Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0vzMAnVxs7xGnMUjXD-AxPAE8cY.roa
File: 0vzMAnVxs7xGnMUjXD-AxPAE8cY.roa (raw, json)
Hash identifier: N4cfdYcSVA714Xr/+EITHs0JJ7VfBYF7qsj8XfGhMqQ=
Subject key identifier: D2:FC:CC:02:75:71:B3:BC:46:9C:C5:23:5C:3F:80:C4:F0:04:F1:C6
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018617593DC60347F7EA9866F163EBA5F611
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0vzMAnVxs7xGnMUjXD-AxPAE8cY.roa
Signing time: Fri 03 Feb 2023 12:56:09 +0000
ROA not before: Fri 03 Feb 2023 12:56:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 178.239.204.0/24 maxlen: 24
193.42.53.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:17:59:3d:c6:03:47:f7:ea:98:66:f1:63:eb:a5:f6:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 3 12:56:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d2fccc027571b3bc469cc5235c3f80c4f004f1c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:d1:b1:07:e7:e1:f3:52:c3:4a:5d:01:d6:8c:
1b:51:d3:bb:df:eb:1a:c8:72:01:08:0f:65:e1:cf:
a1:1e:2e:f3:40:59:71:de:53:29:c1:5b:2c:97:c2:
36:1b:09:ce:25:90:00:4d:2b:a1:26:52:94:e7:3b:
52:a0:b5:3b:d0:bb:d8:2a:27:a3:26:e4:45:33:2d:
cc:d5:65:97:14:1e:c2:34:ff:53:05:c5:f6:19:13:
84:4d:a8:d6:ff:62:19:8b:94:a0:b9:ce:c9:bf:81:
90:85:7f:b0:bc:9d:f7:da:97:4b:44:e9:ae:34:0f:
ba:a1:b3:1b:d3:a9:2f:81:c5:89:65:48:7b:fd:00:
6d:88:37:a2:12:3c:d9:03:d0:56:57:31:c4:6d:3f:
8f:ab:d0:fa:35:a0:64:27:24:33:9f:8b:72:5f:c4:
de:a9:05:5f:d6:c6:d3:e7:14:95:9c:3c:ec:2e:8b:
16:02:e6:b8:cd:17:0d:06:c2:bf:5b:b5:9f:c2:eb:
51:37:a9:95:93:5e:6a:24:94:37:bd:79:75:de:db:
93:ee:3f:e1:61:70:f7:14:d4:f7:27:8f:00:b8:8b:
38:70:42:e2:94:1a:74:13:14:8e:44:9a:a6:b3:03:
d3:83:4a:55:e0:ec:cc:27:0d:29:a9:59:56:41:a4:
61:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:FC:CC:02:75:71:B3:BC:46:9C:C5:23:5C:3F:80:C4:F0:04:F1:C6
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0vzMAnVxs7xGnMUjXD-AxPAE8cY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.239.204.0/24
185.103.75.0/24
193.42.53.0/24
Signature Algorithm: sha256WithRSAEncryption
84:22:05:1c:63:3d:f1:a9:62:bd:b1:7f:52:8a:bf:f6:af:4c:
47:d9:53:00:4e:ae:c4:29:77:e8:52:c6:b5:20:67:5a:87:0b:
be:7d:43:77:b8:26:d4:bb:cd:d1:d1:8e:8c:14:cb:11:17:ff:
af:33:f0:af:ad:c4:f6:69:a2:11:04:f3:e3:81:81:86:0e:dc:
1a:0c:04:da:35:a8:12:d7:f8:23:b5:59:89:d8:fe:a2:f0:e4:
c0:8d:b2:42:b1:d4:71:f9:47:29:34:5d:2a:aa:95:a8:79:f7:
ec:32:d6:a6:00:9e:0a:6b:ab:fb:d9:cc:27:0a:99:ca:0b:fb:
2f:37:d6:e4:55:93:4e:dd:84:30:f2:f7:f1:c0:ae:b9:a8:92:
0b:4d:12:b4:6f:de:42:b1:86:ef:ee:03:ea:3d:78:58:e3:f6:
bd:1d:de:6e:86:06:a0:55:e3:45:38:a1:60:51:a0:1b:3f:29:
d8:72:9e:50:a3:01:7c:c5:e1:0b:2d:cd:df:1f:61:01:fd:a9:
e6:a8:a3:82:06:09:71:d4:14:b2:62:27:d4:7e:35:25:ff:b7:
8b:d0:66:17:61:02:2d:84:1f:cc:6b:9b:f8:f9:ce:b3:5f:1b:
2d:ed:cb:d6:8a:11:92:c9:9d:de:be:b1:da:c1:18:88:0c:a3:
1f:64:32:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYYXWT3GA0f36phm8WPrpfYRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjAzMTI1NjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZjY2MwMjc1NzFiM2JjNDY5Y2M1MjM1YzNmODBjNGYwMDRmMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNGxB+fh81LDSl0B1owbUdO73+sa
yHIBCA9l4c+hHi7zQFlx3lMpwVssl8I2GwnOJZAATSuhJlKU5ztSoLU70LvYKiej
JuRFMy3M1WWXFB7CNP9TBcX2GROETajW/2IZi5Sguc7Jv4GQhX+wvJ332pdLROmu
NA+6obMb06kvgcWJZUh7/QBtiDeiEjzZA9BWVzHEbT+Pq9D6NaBkJyQzn4tyX8Te
qQVf1sbT5xSVnDzsLosWAua4zRcNBsK/W7WfwutRN6mVk15qJJQ3vXl13tuT7j/h
YXD3FNT3J48AuIs4cELilBp0ExSORJqmswPTg0pV4OzMJw0pqVlWQaRhWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNL8zAJ1cbO8RpzFI1w/gMTwBPHGMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMHZ6TUFuVnhzN3hHbk1ValhELUF4UEFFOGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsu/MAwQA
uWdLAwQAwSo1MA0GCSqGSIb3DQEBCwUAA4IBAQCEIgUcYz3xqWK9sX9Sir/2r0xH
2VMATq7EKXfoUsa1IGdahwu+fUN3uCbUu83R0Y6MFMsRF/+vM/CvrcT2aaIRBPPj
gYGGDtwaDATaNagS1/gjtVmJ2P6i8OTAjbJCsdRx+UcpNF0qqpWoeffsMtamAJ4K
a6v72cwnCpnKC/svN9bkVZNO3YQw8vfxwK65qJILTRK0b95CsYbv7gPqPXhY4/a9
Hd5uhgagVeNFOKFgUaAbPynYcp5QowF8xeELLc3fH2EB/anmqKOCBglx1BSyYifU
fjUl/7eL0GYXYQIthB/Ma5v4+c6zXxst7cvWihGSyZ3evrHawRiIDKMfZDLj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:43 2024 by rpki-client on console-fra.rpki-client.org