Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0ucghXqgdOWIDktjidFY7KSUc_M.roa
File: 0ucghXqgdOWIDktjidFY7KSUc_M.roa (raw, json)
Hash identifier: kBfUMopxWbVFkFMd7M4EOCa0T1VQCL9WADSD1DFXIzw=
Subject key identifier: D2:E7:20:85:7A:A0:74:E5:88:0E:4B:63:89:D1:58:EC:A4:94:73:F3
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01867D5A0906CCB03DFA2A0FDBAF09142BC6
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0ucghXqgdOWIDktjidFY7KSUc_M.roa
Signing time: Thu 23 Feb 2023 08:18:17 +0000
ROA not before: Thu 23 Feb 2023 08:18:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135752
IP address blocks: 178.239.203.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:7d:5a:09:06:cc:b0:3d:fa:2a:0f:db:af:09:14:2b:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 23 08:18:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d2e720857aa074e5880e4b6389d158eca49473f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:f9:f2:74:ea:11:a1:80:dc:f8:b0:4e:6d:a5:
7b:0b:f4:1b:f3:9f:b6:d1:41:2a:72:9e:85:23:f5:
3b:07:95:e3:46:04:82:93:96:2a:8e:4b:5b:cb:fd:
d0:2a:dc:1b:fd:81:33:13:52:3b:77:82:9e:a8:51:
84:c5:de:81:e2:9b:b4:c1:d2:a8:ae:3d:7b:5d:f7:
1f:53:c3:c8:25:a7:d0:21:ef:72:86:64:c3:03:88:
e4:f6:e0:dd:a3:33:57:23:99:10:49:b0:18:4a:ae:
6b:9a:9f:8d:fd:86:38:ff:d8:63:a8:4e:c1:ae:a9:
2e:42:5f:e1:cd:b9:08:23:15:d6:3d:5f:02:34:74:
e8:d6:6a:dc:35:e1:f9:2a:a9:43:2c:71:4d:68:c9:
b3:69:8f:1f:21:f6:6f:6f:a7:75:d2:81:90:b1:2d:
73:ff:08:95:5e:51:c7:13:17:35:85:1f:b8:05:b1:
0b:1a:a2:de:26:c7:be:9d:81:63:24:32:63:3d:24:
6b:b7:a3:bf:bf:a8:a8:7e:53:72:9f:7c:bc:8a:e8:
a1:06:19:44:35:55:2b:24:83:ed:6f:b5:c3:6b:5d:
f2:cc:4f:1b:6c:e2:4f:45:ad:e5:e8:b5:74:bd:70:
d7:10:95:d7:3f:43:e9:ee:3f:a0:9c:ae:87:0d:bd:
e0:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:E7:20:85:7A:A0:74:E5:88:0E:4B:63:89:D1:58:EC:A4:94:73:F3
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0ucghXqgdOWIDktjidFY7KSUc_M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.160.0/24
178.239.203.0/24
185.103.74.0/24
Signature Algorithm: sha256WithRSAEncryption
28:7d:e1:01:fc:f1:83:b8:3f:da:85:73:90:19:c4:ef:09:82:
27:34:79:34:53:52:42:ce:db:f1:8f:1c:4d:ac:cd:40:15:fc:
59:bf:6c:d0:64:8d:4e:4a:61:7c:d1:34:4c:4a:5a:0d:d3:8e:
5a:c6:41:20:c0:de:9c:6c:57:4f:af:a7:2f:aa:fb:c3:e7:20:
a7:15:ee:a5:f0:0b:8e:7a:be:18:9e:a9:81:3f:5c:df:c3:62:
42:2b:86:86:b5:97:28:0f:bd:5d:2a:f5:ec:c6:e9:cc:82:9f:
fc:71:39:cb:a8:58:a3:7a:99:18:c7:10:fc:32:83:13:59:16:
35:59:06:c8:ad:bd:06:47:30:f4:ad:5d:44:c2:ce:fb:4c:9b:
db:27:3e:2f:c1:8c:be:5f:20:23:a8:97:f1:28:25:d0:b7:5e:
d3:5a:a4:a3:83:c6:92:c7:f7:c7:dd:47:80:45:61:ce:3a:49:
fb:94:f6:58:4d:12:b3:30:ed:0f:07:d6:a9:f4:4d:86:c8:0c:
ec:a3:86:58:20:9f:be:4a:bf:ac:d4:ee:7a:7c:5a:65:49:fb:
20:f5:81:e2:c0:b2:63:94:b7:ea:60:11:98:af:5b:59:d7:db:
95:04:09:4e:af:6e:7e:b3:40:38:3d:a4:af:7f:7a:2f:48:04:
38:ab:dc:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYZ9WgkGzLA9+ioP268JFCvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjIzMDgxODE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmU3MjA4NTdhYTA3NGU1ODgwZTRiNjM4OWQxNThlY2E0OTQ3M2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/nydOoRoYDc+LBObaV7C/Qb85+2
0UEqcp6FI/U7B5XjRgSCk5Yqjktby/3QKtwb/YEzE1I7d4KeqFGExd6B4pu0wdKo
rj17XfcfU8PIJafQIe9yhmTDA4jk9uDdozNXI5kQSbAYSq5rmp+N/YY4/9hjqE7B
rqkuQl/hzbkIIxXWPV8CNHTo1mrcNeH5KqlDLHFNaMmzaY8fIfZvb6d10oGQsS1z
/wiVXlHHExc1hR+4BbELGqLeJse+nYFjJDJjPSRrt6O/v6ioflNyn3y8iuihBhlE
NVUrJIPtb7XDa13yzE8bbOJPRa3l6LV0vXDXEJXXP0Pp7j+gnK6HDb3gZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNLnIIV6oHTliA5LY4nRWOyklHPzMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMHVjZ2hYcWdkT1dJRGt0amlkRlk3S1NVY19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSigAwQA
su/LAwQAuWdKMA0GCSqGSIb3DQEBCwUAA4IBAQAofeEB/PGDuD/ahXOQGcTvCYIn
NHk0U1JCztvxjxxNrM1AFfxZv2zQZI1OSmF80TRMSloN045axkEgwN6cbFdPr6cv
qvvD5yCnFe6l8AuOer4YnqmBP1zfw2JCK4aGtZcoD71dKvXsxunMgp/8cTnLqFij
epkYxxD8MoMTWRY1WQbIrb0GRzD0rV1Ews77TJvbJz4vwYy+XyAjqJfxKCXQt17T
WqSjg8aSx/fH3UeARWHOOkn7lPZYTRKzMO0PB9ap9E2GyAzso4ZYIJ++Sr+s1O56
fFplSfsg9YHiwLJjlLfqYBGYr1tZ19uVBAlOr25+s0A4PaSvf3ovSAQ4q9zT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org