Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CqmxMo89M-aJow-VbdrYADrRNgo.roa
File: CqmxMo89M-aJow-VbdrYADrRNgo.roa (raw, json)
Hash identifier: BXuoAaib+otuNmZNNoc59EHRM9yNT3Oku1jWT5TAVqk=
Subject key identifier: 0A:A9:B1:32:8F:3D:33:E6:89:A3:0F:95:6D:DA:D8:00:3A:D1:36:0A
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018654914D9B78B318CB168BEB1CD8A72DAE
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CqmxMo89M-aJow-VbdrYADrRNgo.roa
Signing time: Wed 15 Feb 2023 10:14:14 +0000
ROA not before: Wed 15 Feb 2023 10:14:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49981
IP address blocks: 185.115.147.0/24 maxlen: 24
45.130.201.0/24 maxlen: 24
77.75.61.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:54:91:4d:9b:78:b3:18:cb:16:8b:eb:1c:d8:a7:2d:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 15 10:14:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0aa9b1328f3d33e689a30f956ddad8003ad1360a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:2d:5c:fb:b9:7b:8a:9a:7d:b5:ec:d2:75:88:
f6:d0:97:27:72:1c:9c:03:f0:fe:bf:43:a4:c1:44:
6e:30:51:3f:c2:18:51:bd:35:81:62:95:34:45:55:
ed:bd:e5:91:6d:41:35:df:41:16:ad:46:5a:a2:d7:
31:3a:77:0f:bf:41:9f:5f:b4:45:ad:aa:e8:db:20:
ea:15:09:76:7f:64:1a:2d:f9:39:45:57:fa:48:51:
a6:3a:44:5d:f3:8c:e5:e9:4c:25:8c:db:af:ec:ee:
b2:2a:9f:02:43:2d:bb:5b:a4:7d:0e:64:67:dc:71:
ab:0b:9f:ca:10:b7:29:54:bc:cf:ea:c2:8e:47:7d:
54:7d:9b:43:1c:8e:2d:c4:02:0b:13:1f:dd:e6:dc:
eb:71:eb:5d:42:ce:24:35:88:60:6f:bd:99:f6:d2:
9b:47:ac:df:08:51:f2:2c:93:c6:36:0d:61:a2:82:
70:17:d4:88:68:15:4d:2e:f3:da:89:c1:da:59:c1:
dd:3c:c7:56:df:4a:9f:12:0b:cc:58:b0:c2:69:a9:
fa:88:68:18:4b:52:3b:41:59:45:e5:6e:21:1c:11:
77:fc:0e:df:0c:43:30:e7:53:9d:a0:77:25:7e:f4:
3e:db:d1:2c:67:c8:f1:56:4b:68:f0:1c:02:65:ea:
b1:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:A9:B1:32:8F:3D:33:E6:89:A3:0F:95:6D:DA:D8:00:3A:D1:36:0A
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CqmxMo89M-aJow-VbdrYADrRNgo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.130.201.0/24
77.75.61.0/24
185.115.147.0/24
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:a7:09:b8:b6:e8:02:5f:8b:13:04:c0:04:5a:cd:8a:10:1f:
e8:3c:43:49:1a:49:f8:09:c6:84:57:24:ee:fb:3c:60:e8:9e:
51:18:52:99:6b:ed:16:d0:85:e8:e3:6b:1e:01:e6:63:ee:bd:
43:b2:d3:b6:79:4e:21:f1:c8:39:99:f3:7e:28:43:fa:e8:8a:
f3:7b:e1:85:cb:ed:c8:f9:33:85:d6:91:24:d0:d4:b0:3f:7a:
65:94:ac:18:95:8b:2f:d0:17:3e:3c:36:1b:a4:ff:23:8d:35:
1f:2b:19:00:10:26:86:af:6f:1d:a2:8a:f7:15:e0:6c:c8:ab:
96:72:49:cf:81:7e:8e:57:f9:33:95:ec:31:08:a0:a4:de:3e:
e1:d5:0e:64:be:e0:bf:75:18:8c:31:f2:e6:0d:80:12:f4:e6:
04:a8:dd:d9:68:47:9e:8d:d5:11:37:eb:60:cd:e0:4d:81:64:
8a:aa:7a:8b:3c:14:b4:de:49:ed:1f:b5:b7:cb:e0:2f:c5:9a:
08:93:c9:75:a2:3c:e9:a3:da:57:73:f8:a2:a1:af:1d:24:e2:
17:fa:9c:ac:a0:fc:a4:0f:16:20:c9:f1:f5:0c:47:31:cb:c2:
df:eb:65:eb:7e:be:3d:1d:be:dc:34:cd:04:9d:25:b7:f1:95:
f5:75:54:1f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYZUkU2beLMYyxaL6xzYpy2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjE1MTAxNDE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWE5YjEzMjhmM2QzM2U2ODlhMzBmOTU2ZGRhZDgwMDNhZDEzNjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgS1c+7l7ipp9tezSdYj20Jcnchyc
A/D+v0OkwURuMFE/whhRvTWBYpU0RVXtveWRbUE130EWrUZaotcxOncPv0GfX7RF
raro2yDqFQl2f2QaLfk5RVf6SFGmOkRd84zl6UwljNuv7O6yKp8CQy27W6R9DmRn
3HGrC5/KELcpVLzP6sKOR31UfZtDHI4txAILEx/d5tzrcetdQs4kNYhgb72Z9tKb
R6zfCFHyLJPGNg1hooJwF9SIaBVNLvPaicHaWcHdPMdW30qfEgvMWLDCaan6iGgY
S1I7QVlF5W4hHBF3/A7fDEMw51OdoHclfvQ+29EsZ8jxVkto8BwCZeqxqQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAqpsTKPPTPmiaMPlW3a2AA60TYKMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQ3FteE1vODlNLWFKb3ctVmJkcllBRHJSTmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALYLJAwQA
TUs9AwQAuXOTAwQA3xtwMA0GCSqGSIb3DQEBCwUAA4IBAQAPpwm4tugCX4sTBMAE
Ws2KEB/oPENJGkn4CcaEVyTu+zxg6J5RGFKZa+0W0IXo42seAeZj7r1DstO2eU4h
8cg5mfN+KEP66Irze+GFy+3I+TOF1pEk0NSwP3pllKwYlYsv0Bc+PDYbpP8jjTUf
KxkAECaGr28door3FeBsyKuWcknPgX6OV/kzlewxCKCk3j7h1Q5kvuC/dRiMMfLm
DYAS9OYEqN3ZaEeejdURN+tgzeBNgWSKqnqLPBS03kntH7W3y+AvxZoIk8l1ojzp
o9pXc/iioa8dJOIX+pysoPykDxYgyfH1DEcxy8Lf62Xrfr49Hb7cNM0EnSW38ZX1
dVQf
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org