Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BDW66PmYguy40SZroPR2v-I13VI.roa
File: BDW66PmYguy40SZroPR2v-I13VI.roa (raw, json)
Hash identifier: 06/lltVVaYMbfzkoQthGdgh7MxqO3AW61yE8Ol+BjTc=
Subject key identifier: 04:35:BA:E8:F9:98:82:EC:B8:D1:26:6B:A0:F4:76:BF:E2:35:DD:52
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0185F9B5041BAFF1C298B256DC6920179501
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BDW66PmYguy40SZroPR2v-I13VI.roa
Signing time: Sat 28 Jan 2023 18:47:47 +0000
ROA not before: Sat 28 Jan 2023 18:47:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 193.42.53.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:f9:b5:04:1b:af:f1:c2:98:b2:56:dc:69:20:17:95:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 28 18:47:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0435bae8f99882ecb8d1266ba0f476bfe235dd52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:f7:60:52:55:8c:da:9e:e7:5b:55:f9:92:73:
c4:c6:50:49:a5:49:b6:49:2e:17:98:2d:fe:28:bf:
b8:f8:3e:02:20:1a:d3:c5:11:5c:35:62:fc:a9:ce:
ef:02:56:f1:b2:28:d4:e9:fe:30:e4:41:35:5c:ea:
64:18:bd:5d:f5:e5:08:c1:2d:f2:17:a8:74:97:82:
07:4a:8a:8f:b1:c8:e4:14:a8:59:ab:24:79:30:12:
ae:a9:1a:53:3a:70:97:bf:68:e8:c8:aa:a5:22:18:
b7:9b:78:cf:4a:b0:39:2c:e6:68:4d:a7:4a:2f:d4:
57:58:55:85:c1:30:14:b6:91:54:73:14:e0:72:0e:
e5:2f:ea:10:f5:52:0d:df:34:c6:b5:ab:8a:9c:33:
c6:15:ac:54:92:cd:76:c9:5a:a3:61:69:14:83:98:
39:21:94:3f:48:99:1b:98:49:4e:17:a3:3a:4a:81:
05:87:1e:ac:0e:c0:88:99:a1:aa:69:f7:f3:cb:3a:
8d:0a:79:4a:62:5d:db:1d:76:37:8c:26:79:7c:24:
78:0e:bf:27:c4:b4:52:48:d0:96:1a:7d:4d:ef:c9:
dc:33:83:a9:ad:96:59:eb:c7:0c:63:e8:b1:8c:8d:
4a:b3:b2:bd:9d:04:33:07:90:aa:f0:4a:73:f8:fc:
57:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:35:BA:E8:F9:98:82:EC:B8:D1:26:6B:A0:F4:76:BF:E2:35:DD:52
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/BDW66PmYguy40SZroPR2v-I13VI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.103.75.0/24
193.42.53.0/24
Signature Algorithm: sha256WithRSAEncryption
70:7d:92:86:eb:a2:9d:f0:ee:c0:33:da:f5:b2:87:16:30:e2:
50:af:1b:ca:cd:0e:8d:90:0a:b0:6e:74:cb:71:ba:0e:b6:17:
08:79:1f:18:e9:af:03:4a:86:5d:9e:58:e5:df:5a:ca:52:e3:
80:db:05:6d:2e:3c:bf:9f:2b:53:17:91:25:3d:57:12:ca:b8:
9c:9c:91:05:4a:6a:83:e7:73:53:fe:56:88:93:63:fc:c1:08:
28:5c:66:db:4f:de:7c:b8:82:34:7a:67:44:fc:75:3d:e5:2d:
32:a6:70:5e:9f:63:06:1b:ec:0f:43:93:da:a0:63:97:21:c0:
51:e0:26:8d:81:16:80:20:58:2d:5c:c0:43:f2:1c:dd:d9:38:
42:62:77:e0:be:cc:78:7d:b0:20:e1:2c:75:fc:70:03:8a:71:
9c:ba:ec:b0:dd:f2:63:9e:e4:43:2d:ab:31:26:a4:88:e5:2d:
b9:f0:d7:b0:77:dd:21:d9:3f:1a:62:aa:76:5b:8b:71:8a:98:
ee:ba:88:4c:f3:cc:53:ba:a1:01:21:cb:da:f6:e5:74:7e:0a:
e4:e7:5d:7f:a3:f4:38:ac:9b:04:db:8e:43:cb:3d:bc:c0:08:
16:df:1f:04:3c:da:00:e4:c2:2a:63:51:04:27:f1:cd:65:4c:
10:d4:ff:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYX5tQQbr/HCmLJW3GkgF5UBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTI4MTg0NzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM1YmFlOGY5OTg4MmVjYjhkMTI2NmJhMGY0NzZiZmUyMzVkZDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPdgUlWM2p7nW1X5knPExlBJpUm2
SS4XmC3+KL+4+D4CIBrTxRFcNWL8qc7vAlbxsijU6f4w5EE1XOpkGL1d9eUIwS3y
F6h0l4IHSoqPscjkFKhZqyR5MBKuqRpTOnCXv2joyKqlIhi3m3jPSrA5LOZoTadK
L9RXWFWFwTAUtpFUcxTgcg7lL+oQ9VIN3zTGtauKnDPGFaxUks12yVqjYWkUg5g5
IZQ/SJkbmElOF6M6SoEFhx6sDsCImaGqaffzyzqNCnlKYl3bHXY3jCZ5fCR4Dr8n
xLRSSNCWGn1N78ncM4OprZZZ68cMY+ixjI1Ks7K9nQQzB5Cq8Epz+PxXvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAQ1uuj5mILsuNEma6D0dr/iNd1SMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQkRXNjZQbVlndXk0MFNacm9QUjJ2LUkxM1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWdLAwQA
wSo1MA0GCSqGSIb3DQEBCwUAA4IBAQBwfZKG66Kd8O7AM9r1socWMOJQrxvKzQ6N
kAqwbnTLcboOthcIeR8Y6a8DSoZdnljl31rKUuOA2wVtLjy/nytTF5ElPVcSyric
nJEFSmqD53NT/laIk2P8wQgoXGbbT958uII0emdE/HU95S0ypnBen2MGG+wPQ5Pa
oGOXIcBR4CaNgRaAIFgtXMBD8hzd2ThCYnfgvsx4fbAg4Sx1/HADinGcuuyw3fJj
nuRDLasxJqSI5S258Newd90h2T8aYqp2W4txipjuuohM88xTuqEBIcva9uV0fgrk
511/o/Q4rJsE245Dyz28wAgW3x8EPNoA5MIqY1EEJ/HNZUwQ1P9W
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org