Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DHB3_hxqN8RCHMtDL1mbvu26o3E.roa
File: DHB3_hxqN8RCHMtDL1mbvu26o3E.roa (raw, json)
Hash identifier: FMKNhS5BqJn6OL4GPsUprn380t8H5ZK7s+FVQXgM/Po=
Subject key identifier: 0C:70:77:FE:1C:6A:37:C4:42:1C:CB:43:2F:59:9B:BE:ED:BA:A3:71
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187DB03114F977B2580A3AF3A89CF85D783
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DHB3_hxqN8RCHMtDL1mbvu26o3E.roa
Signing time: Tue 02 May 2023 05:50:23 +0000
ROA not before: Tue 02 May 2023 05:50:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.121.229.0/24 maxlen: 24
89.38.136.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:db:03:11:4f:97:7b:25:80:a3:af:3a:89:cf:85:d7:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 2 05:50:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0c7077fe1c6a37c4421ccb432f599bbeedbaa371
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:4c:1b:04:dd:8d:3e:86:07:8e:67:c2:a7:05:
46:ee:0b:da:06:36:cb:4e:6f:c7:78:db:d6:12:0e:
7e:02:67:59:78:cd:d4:2d:62:80:e7:8f:b8:d6:6c:
9a:6b:c8:1e:df:31:8c:b6:65:7b:76:a5:94:7f:ad:
b6:ac:10:26:3e:7b:17:ff:c4:f1:fe:8b:f6:29:79:
7b:55:15:9a:df:b0:9d:f0:cd:26:17:28:7a:d0:d5:
20:16:e0:5f:51:06:66:4b:54:75:8a:2b:0b:89:ff:
8f:e1:52:0f:dd:a3:d3:64:24:00:c0:87:ff:68:34:
0e:51:fc:68:be:93:01:bd:49:7b:e0:1d:c1:52:46:
dc:18:2c:fa:2b:e1:1a:0c:34:7d:a5:2d:91:15:4b:
14:eb:99:c1:81:58:4c:26:7d:85:46:7a:c5:d7:89:
63:9f:dc:1c:e8:21:6c:de:45:51:9f:3f:8d:ca:c7:
8e:5b:12:39:90:79:ca:f8:62:b3:f6:f3:6b:3a:a5:
67:ef:42:2d:15:f2:86:80:87:ad:bf:87:62:5d:5e:
bb:a7:86:8f:89:85:c2:ed:4f:ea:5a:0a:cb:d7:14:
1b:1e:6b:8c:14:9b:a2:d2:5c:3a:41:00:23:47:29:
23:37:9d:08:b7:7e:c7:27:99:93:12:f6:5b:f6:55:
3a:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:70:77:FE:1C:6A:37:C4:42:1C:CB:43:2F:59:9B:BE:ED:BA:A3:71
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DHB3_hxqN8RCHMtDL1mbvu26o3E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.38.136.0/24
89.43.210.0/23
93.114.246.0/24
185.103.74.0/24
185.115.144.0/24
185.121.229.0/24
194.4.158.0/24
213.32.248.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:b9:90:81:bb:2a:d1:4f:f5:82:53:d9:00:68:8e:52:65:83:
09:0a:af:68:bf:eb:94:e0:89:b7:0c:34:e7:be:e4:5c:1c:5a:
b7:1f:74:fb:04:f3:d8:e5:f4:40:4f:22:d4:75:21:e9:88:22:
c6:c7:9f:30:61:f1:1a:06:3c:aa:be:f4:30:d1:36:9e:a0:9b:
e2:df:0f:44:96:4f:8f:aa:ab:8f:2d:33:c2:e2:9b:e8:a8:f5:
6c:29:03:b3:b8:cf:9e:42:1a:b4:34:1f:44:7c:e3:2a:cf:cf:
1a:a4:4e:ea:8e:8e:e0:55:48:07:d6:7e:e1:e0:be:08:b2:97:
28:ba:b2:5a:34:87:95:42:0e:40:86:e0:da:62:d3:19:81:08:
67:fc:d2:0f:d3:05:fc:9c:66:20:cc:31:46:6a:dd:92:0a:93:
7f:bd:bc:22:70:a2:f6:2c:d8:02:61:86:96:88:cb:60:74:3d:
e3:05:63:f6:52:e6:63:60:a1:88:cd:aa:4d:3a:3c:80:76:2a:
05:11:0a:e2:55:b9:32:7c:3e:d7:e9:69:c9:d8:4f:7f:75:f3:
5a:3e:31:bf:18:47:7e:f6:d5:08:47:6e:c3:82:fe:c0:f1:81:
0c:e8:66:8d:3f:ff:d2:2c:cc:f4:85:67:91:8a:40:4b:42:5d:
f6:bb:af:da
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYfbAxFPl3slgKOvOonPhdeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTAyMDU1MDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzcwNzdmZTFjNmEzN2M0NDIxY2NiNDMyZjU5OWJiZWVkYmFhMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkwbBN2NPoYHjmfCpwVG7gvaBjbL
Tm/HeNvWEg5+AmdZeM3ULWKA54+41myaa8ge3zGMtmV7dqWUf622rBAmPnsX/8Tx
/ov2KXl7VRWa37Cd8M0mFyh60NUgFuBfUQZmS1R1iisLif+P4VIP3aPTZCQAwIf/
aDQOUfxovpMBvUl74B3BUkbcGCz6K+EaDDR9pS2RFUsU65nBgVhMJn2FRnrF14lj
n9wc6CFs3kVRnz+NyseOWxI5kHnK+GKz9vNrOqVn70ItFfKGgIetv4diXV67p4aP
iYXC7U/qWgrL1xQbHmuMFJui0lw6QQAjRykjN50It37HJ5mTEvZb9lU63QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAxwd/4cajfEQhzLQy9Zm77tuqNxMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvREhCM19oeHFOOFJDSE10REwxbWJ2dTI2bzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAWSaIAwQB
WSvSAwQAXXL2AwQAuWdKAwQAuXOQAwQAuXnlAwQAwgSeAwQA1SD4MA0GCSqGSIb3
DQEBCwUAA4IBAQA8uZCBuyrRT/WCU9kAaI5SZYMJCq9ov+uU4Im3DDTnvuRcHFq3
H3T7BPPY5fRATyLUdSHpiCLGx58wYfEaBjyqvvQw0TaeoJvi3w9Elk+PqquPLTPC
4pvoqPVsKQOzuM+eQhq0NB9EfOMqz88apE7qjo7gVUgH1n7h4L4IspcourJaNIeV
Qg5AhuDaYtMZgQhn/NIP0wX8nGYgzDFGat2SCpN/vbwicKL2LNgCYYaWiMtgdD3j
BWP2UuZjYKGIzapNOjyAdioFEQriVbkyfD7X6WnJ2E9/dfNaPjG/GEd+9tUIR27D
gv7A8YEM6GaNP//SLMz0hWeRikBLQl32u6/a
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org