Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/N6r3lv2Gv0hXJ8CFNBf9rfTqDe4.roa
File: N6r3lv2Gv0hXJ8CFNBf9rfTqDe4.roa (raw, json)
Hash identifier: /UHHwBSGV+7tqXSy+rpsMuDvMgyR/iGMcmLgMWd7FM8=
Subject key identifier: 37:AA:F7:96:FD:86:BF:48:57:27:C0:85:34:17:FD:AD:F4:EA:0D:EE
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018E09D3A1A57D6703631192435F52340F64
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/N6r3lv2Gv0hXJ8CFNBf9rfTqDe4.roa
Signing time: Mon 04 Mar 2024 14:17:27 +0000
ROA not before: Mon 04 Mar 2024 14:17:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59729
IP address blocks: 78.136.248.0/24 maxlen: 24
78.136.249.0/24 maxlen: 24
78.136.250.0/24 maxlen: 24
78.136.251.0/24 maxlen: 24
78.136.252.0/24 maxlen: 24
78.136.253.0/24 maxlen: 24
78.136.254.0/24 maxlen: 24
88.204.44.0/24 maxlen: 24
88.204.45.0/24 maxlen: 24
88.204.46.0/24 maxlen: 24
88.204.47.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:09:d3:a1:a5:7d:67:03:63:11:92:43:5f:52:34:0f:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Mar 4 14:17:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=37aaf796fd86bf485727c0853417fdadf4ea0dee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:75:0a:7e:fc:de:95:37:62:c7:e4:74:56:f8:
91:9d:82:2b:ee:5d:09:46:c2:00:b2:e8:a9:6b:df:
06:45:2e:a9:45:5c:44:4c:35:4c:73:74:1a:a5:3d:
4d:e9:ea:9a:cb:c2:dc:ce:2d:eb:37:e2:5a:84:ae:
f2:21:f8:19:ca:a9:f9:26:6b:7e:5e:b1:a8:68:89:
f9:0d:1c:03:3b:51:05:67:8d:2c:ba:97:aa:c5:83:
f5:4b:a6:a2:92:54:eb:92:e6:ba:69:57:a8:8b:8e:
ba:d0:23:f3:d4:2f:fc:c2:ae:84:de:ba:81:cf:01:
8b:4c:94:ed:b6:27:ea:b6:8e:e7:9b:81:d1:49:a3:
2c:e5:90:f2:82:f0:94:82:36:23:82:c6:46:d2:27:
37:ad:5c:71:45:47:f0:1b:b5:c1:cf:07:e8:a2:3f:
30:3a:88:b7:09:76:33:53:01:7b:bb:19:5d:26:2d:
16:b2:0f:6b:e8:4f:1e:a2:53:75:40:17:a9:a3:17:
f5:5a:5b:5d:3a:fa:1b:77:d4:40:61:58:61:ac:c9:
33:46:ab:36:fc:6a:68:b8:47:a7:33:9a:36:ae:47:
29:f1:ac:7c:b2:2b:a4:1a:88:5e:f6:e4:4d:ca:e6:
9a:58:14:2b:b5:36:30:1b:f6:7c:1a:ab:09:16:69:
a8:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:AA:F7:96:FD:86:BF:48:57:27:C0:85:34:17:FD:AD:F4:EA:0D:EE
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/N6r3lv2Gv0hXJ8CFNBf9rfTqDe4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0-78.136.254.255
88.204.44.0/22
Signature Algorithm: sha256WithRSAEncryption
63:5c:3e:97:43:77:1d:32:fe:9b:9b:c2:54:3f:a2:b8:fa:a8:
88:f0:72:be:c1:b0:c2:ef:0e:b1:07:a6:eb:61:c9:05:18:9e:
61:47:73:0a:48:22:e0:6c:4f:6e:a2:03:b8:f1:39:56:28:bd:
fc:60:25:68:74:89:02:5d:a9:d0:b2:31:e5:00:68:b4:42:4c:
42:14:22:8e:67:35:29:e3:fa:ba:0c:66:57:96:63:5d:9a:b4:
7f:ba:c4:c3:4f:d4:e4:12:f3:d9:b2:c5:6b:95:05:85:6c:c3:
33:fa:1a:e9:fb:f5:5e:6c:51:9c:b9:46:34:ab:13:34:b7:f9:
0b:c0:7e:06:f0:e3:28:06:a2:19:0e:e3:90:af:89:24:fe:41:
29:cb:12:45:04:ca:6e:eb:2f:76:68:c9:4b:3b:49:60:04:d1:
d6:40:e4:8d:85:0f:81:7d:96:ac:a8:8d:1a:9a:3c:7c:a2:f5:
a9:3e:3f:4d:fc:69:e0:d0:87:f6:e2:ba:e4:90:2a:41:08:1c:
90:13:19:f7:a3:0e:d3:63:29:cf:4a:bc:f0:9e:34:52:b4:e8:
07:8d:36:83:55:e5:a4:2f:21:9d:8f:93:01:27:7e:84:4b:df:
4c:bf:57:05:d4:88:a5:c9:2c:dc:9b:6b:17:bd:3f:8e:85:e2:
23:a6:5c:a8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY4J06GlfWcDYxGSQ19SNA9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjQwMzA0MTQxNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2FhZjc5NmZkODZiZjQ4NTcyN2MwODUzNDE3ZmRhZGY0ZWEwZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXUKfvzelTdix+R0VviRnYIr7l0J
RsIAsuipa98GRS6pRVxETDVMc3QapT1N6eqay8Lczi3rN+JahK7yIfgZyqn5Jmt+
XrGoaIn5DRwDO1EFZ40supeqxYP1S6aiklTrkua6aVeoi4660CPz1C/8wq6E3rqB
zwGLTJTttifqto7nm4HRSaMs5ZDygvCUgjYjgsZG0ic3rVxxRUfwG7XBzwfooj8w
Ooi3CXYzUwF7uxldJi0Wsg9r6E8eolN1QBepoxf1WltdOvobd9RAYVhhrMkzRqs2
/GpouEenM5o2rkcp8ax8siukGohe9uRNyuaaWBQrtTYwG/Z8GqsJFmmoNQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDeq95b9hr9IVyfAhTQX/a306g3uMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvTjZyM2x2Mkd2MGhYSjhDRk5CZjlyZlRxRGU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBANOiPgD
BABOiP4DBAJYzCwwDQYJKoZIhvcNAQELBQADggEBAGNcPpdDdx0y/pubwlQ/orj6
qIjwcr7BsMLvDrEHputhyQUYnmFHcwpIIuBsT26iA7jxOVYovfxgJWh0iQJdqdCy
MeUAaLRCTEIUIo5nNSnj+roMZleWY12atH+6xMNP1OQS89myxWuVBYVswzP6Gun7
9V5sUZy5RjSrEzS3+QvAfgbw4ygGohkO45CviST+QSnLEkUEym7rL3ZoyUs7SWAE
0dZA5I2FD4F9lqyojRqaPHyi9ak+P038aeDQh/biuuSQKkEIHJATGfejDtNjKc9K
vPCeNFK06AeNNoNV5aQvIZ2PkwEnfoRL30y/VwXUiKXJLNybaxe9P46F4iOmXKg=
-----END CERTIFICATE-----
Generated at Mon Apr 15 14:34:14 2024 by rpki-client on console-ams.rpki-client.org