Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ClmPwoAYkwgPQ9gJZcqS3FFhWqY.roa
File: ClmPwoAYkwgPQ9gJZcqS3FFhWqY.roa (raw, json)
Hash identifier: r6+2czzsKZCoEA1N565dv5AEO4O+cNGbjBC3ghKBGmY=
Subject key identifier: 0A:59:8F:C2:80:18:93:08:0F:43:D8:09:65:CA:92:DC:51:61:5A:A6
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01867E2548B552D0F67A941617FCC08877EC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ClmPwoAYkwgPQ9gJZcqS3FFhWqY.roa
Signing time: Thu 23 Feb 2023 12:00:17 +0000
ROA not before: Thu 23 Feb 2023 12:00:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135752
IP address blocks: 178.239.203.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
93.114.195.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:7e:25:48:b5:52:d0:f6:7a:94:16:17:fc:c0:88:77:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 23 12:00:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0a598fc2801893080f43d80965ca92dc51615aa6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:e5:08:a5:19:cd:26:8e:6d:62:de:20:6e:85:
84:da:33:04:b1:47:ab:67:ca:fe:30:44:1e:b8:28:
8d:6a:2e:35:d5:5c:99:ab:4b:67:20:1f:6f:74:71:
5b:42:b2:43:6d:d4:1e:e7:f8:7d:82:a6:ca:c0:fe:
d3:1d:c7:4f:cb:f6:89:83:76:e8:8e:2d:19:8f:64:
b0:18:c2:86:e3:28:b2:a8:6a:7e:29:f5:06:b8:1a:
ec:26:81:75:24:3f:15:5e:de:00:17:b9:3d:d7:69:
fb:48:ae:6c:72:e4:dc:14:19:f7:45:b1:0a:df:84:
d6:e7:1d:6d:75:f3:b9:b1:b7:f3:f1:2d:ce:1b:d6:
87:7d:f1:ba:26:28:4e:ec:c4:97:35:16:91:10:7f:
1e:87:f8:7e:88:ac:21:be:66:c9:70:65:e1:ff:1b:
2d:94:40:77:2f:ed:1a:3d:ed:40:ab:86:17:ec:be:
a2:5b:73:71:7c:53:54:e2:f0:ad:b0:38:47:8a:9f:
44:c1:05:e1:3c:2d:da:94:9b:b0:2e:37:4a:9e:bc:
93:b7:69:7d:08:ba:a1:5a:2d:ea:18:17:17:09:8e:
e0:df:30:6e:c3:39:86:f9:a3:72:4e:b7:ec:96:0b:
23:c8:13:7c:7f:29:86:d6:d6:da:34:7f:84:94:58:
c6:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:59:8F:C2:80:18:93:08:0F:43:D8:09:65:CA:92:DC:51:61:5A:A6
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ClmPwoAYkwgPQ9gJZcqS3FFhWqY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.160.0/24
89.46.92.0/24
93.114.195.0/24
178.239.203.0/24
185.103.74.0/24
Signature Algorithm: sha256WithRSAEncryption
19:91:15:3b:3e:3a:58:80:95:b5:93:ce:e6:be:32:0c:a3:73:
b8:84:2d:5f:1d:c3:f8:d0:61:33:d0:66:23:2c:86:ae:01:a1:
01:b3:b1:ea:ad:50:b1:f0:cb:a0:54:9a:66:19:fd:4f:90:00:
f1:89:f0:51:1e:bc:2a:87:44:63:e4:20:26:71:b7:24:c3:f0:
b5:e5:ed:a9:a4:84:6d:3b:74:e1:a2:3a:f2:b0:b8:a6:55:a4:
ca:a2:d4:4a:0d:e1:f8:01:3c:73:68:eb:f5:73:c1:82:da:96:
90:68:06:31:31:3b:80:3c:f6:26:14:15:5d:f5:ae:9f:9a:90:
2e:d3:b2:2f:88:f2:18:9a:4c:ae:fa:34:24:2f:6a:df:de:54:
b6:fc:98:e2:f8:d9:f3:ae:91:7e:52:eb:5a:0d:10:e6:81:29:
ca:b5:da:cb:ce:25:0f:cb:c6:ab:09:c7:78:1e:42:a5:cb:99:
95:16:9e:b6:1f:76:e4:8b:88:5f:6d:99:f2:73:f2:71:ef:e1:
59:72:f7:e8:5e:76:de:36:57:f4:f0:ec:b3:6f:e0:bd:34:55:
06:b8:82:61:e4:0b:3f:d1:17:45:31:75:6c:94:ed:f2:2c:62:
fc:a0:b1:ea:c0:00:2a:c3:34:2b:ac:6f:81:0c:88:47:20:8b:
2f:18:ff:48
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYZ+JUi1UtD2epQWF/zAiHfsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjIzMTIwMDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTU5OGZjMjgwMTg5MzA4MGY0M2Q4MDk2NWNhOTJkYzUxNjE1YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieUIpRnNJo5tYt4gboWE2jMEsUer
Z8r+MEQeuCiNai411VyZq0tnIB9vdHFbQrJDbdQe5/h9gqbKwP7THcdPy/aJg3bo
ji0Zj2SwGMKG4yiyqGp+KfUGuBrsJoF1JD8VXt4AF7k912n7SK5scuTcFBn3RbEK
34TW5x1tdfO5sbfz8S3OG9aHffG6JihO7MSXNRaREH8eh/h+iKwhvmbJcGXh/xst
lEB3L+0aPe1Aq4YX7L6iW3NxfFNU4vCtsDhHip9EwQXhPC3alJuwLjdKnryTt2l9
CLqhWi3qGBcXCY7g3zBuwzmG+aNyTrfslgsjyBN8fymG1tbaNH+ElFjGCwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFApZj8KAGJMID0PYCWXKktxRYVqmMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQ2xtUHdvQVlrd2dQUTlnSlpjcVMzRkZoV3FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAWSigAwQA
WS5cAwQAXXLDAwQAsu/LAwQAuWdKMA0GCSqGSIb3DQEBCwUAA4IBAQAZkRU7PjpY
gJW1k87mvjIMo3O4hC1fHcP40GEz0GYjLIauAaEBs7HqrVCx8MugVJpmGf1PkADx
ifBRHrwqh0Rj5CAmcbckw/C15e2ppIRtO3ThojrysLimVaTKotRKDeH4ATxzaOv1
c8GC2paQaAYxMTuAPPYmFBVd9a6fmpAu07IviPIYmkyu+jQkL2rf3lS2/Jji+Nnz
rpF+UutaDRDmgSnKtdrLziUPy8arCcd4HkKly5mVFp62H3bki4hfbZnyc/Jx7+FZ
cvfoXnbeNlf08Oyzb+C9NFUGuIJh5As/0RdFMXVslO3yLGL8oLHqwAAqwzQrrG+B
DIhHIIsvGP9I
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org