Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8mS0IepXSkK9lkHHNXaigQn2xUg.roa
File: 8mS0IepXSkK9lkHHNXaigQn2xUg.roa (raw, json)
Hash identifier: zN8D7cEbaBD4SEnBxWhNcpva9Yl89ztHLPdL7Jtv1DM=
Subject key identifier: F2:64:B4:21:EA:57:4A:42:BD:96:41:C7:35:76:A2:81:09:F6:C5:48
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018730E558900A989F538D6253B1E525ACC9
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8mS0IepXSkK9lkHHNXaigQn2xUg.roa
Signing time: Thu 30 Mar 2023 05:02:29 +0000
ROA not before: Thu 30 Mar 2023 05:02:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.121.229.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:30:e5:58:90:0a:98:9f:53:8d:62:53:b1:e5:25:ac:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 30 05:02:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f264b421ea574a42bd9641c73576a28109f6c548
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:5c:f4:3a:59:0c:91:dd:77:28:31:5e:0b:05:
e4:3f:b9:5a:67:30:6e:6f:ca:66:a2:0c:66:35:5b:
60:6d:bc:00:31:62:88:e6:81:6f:94:8b:24:9d:8b:
e2:e0:64:77:5a:c0:8a:0a:78:44:37:08:d5:b1:05:
11:be:57:5b:23:9f:ad:a6:b0:40:b8:6b:b0:59:0b:
08:b5:af:f9:5b:29:b3:33:7d:58:d1:08:92:1a:0f:
a9:78:8f:a7:53:e6:82:80:d8:7a:0e:6c:f3:bb:10:
41:3b:98:d3:a7:32:26:56:f2:5c:9e:a7:a5:a2:04:
5e:b7:1d:74:93:72:31:dd:64:79:0d:ff:fe:2c:ae:
95:a6:96:fd:ce:05:4c:eb:cd:ed:bf:a5:5c:9a:d0:
db:d5:31:05:73:49:3a:62:8a:05:cd:87:7b:df:57:
89:35:0b:01:cd:25:89:e6:e8:67:cc:da:74:8e:86:
a8:72:18:6c:d9:55:70:46:b7:1e:c5:2c:5d:55:74:
99:28:fc:fc:aa:4e:eb:7d:6a:b0:73:6a:fe:8d:ac:
26:b7:5a:87:c1:c9:46:2a:56:59:50:c2:b6:48:e2:
f6:22:e2:fb:21:c3:c1:19:83:12:39:03:a0:45:95:
20:bf:b5:3c:69:52:6e:18:29:61:d1:f7:4d:07:8c:
43:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:64:B4:21:EA:57:4A:42:BD:96:41:C7:35:76:A2:81:09:F6:C5:48
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8mS0IepXSkK9lkHHNXaigQn2xUg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.114.246.0/24
185.103.74.0/24
185.121.229.0/24
185.236.62.0/24
194.4.158.0/24
213.32.248.0/24
Signature Algorithm: sha256WithRSAEncryption
71:ee:10:25:1b:38:c3:04:9f:1d:3e:3f:bb:0b:c9:e5:57:8d:
6d:70:3a:bc:f8:48:5a:75:96:8d:ae:78:92:42:aa:44:18:ab:
fe:12:da:ca:09:aa:46:a9:7f:16:f5:3a:35:3d:ae:2b:32:3c:
ee:38:f5:13:6a:07:b5:8f:ec:1a:30:72:50:00:49:51:41:5e:
f1:63:5e:cc:b8:7a:a6:99:01:46:65:32:fb:a1:bd:45:ee:80:
fd:bd:a3:aa:f4:cf:7f:0c:04:66:1a:57:d2:3a:57:31:f3:11:
be:37:b0:0d:54:51:1f:57:a3:97:f9:17:c6:fa:94:ed:c6:36:
0d:78:46:82:ba:f8:19:29:21:e0:8b:88:70:de:d0:97:c8:09:
ed:b4:f4:32:db:57:0c:ee:76:4b:9c:df:d6:40:5e:6e:70:ac:
78:5d:d1:d8:5f:37:f6:e4:85:7f:14:9f:0c:ce:44:a8:f0:8f:
fe:a3:10:4d:5c:69:86:32:f5:ce:e8:a5:b5:da:9e:8d:49:5e:
5c:e6:2b:82:59:86:ef:4c:58:00:48:cd:30:f5:9c:91:9e:ff:
7c:c8:be:96:d5:79:f6:10:ca:a7:2c:48:f7:23:ef:c0:02:fe:
ce:bd:27:10:fe:8c:85:d2:c0:3f:16:32:f9:df:16:93:ed:73:
35:82:72:1c
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYcw5ViQCpifU41iU7HlJazJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzMwMDUwMjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjY0YjQyMWVhNTc0YTQyYmQ5NjQxYzczNTc2YTI4MTA5ZjZjNTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1z0OlkMkd13KDFeCwXkP7laZzBu
b8pmogxmNVtgbbwAMWKI5oFvlIsknYvi4GR3WsCKCnhENwjVsQURvldbI5+tprBA
uGuwWQsIta/5WymzM31Y0QiSGg+peI+nU+aCgNh6DmzzuxBBO5jTpzImVvJcnqel
ogRetx10k3Ix3WR5Df/+LK6Vppb9zgVM683tv6VcmtDb1TEFc0k6YooFzYd731eJ
NQsBzSWJ5uhnzNp0joaochhs2VVwRrcexSxdVXSZKPz8qk7rfWqwc2r+jawmt1qH
wclGKlZZUMK2SOL2IuL7IcPBGYMSOQOgRZUgv7U8aVJuGClh0fdNB4xD2QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPJktCHqV0pCvZZBxzV2ooEJ9sVIMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvOG1TMEllcFhTa0s5bGtISE5YYWlnUW4yeFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAXXL2AwQA
uWdKAwQAuXnlAwQAuew+AwQAwgSeAwQA1SD4MA0GCSqGSIb3DQEBCwUAA4IBAQBx
7hAlGzjDBJ8dPj+7C8nlV41tcDq8+EhadZaNrniSQqpEGKv+EtrKCapGqX8W9To1
Pa4rMjzuOPUTage1j+waMHJQAElRQV7xY17MuHqmmQFGZTL7ob1F7oD9vaOq9M9/
DARmGlfSOlcx8xG+N7ANVFEfV6OX+RfG+pTtxjYNeEaCuvgZKSHgi4hw3tCXyAnt
tPQy21cM7nZLnN/WQF5ucKx4XdHYXzf25IV/FJ8MzkSo8I/+oxBNXGmGMvXO6KW1
2p6NSV5c5iuCWYbvTFgASM0w9ZyRnv98yL6W1Xn2EMqnLEj3I+/AAv7OvScQ/oyF
0sA/FjL53xaT7XM1gnIc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org