Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/MBK8hGoGojULI4KOzB2piR6GRa0.roa
File: MBK8hGoGojULI4KOzB2piR6GRa0.roa (raw, json)
Hash identifier: c1iMhSPt9yVVj/2rYlX9mYWzDXGpRrUPfRWPIVBiWC8=
Subject key identifier: 30:12:BC:84:6A:06:A2:35:0B:23:82:8E:CC:1D:A9:89:1E:86:45:AD
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 0189864441BC272D3E06E6BA71BBADC37BB0
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/MBK8hGoGojULI4KOzB2piR6GRa0.roa
Signing time: Mon 24 Jul 2023 04:59:27 +0000
ROA not before: Mon 24 Jul 2023 04:59:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59729
IP address blocks: 78.136.196.0/24 maxlen: 24
78.136.197.0/24 maxlen: 24
78.136.198.0/24 maxlen: 24
78.136.199.0/24 maxlen: 24
88.204.40.0/24 maxlen: 24
78.136.202.0/24 maxlen: 24
88.204.41.0/24 maxlen: 24
78.136.203.0/24 maxlen: 24
88.204.42.0/24 maxlen: 24
88.204.43.0/24 maxlen: 24
88.204.44.0/24 maxlen: 24
78.136.200.0/24 maxlen: 24
88.204.46.0/24 maxlen: 24
88.204.47.0/24 maxlen: 24
88.204.45.0/24 maxlen: 24
78.136.248.0/24 maxlen: 24
78.136.249.0/24 maxlen: 24
78.136.250.0/24 maxlen: 24
78.136.251.0/24 maxlen: 24
78.136.252.0/24 maxlen: 24
78.136.253.0/24 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:86:44:41:bc:27:2d:3e:06:e6:ba:71:bb:ad:c3:7b:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jul 24 04:59:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3012bc846a06a2350b23828ecc1da9891e8645ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:72:b2:c5:15:dd:f6:04:86:8c:b8:77:e9:b9:
7f:f8:30:81:92:5b:73:64:88:a1:aa:8c:40:0f:b6:
82:d4:90:05:47:78:cc:6f:7a:08:d6:a0:1b:55:63:
0b:ee:8b:fd:c7:bb:e2:d0:55:b8:b9:1d:c6:86:7f:
71:ca:5c:46:81:e4:b2:e9:45:e1:0f:e2:85:a3:3b:
11:e7:53:d9:d2:4f:37:fd:bc:dc:08:78:70:34:54:
7a:08:96:b8:0e:88:05:47:7a:26:55:0a:5d:bc:64:
ce:d9:c0:46:76:04:32:b5:3c:2b:bf:be:cf:69:e5:
b9:bc:5c:7e:ff:29:34:ad:ca:f1:c3:c8:86:c5:b0:
80:bc:55:ea:ae:07:e7:ae:65:14:b3:dc:18:e6:1c:
ee:e3:81:a5:ba:2d:00:1a:7c:cb:f0:8a:5a:db:c8:
66:24:02:2b:73:0c:08:f8:e6:1a:0f:1c:60:a6:39:
e9:27:b4:9d:9b:3e:5b:7f:20:a5:10:ef:3b:20:50:
e3:1c:e7:b9:56:28:20:53:b1:5c:ed:6f:21:60:a1:
48:f0:b2:f2:5e:ea:34:d4:b4:03:f4:90:40:a0:4e:
e3:88:55:10:ad:52:12:ea:3e:39:ad:0c:15:b9:3e:
bd:56:e5:4d:51:54:37:4b:aa:98:ed:4f:b8:11:88:
70:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:12:BC:84:6A:06:A2:35:0B:23:82:8E:CC:1D:A9:89:1E:86:45:AD
