:24:3c:
fd:b7:57:d4:2d:1e:cc:f1:03:e2:81:e0:0f:49:f4:
03:e8:24:53:8b:ea:10:3e:3f:44:6c:c4:44:f5:f0:
35:a2:27:01:8a:a9:5f:10:40:50:e5:88:b5:8f:40:
16:3f:33:0c:46:45:eb:ea:ef:98:a5:a2:e0:d3:7b:
79:c8:83:02:60:56:fc:f4:90:b8:b0:7a:89:5f:9c:
e3:a4:d7:c8:ae:b1:c3:5b:80:8b:04:25:b1:7b:97:
61:ae:45:3f:3d:6b:ee:f1:19:51:9d:f9:22:c8:b0:
04:5d:47:2f:5c:7c:73:90:ce:b9:6d:88:33:1d:57:
15:03:c0:c4:08:40:bc:a8:bc:04:dc:1b:ce:be:3b:
40:eb:5b:1e:cf:4a:6d:aa:d7:ba:a7:21:bf:f1:7b:
fa:c9:3d:4c:3f:0c:29:90:f5:f4:ae:93:68:f9:96:
7f:70:cc:58:91:6c:8c:e2:cf:e0:ea:4b:19:5d:0c:
51:a4:8e:4a:05:9d:87:4a:4d:a5:fa:f2:b0:37:aa:
ba:33:a4:67:9e:36:87:7c:e3:21:00:30:50:66:b7:
6b:74:24:a4:32:e0:89:60:6f:d6:8b:44:c9:f3:54:
02:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:EF:02:1B:5B:21:57:95:BB:04:BC:30:E6:C1:3E:02:D4:3B:B4:D9
X509v3 Authority Key Identifier:
keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/P-8CG1shV5W7BLww5sE-AtQ7tNk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.104.187.0/24
185.225.236.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:bc:47:b8:af:3f:9b:7a:cf:3f:97:2f:b3:8e:9e:6d:07:6a:
76:8f:9d:d9:bc:bf:a4:f0:55:ae:17:cf:ea:c3:1e:93:12:ac:
4e:86:dc:b8:bd:4d:02:89:dd:4f:b3:53:2c:17:28:17:8c:b2:
9d:f3:62:c6:fd:51:96:46:f0:7b:96:2a:a1:f9:fa:1f:ab:a6:
bf:cf:f0:80:4c:86:80:0e:da:b9:37:de:c2:83:d4:23:4f:18:
e1:71:8e:d8:d3:59:12:b6:6f:5e:4b:19:0f:28:87:67:cc:48:
c9:ff:8e:3a:9f:d2:1f:34:ed:e2:a4:dd:a7:bd:45:be:c1:b0:
7e:a6:2e:c2:72:d1:58:83:e0:73:a1:72:8b:a8:9c:46:39:be:
34:21:94:97:62:a2:18:99:b2:44:d9:0a:81:53:62:bf:43:ea:
c4:f0:f9:8d:8e:a4:78:65:57:ee:9e:36:3e:62:80:7c:07:34:
0b:88:19:aa:00:3c:98:42:8d:27:b8:97:50:79:b6:d5:0e:3c:
af:a9:b3:30:ac:f7:02:f8:09:27:8c:df:14:09:0a:6b:e3:b2:
a5:aa:2a:2c:c6:8d:70:e4:2b:9b:be:f6:c5:3b:59:f2:05:a4:
e4:5b:f0:93:bf:74:88:d1:0d:a1:78:ae:dd:47:40:ee:68:20:
2f:a1:ba:d3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYgAY/KKX4COUzEtDYlUINrJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwNTA5MTIwMjEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmVmMDIxYjViMjE1Nzk1YmIwNGJjMzBlNmMxM2UwMmQ0M2JiNGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMs9OIBm+l4V81MPrlOX50p6Yh4K
cCNvIjenJDz9t1fULR7M8QPigeAPSfQD6CRTi+oQPj9EbMRE9fA1oicBiqlfEEBQ
5Yi1j0AWPzMMRkXr6u+YpaLg03t5yIMCYFb89JC4sHqJX5zjpNfIrrHDW4CLBCWx
e5dhrkU/PWvu8RlRnfkiyLAEXUcvXHxzkM65bYgzHVcVA8DECEC8qLwE3BvOvjtA
61sez0ptqte6pyG/8Xv6yT1MPwwpkPX0rpNo+ZZ/cMxYkWyM4s/g6ksZXQxRpI5K
BZ2HSk2l+vKwN6q6M6RnnjaHfOMhADBQZrdrdCSkMuCJYG/Wi0TJ81QCRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD/vAhtbIVeVuwS8MObBPgLUO7TZMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvUC04Q0cxc2hWNVc3Qkx3dzVzRS1BdFE3dE5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATWi7AwQA
ueHsMA0GCSqGSIb3DQEBCwUAA4IBAQBKvEe4rz+bes8/ly+zjp5tB2p2j53ZvL+k
8FWuF8/qwx6TEqxOhty4vU0Cid1Ps1MsFygXjLKd82LG/VGWRvB7liqh+fofq6a/
z/CATIaADtq5N97Cg9QjTxjhcY7Y01kStm9eSxkPKIdnzEjJ/446n9IfNO3ipN2n
vUW+wbB+pi7CctFYg+BzoXKLqJxGOb40IZSXYqIYmbJE2QqBU2K/Q+rE8PmNjqR4
ZVfunjY+YoB8BzQLiBmqADyYQo0nuJdQebbVDjyvqbMwrPcC+AknjN8UCQpr47Kl
qiosxo1w5CubvvbFO1nyBaTkW/CTv3SI0Q2heK7dR0DuaCAvobrT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org