Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2i__N8IQD3U0NTCTvsUhgibfcjI.roa
File: 2i__N8IQD3U0NTCTvsUhgibfcjI.roa (raw, json)
Hash identifier: eEL2DfN0tSz4AmUZJrML3Sc8eoMp/Ov65sHHrVKfIWM=
Subject key identifier: DA:2F:FF:37:C2:10:0F:75:34:35:30:93:BE:C5:21:82:26:DF:72:32
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186B8032CD133758E493E8C14EC4C2BEF7A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2i__N8IQD3U0NTCTvsUhgibfcjI.roa
Signing time: Mon 06 Mar 2023 17:41:01 +0000
ROA not before: Mon 06 Mar 2023 17:41:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8100
IP address blocks: 185.236.62.0/24 maxlen: 24
178.239.195.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b8:03:2c:d1:33:75:8e:49:3e:8c:14:ec:4c:2b:ef:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 6 17:41:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=da2fff37c2100f7534353093bec5218226df7232
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:96:22:62:c6:46:cb:63:27:f6:9a:b6:f4:c0:
ef:39:a6:ce:4c:32:71:69:84:ed:17:f0:3d:34:8c:
94:ca:a6:6a:ef:f7:53:0b:18:4c:d5:92:84:c1:33:
07:f7:78:a5:7b:15:4f:3e:2d:04:76:5f:c1:d7:79:
46:02:e7:87:69:80:0f:77:0f:b9:51:aa:03:67:bd:
ac:02:f3:bc:a9:4c:c6:4f:1a:1a:26:a4:b5:ee:0c:
6a:bc:7f:63:5a:ee:08:e8:27:b5:90:64:9a:2a:32:
18:e1:e8:74:5a:a0:9a:b6:8e:f2:04:fd:51:c6:65:
6b:81:95:1e:03:51:b9:c7:da:3c:a6:87:24:fb:ea:
90:bf:d4:91:e8:26:4d:da:57:ba:8c:3c:30:a9:03:
4f:04:1e:7b:4e:39:69:76:4b:ed:d8:58:c2:19:84:
28:99:d1:1b:83:5a:4f:ae:ce:2b:d5:47:a1:24:0a:
71:b8:b0:21:17:07:68:54:4a:97:bf:80:10:63:30:
18:5b:a1:f2:41:10:6d:e5:bb:6a:4e:c1:a1:cb:a5:
b6:a7:a9:65:38:82:b0:c8:ce:36:cf:50:4b:91:47:
75:f2:5f:1f:a8:9d:3b:a6:1c:06:72:31:60:c9:56:
4c:d7:80:c1:bc:aa:09:27:cd:51:8b:5a:39:bb:20:
6d:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:2F:FF:37:C2:10:0F:75:34:35:30:93:BE:C5:21:82:26:DF:72:32
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2i__N8IQD3U0NTCTvsUhgibfcjI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.239.195.0/24
185.236.62.0/24
Signature Algorithm: sha256WithRSAEncryption
20:1f:98:1d:e5:8a:2c:da:7a:62:50:45:c5:19:c8:91:20:27:
6c:a4:58:3e:8b:2f:76:5d:61:0b:7f:03:91:e5:cf:c3:11:0e:
9c:7a:cf:cf:98:7a:3c:a5:aa:78:5a:fd:d9:a7:33:2e:17:ea:
e5:da:2e:8d:84:c7:06:17:6d:67:d3:46:c6:64:ee:23:0a:1f:
3d:e2:5c:52:fc:36:4a:9a:d5:bf:58:56:c0:2f:0e:dd:1c:04:
8d:ce:f9:e7:74:9d:43:96:90:59:cf:aa:c1:5d:c3:a3:26:29:
9e:e8:88:c9:01:b1:97:c9:24:76:54:6e:60:2a:47:cd:d6:f5:
43:e5:cf:d7:c6:72:be:a9:6c:3d:6c:03:e2:6f:90:20:84:db:
66:be:35:bf:ba:c7:c8:a1:22:f8:b6:51:76:c2:72:94:aa:c8:
d0:0d:50:10:3f:b8:25:69:96:03:13:5c:a8:4b:5e:6f:27:e1:
24:90:b8:31:b8:38:b3:2f:fb:72:8a:68:90:b1:39:52:b5:5e:
8c:ab:ed:06:ef:36:4b:be:ac:1a:f2:23:5e:41:62:07:87:16:
48:dd:22:a7:2e:44:f6:8a:dd:9d:de:b5:37:d3:6f:70:49:9c:
6c:3a:38:a7:17:29:f9:7e:8f:3c:cc:22:64:79:ad:fb:20:8b:
13:93:64:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYa4AyzRM3WOST6MFOxMK+96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA2MTc0MTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTJmZmYzN2MyMTAwZjc1MzQzNTMwOTNiZWM1MjE4MjI2ZGY3MjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5YiYsZGy2Mn9pq29MDvOabOTDJx
aYTtF/A9NIyUyqZq7/dTCxhM1ZKEwTMH93ilexVPPi0Edl/B13lGAueHaYAPdw+5
UaoDZ72sAvO8qUzGTxoaJqS17gxqvH9jWu4I6Ce1kGSaKjIY4eh0WqCato7yBP1R
xmVrgZUeA1G5x9o8pock++qQv9SR6CZN2le6jDwwqQNPBB57Tjlpdkvt2FjCGYQo
mdEbg1pPrs4r1UehJApxuLAhFwdoVEqXv4AQYzAYW6HyQRBt5btqTsGhy6W2p6ll
OIKwyM42z1BLkUd18l8fqJ07phwGcjFgyVZM14DBvKoJJ81Ri1o5uyBtEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNov/zfCEA91NDUwk77FIYIm33IyMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMmlfX044SVFEM1UwTlRDVHZzVWhnaWJmY2pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu/DAwQA
uew+MA0GCSqGSIb3DQEBCwUAA4IBAQAgH5gd5Yos2npiUEXFGciRICdspFg+iy92
XWELfwOR5c/DEQ6ces/PmHo8pap4Wv3ZpzMuF+rl2i6NhMcGF21n00bGZO4jCh89
4lxS/DZKmtW/WFbALw7dHASNzvnndJ1DlpBZz6rBXcOjJime6IjJAbGXySR2VG5g
KkfN1vVD5c/XxnK+qWw9bAPib5AghNtmvjW/usfIoSL4tlF2wnKUqsjQDVAQP7gl
aZYDE1yoS15vJ+EkkLgxuDizL/tyimiQsTlStV6Mq+0G7zZLvqwa8iNeQWIHhxZI
3SKnLkT2it2d3rU3029wSZxsOjinFyn5fo88zCJkea37IIsTk2QG
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org