Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/183DCGok81G-WcoNGR4nalwiOL4.roa
File: 183DCGok81G-WcoNGR4nalwiOL4.roa (raw, json)
Hash identifier: GM+jUgCR2wy0GhnNDaJKTqePhOl17N4JPgNji4UzVr0=
Subject key identifier: D7:CD:C3:08:6A:24:F3:51:BE:59:CA:0D:19:1E:27:6A:5C:22:38:BE
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01877196501F649B413504F75290CDC13977
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/183DCGok81G-WcoNGR4nalwiOL4.roa
Signing time: Tue 11 Apr 2023 18:31:28 +0000
ROA not before: Tue 11 Apr 2023 18:31:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209043
IP address blocks: 78.142.242.0/23 maxlen: 24
103.205.24.0/24 maxlen: 24
185.236.61.0/24 maxlen: 24
193.42.53.0/24 maxlen: 24
89.44.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:71:96:50:1f:64:9b:41:35:04:f7:52:90:cd:c1:39:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 11 18:31:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d7cdc3086a24f351be59ca0d191e276a5c2238be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:c6:2b:a3:b4:9a:f4:5e:54:c0:cc:c4:df:15:
75:57:1a:01:13:52:59:69:df:b4:56:49:ed:cd:34:
03:60:a1:b4:6b:7d:19:61:73:78:f8:32:3d:fc:90:
24:3d:6b:87:6a:c5:87:17:14:22:b6:3a:42:b2:ae:
7f:95:54:c7:9f:1d:d1:5b:8d:31:e0:3c:b5:fd:e7:
ef:a8:81:a9:08:c3:0d:cf:34:b3:5c:6d:10:62:66:
33:87:31:42:db:dc:a7:33:0c:3c:f6:4e:51:f1:ae:
a3:62:59:09:26:f2:97:be:06:b5:56:8e:a9:cb:05:
4f:32:e7:53:ae:08:ca:74:6c:05:a0:4b:7d:e3:ad:
63:f4:e9:90:76:f9:af:d5:ba:ef:04:7a:5e:92:17:
4f:b2:17:62:a1:03:a5:c1:b4:a4:31:75:e0:ba:4c:
b8:1e:c9:50:1c:ee:eb:95:3a:53:74:b5:c8:34:0a:
d5:e4:81:29:84:a7:6a:37:38:dd:63:2c:d8:7f:72:
15:5a:49:18:2e:69:60:5b:68:24:83:32:ea:fd:83:
e7:76:02:35:97:52:eb:15:fb:a5:9b:35:84:d1:69:
a6:c5:95:4e:e3:93:bd:dc:4a:aa:49:1e:72:39:19:
b9:e5:40:5a:23:66:60:d5:85:69:98:fb:64:27:b6:
6d:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:CD:C3:08:6A:24:F3:51:BE:59:CA:0D:19:1E:27:6A:5C:22:38:BE
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/183DCGok81G-WcoNGR4nalwiOL4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/23
89.44.207.0/24
103.205.24.0/24
185.236.61.0/24
193.42.53.0/24
Signature Algorithm: sha256WithRSAEncryption
75:56:2e:2c:fb:00:fd:cf:e9:79:52:c1:55:7d:05:5d:5e:3d:
d3:a1:18:6b:44:a0:d4:06:d6:33:18:86:f0:6d:5d:e4:fa:df:
96:e6:ec:d5:55:ed:10:93:17:e2:0e:dc:50:6d:46:fd:5a:a0:
55:71:b1:28:e3:40:b2:44:80:51:46:45:83:eb:5d:58:dd:61:
20:3f:2d:d9:a3:31:5e:95:36:90:e4:cd:9c:60:05:e6:f9:22:
59:d6:e7:1f:72:b5:87:59:da:96:ae:ac:6a:a4:56:82:b4:9a:
00:b0:d7:41:10:01:9f:f6:fd:07:94:62:b7:e0:ef:df:07:1b:
91:62:46:c7:40:bf:99:ec:73:95:7e:04:b3:84:cc:e1:78:03:
cb:2f:76:8b:1f:3a:36:6f:ca:05:30:85:60:55:e7:ed:95:89:
17:f2:41:e8:b7:cb:d0:46:b1:bc:23:f0:58:f8:44:c1:24:33:
b1:6f:f3:4b:ca:c1:a0:00:91:24:c3:4d:82:aa:19:35:05:36:
01:ed:2a:91:6d:8e:45:54:b8:5f:7a:a0:b7:8d:fa:ff:0c:1a:
d3:25:88:b5:11:76:62:d4:01:19:a9:b0:ee:2a:8e:5a:97:0f:
d3:94:41:4e:dc:2b:2b:ce:6e:45:7a:0c:ce:a2:48:d8:eb:c9:
3a:f0:eb:42
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYdxllAfZJtBNQT3UpDNwTl3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDExMTgzMTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2NkYzMwODZhMjRmMzUxYmU1OWNhMGQxOTFlMjc2YTVjMjIzOGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8Yro7Sa9F5UwMzE3xV1VxoBE1JZ
ad+0VkntzTQDYKG0a30ZYXN4+DI9/JAkPWuHasWHFxQitjpCsq5/lVTHnx3RW40x
4Dy1/efvqIGpCMMNzzSzXG0QYmYzhzFC29ynMww89k5R8a6jYlkJJvKXvga1Vo6p
ywVPMudTrgjKdGwFoEt9461j9OmQdvmv1brvBHpekhdPshdioQOlwbSkMXXguky4
HslQHO7rlTpTdLXINArV5IEphKdqNzjdYyzYf3IVWkkYLmlgW2gkgzLq/YPndgI1
l1LrFfulmzWE0WmmxZVO45O93EqqSR5yORm55UBaI2Zg1YVpmPtkJ7ZtXwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNfNwwhqJPNRvlnKDRkeJ2pcIji+MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMTgzRENHb2s4MUctV2NvTkdSNG5hbHdpT0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBTo7yAwQA
WSzPAwQAZ80YAwQAuew9AwQAwSo1MA0GCSqGSIb3DQEBCwUAA4IBAQB1Vi4s+wD9
z+l5UsFVfQVdXj3ToRhrRKDUBtYzGIbwbV3k+t+W5uzVVe0QkxfiDtxQbUb9WqBV
cbEo40CyRIBRRkWD611Y3WEgPy3ZozFelTaQ5M2cYAXm+SJZ1ucfcrWHWdqWrqxq
pFaCtJoAsNdBEAGf9v0HlGK34O/fBxuRYkbHQL+Z7HOVfgSzhMzheAPLL3aLHzo2
b8oFMIVgVeftlYkX8kHot8vQRrG8I/BY+ETBJDOxb/NLysGgAJEkw02Cqhk1BTYB
7SqRbY5FVLhfeqC3jfr/DBrTJYi1EXZi1AEZqbDuKo5alw/TlEFO3Csrzm5FegzO
okjY68k68OtC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org