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/MBK8hGoGojULI4KOzB2piR6GRa0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.196.0-78.136.200.255
78.136.202.0/23
78.136.248.0-78.136.254.255
88.204.40.0/21
Signature Algorithm: sha256WithRSAEncryption
1e:1b:19:6c:72:3a:bc:b0:d5:03:16:19:a5:06:27:b5:0f:f2:
a8:f0:5b:41:0e:09:46:6d:d2:86:8b:30:a2:62:7f:94:ea:c4:
03:61:dd:77:62:33:14:71:1d:ab:8a:5c:64:4c:74:70:7b:51:
0d:cb:7a:25:ba:a6:7f:91:cc:b8:53:2d:b2:11:75:53:35:20:
c0:ca:8f:2b:ff:9c:19:e9:3b:93:7b:6f:81:53:e9:ef:0c:04:
e2:46:f3:04:6d:1a:c0:8e:cc:19:13:05:74:29:a9:d2:85:6a:
3b:42:3f:88:01:f1:14:93:d5:fb:67:d0:1f:b3:9a:52:7d:a1:
56:92:5d:ce:25:f5:bf:78:99:c0:da:cd:b9:02:ec:8f:b9:27:
82:0d:6a:03:21:2d:45:0f:93:25:50:39:2d:c0:7f:5d:42:09:
3d:8c:59:27:aa:b9:31:f0:fb:e4:09:4b:bd:c7:38:8d:8e:29:
8e:a5:1b:15:6e:40:31:87:b5:59:98:8a:65:a9:ea:84:9b:88:
74:b1:4d:ae:e7:97:87:81:ba:56:cc:f6:4d:aa:07:5e:24:68:
65:ea:01:46:8e:0d:7f:d3:d4:16:23:27:14:cf:d6:9e:2b:b4:
b3:52:1a:45:40:3d:34:0d:4e:9a:1c:cb:43:c0:78:eb:ab:2d:
4b:b8:6e:a2
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYmGREG8Jy0+Bua6cbutw3uwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMwNzI0MDQ1OTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDEyYmM4NDZhMDZhMjM1MGIyMzgyOGVjYzFkYTk4OTFlODY0NWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXKyxRXd9gSGjLh36bl/+DCBkltz
ZIihqoxAD7aC1JAFR3jMb3oI1qAbVWML7ov9x7vi0FW4uR3Ghn9xylxGgeSy6UXh
D+KFozsR51PZ0k83/bzcCHhwNFR6CJa4DogFR3omVQpdvGTO2cBGdgQytTwrv77P
aeW5vFx+/yk0rcrxw8iGxbCAvFXqrgfnrmUUs9wY5hzu44Glui0AGnzL8Ipa28hm
JAIrcwwI+OYaDxxgpjnpJ7Sdmz5bfyClEO87IFDjHOe5ViggU7Fc7W8hYKFI8LLy
Xuo01LQD9JBAoE7jiFUQrVIS6j45rQwVuT69VuVNUVQ3S6qY7U+4EYhwOwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFDASvIRqBqI1CyOCjswdqYkehkWtMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvTUJLOGhHb0dvalVMSTRLT3pCMnBpUjZHUmEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAJOiMQD
BABOiMgDBAFOiMowDAMEA06I+AMEAE6I/gMEA1jMKDANBgkqhkiG9w0BAQsFAAOC
AQEAHhsZbHI6vLDVAxYZpQYntQ/yqPBbQQ4JRm3ShoswomJ/lOrEA2Hdd2IzFHEd
q4pcZEx0cHtRDct6Jbqmf5HMuFMtshF1UzUgwMqPK/+cGek7k3tvgVPp7wwE4kbz
BG0awI7MGRMFdCmp0oVqO0I/iAHxFJPV+2fQH7OaUn2hVpJdziX1v3iZwNrNuQLs
j7kngg1qAyEtRQ+TJVA5LcB/XUIJPYxZJ6q5MfD75AlLvcc4jY4pjqUbFW5AMYe1
WZiKZanqhJuIdLFNrueXh4G6Vsz2TaoHXiRoZeoBRo4Nf9PUFiMnFM/Wniu0s1Ia
RUA9NA1OmhzLQ8B466stS7huog==
-----END CERTIFICATE-----
Generated at Thu Aug 31 14:44:18 2023 by rpki-client on console-ams.rpki-client.org