Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0kIA-tHOvHGuwPpEBsx8OJUShGU.roa
File: 0kIA-tHOvHGuwPpEBsx8OJUShGU.roa (raw, json)
Hash identifier: mQGGRsGLrHgLFGyGNlcpYU/AqrnJTD5QgyUOaRF9ZYo=
Subject key identifier: D2:42:00:FA:D1:CE:BC:71:AE:C0:FA:44:06:CC:7C:38:95:12:84:65
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0185EAB9A6B5E4D4C9AACD2886197FB9B264
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0kIA-tHOvHGuwPpEBsx8OJUShGU.roa
Signing time: Wed 25 Jan 2023 20:58:33 +0000
ROA not before: Wed 25 Jan 2023 20:58:33 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59432
IP address blocks: 185.121.228.0/23 maxlen: 23
185.121.230.0/23 maxlen: 23
77.75.62.0/23 maxlen: 23
194.4.158.0/23 maxlen: 23
213.32.248.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:ea:b9:a6:b5:e4:d4:c9:aa:cd:28:86:19:7f:b9:b2:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 25 20:58:33 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d24200fad1cebc71aec0fa4406cc7c3895128465
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:08:9e:b4:d9:1b:d9:e8:5a:c3:39:94:23:c8:
22:b5:57:f5:64:a1:74:56:b2:59:01:ad:b2:65:e6:
cf:69:05:79:56:a6:f0:24:cf:8e:f4:36:ed:b2:0f:
de:20:26:5c:3b:d9:82:a3:25:9e:65:66:32:60:91:
ec:86:5f:29:42:e1:47:60:84:e4:d0:de:7a:4e:d5:
99:43:fa:a0:0a:ea:b5:75:bd:40:99:c3:bd:07:a1:
4d:9d:3b:04:a7:c7:0c:bf:23:80:b1:e9:43:b3:a6:
c1:ca:02:28:32:14:f9:3d:92:58:c8:93:07:61:b9:
98:38:e8:22:32:18:62:1b:55:b2:2f:ea:20:03:b1:
f6:50:fe:d2:10:01:19:02:8a:82:d9:63:9e:f1:ba:
c5:2b:3d:4f:60:3c:3f:8a:4b:2d:eb:59:28:3c:2a:
4e:c0:9b:61:01:ab:c4:4c:f7:67:ed:6a:5f:5c:29:
2a:5a:ec:2a:2c:f2:f6:53:09:16:bf:f3:19:29:f2:
3c:60:f0:9d:12:10:3d:ee:e7:07:b0:68:a0:70:f5:
e2:4d:f2:bc:9b:8c:c3:86:01:c7:12:36:05:f1:20:
8a:5c:ee:f0:2a:e2:8f:cb:0b:2b:62:81:da:83:11:
37:dc:2a:2b:11:67:a4:93:be:29:3b:03:c2:c7:2a:
3e:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:42:00:FA:D1:CE:BC:71:AE:C0:FA:44:06:CC:7C:38:95:12:84:65
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0kIA-tHOvHGuwPpEBsx8OJUShGU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.75.62.0/23
185.121.228.0/22
194.4.158.0/23
213.32.248.0/23
Signature Algorithm: sha256WithRSAEncryption
46:7e:fe:02:3b:b2:fd:98:6a:ab:40:d5:43:e5:29:20:e7:0e:
e2:a2:96:59:a9:52:9e:ef:a4:58:cd:b4:3c:8f:d5:0b:08:bf:
e7:b6:a3:3e:14:07:dd:d6:18:03:6b:b5:49:a7:01:93:63:58:
f4:ff:5d:cc:08:3c:14:a9:ab:d5:4f:07:2f:99:80:3c:3c:4d:
5a:d0:a2:0b:31:14:0f:6a:15:34:38:10:5c:eb:fc:ce:71:12:
c7:9a:a0:a5:67:cf:0b:f9:48:ca:43:33:c5:26:08:cc:a8:ab:
70:47:be:58:18:8c:db:b6:d5:e6:2d:79:05:11:0e:11:ed:7d:
1b:7c:4b:8f:83:35:0a:a3:64:35:f9:a5:f6:07:71:8e:00:a1:
1b:a4:3c:2b:ad:17:b9:c2:84:ae:ea:5b:87:61:45:d2:9d:23:
79:54:90:40:41:bb:59:b5:d8:fd:af:c6:be:04:4a:c3:a3:93:
a8:f8:d1:f9:c0:2e:30:87:eb:f9:b2:a2:2c:3a:f9:75:41:e5:
19:b6:de:62:a9:f4:8a:a7:7d:76:21:16:c0:2a:95:d4:7a:0a:
bc:5b:32:a0:99:c3:15:50:8e:39:6b:fa:32:13:63:f3:63:bf:
e2:c3:51:99:c6:4d:27:33:3b:42:89:5d:6f:ba:f1:71:41:d1:
8a:2c:46:97
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYXquaa15NTJqs0ohhl/ubJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTI1MjA1ODMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjQyMDBmYWQxY2ViYzcxYWVjMGZhNDQwNmNjN2MzODk1MTI4NDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwietNkb2ehawzmUI8gitVf1ZKF0
VrJZAa2yZebPaQV5VqbwJM+O9Dbtsg/eICZcO9mCoyWeZWYyYJHshl8pQuFHYITk
0N56TtWZQ/qgCuq1db1AmcO9B6FNnTsEp8cMvyOAselDs6bBygIoMhT5PZJYyJMH
YbmYOOgiMhhiG1WyL+ogA7H2UP7SEAEZAoqC2WOe8brFKz1PYDw/ikst61koPCpO
wJthAavETPdn7WpfXCkqWuwqLPL2UwkWv/MZKfI8YPCdEhA97ucHsGigcPXiTfK8
m4zDhgHHEjYF8SCKXO7wKuKPywsrYoHagxE33CorEWekk74pOwPCxyo+2QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNJCAPrRzrxxrsD6RAbMfDiVEoRlMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMGtJQS10SE92SEd1d1BwRUJzeDhPSlVTaEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBTUs+AwQC
uXnkAwQBwgSeAwQB1SD4MA0GCSqGSIb3DQEBCwUAA4IBAQBGfv4CO7L9mGqrQNVD
5Skg5w7iopZZqVKe76RYzbQ8j9ULCL/ntqM+FAfd1hgDa7VJpwGTY1j0/13MCDwU
qavVTwcvmYA8PE1a0KILMRQPahU0OBBc6/zOcRLHmqClZ88L+UjKQzPFJgjMqKtw
R75YGIzbttXmLXkFEQ4R7X0bfEuPgzUKo2Q1+aX2B3GOAKEbpDwrrRe5woSu6luH
YUXSnSN5VJBAQbtZtdj9r8a+BErDo5Oo+NH5wC4wh+v5sqIsOvl1QeUZtt5iqfSK
p312IRbAKpXUegq8WzKgmcMVUI45a/oyE2PzY7/iw1GZxk0nMztCiV1vuvFxQdGK
LEaX
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:07 2024 by rpki-client on console-ams.rpki-client.org