Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ekc9cGOGRSs0uCW0CJ-K4cOSxQc.roa
File: Ekc9cGOGRSs0uCW0CJ-K4cOSxQc.roa (raw, json)
Hash identifier: 2nulE1KSzwXPq8nma04X8Z7HDqiOXFSHensUwDZANo8=
Subject key identifier: 12:47:3D:70:63:86:45:2B:34:B8:25:B4:08:9F:8A:E1:C3:92:C5:07
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018617593E3F4CA5E9B36724D173E301E091
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ekc9cGOGRSs0uCW0CJ-K4cOSxQc.roa
Signing time: Fri 03 Feb 2023 12:56:09 +0000
ROA not before: Fri 03 Feb 2023 12:56:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 78.142.242.0/24 maxlen: 24
194.4.156.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:17:59:3e:3f:4c:a5:e9:b3:67:24:d1:73:e3:01:e0:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 3 12:56:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=12473d706386452b34b825b4089f8ae1c392c507
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:e2:7a:79:38:87:db:b8:09:58:80:dc:e4:6b:
25:b6:99:fc:8e:b9:f3:05:51:56:b0:3f:49:13:21:
76:7f:c4:8e:7c:6d:87:6b:a0:9a:da:8b:ce:a6:00:
f0:80:3c:4e:a0:af:95:07:72:13:8b:c8:d7:67:5a:
6f:e6:e2:89:6e:01:6b:62:19:29:65:45:a6:65:e8:
be:7f:73:09:82:05:f8:f4:58:12:ca:a9:68:e2:9a:
84:dd:86:75:03:6e:6f:6d:62:51:81:cf:f4:ca:91:
df:8c:48:50:99:67:6c:87:a5:dd:bd:72:52:39:12:
97:79:af:9d:be:48:ef:7e:47:b6:7c:f4:33:e4:1b:
7d:ae:88:7a:7c:dd:e7:8e:df:38:69:b7:a3:d3:c8:
50:e8:5c:93:a3:0c:e3:80:61:52:9d:50:31:c7:70:
25:1c:dd:89:d0:e4:da:cd:c7:31:09:de:da:d6:6b:
65:6e:21:68:4b:bb:2b:2c:aa:7f:55:db:38:33:6f:
36:30:6a:9b:1c:97:7b:d9:34:0a:8c:a5:e2:10:04:
92:f5:5b:42:89:d2:33:12:07:a1:62:4b:9e:53:13:
1b:b3:fc:4c:5b:f2:9f:c3:84:b0:52:5a:7a:91:2c:
ff:1d:59:d8:c9:7b:11:00:9c:47:33:34:c2:32:62:
f3:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:47:3D:70:63:86:45:2B:34:B8:25:B4:08:9F:8A:E1:C3:92:C5:07
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ekc9cGOGRSs0uCW0CJ-K4cOSxQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/24
194.4.156.0/24
Signature Algorithm: sha256WithRSAEncryption
92:90:0f:71:80:45:2b:7e:11:62:d3:e7:bd:c1:6d:d3:20:c9:
07:e1:60:69:d9:64:84:46:f2:23:77:94:65:c5:6b:ef:04:44:
f3:5f:04:bb:eb:f6:04:a1:e3:42:c6:3d:38:70:1d:22:27:6a:
07:c2:79:28:46:d0:dd:25:d9:d4:93:c0:52:6c:b5:8e:af:cb:
00:d1:b4:33:33:b5:88:5d:39:d4:f5:17:f2:d4:60:59:b9:b2:
23:86:1b:ca:8f:39:2f:71:0b:62:6b:3f:63:c6:f7:f1:fd:a7:
32:10:bf:f2:5c:40:6d:9d:7c:2e:bb:6d:23:0e:88:62:5e:8a:
16:4d:82:cc:a8:9d:60:42:dc:97:1d:3d:db:e6:f8:69:6e:5f:
b4:1f:18:ae:20:da:d4:55:c0:53:f2:93:1d:5a:97:ba:01:e9:
9d:d3:83:4e:4c:ec:5a:77:08:6e:fe:ff:9a:37:73:a5:38:4a:
52:80:af:d5:e8:2b:ab:9a:c7:f0:51:51:9a:fb:74:53:63:d5:
c9:48:00:59:de:e6:e8:04:e2:ed:db:05:40:9e:94:6b:27:90:
c4:40:52:95:0b:ad:8b:6a:45:15:92:cb:ba:44:57:d9:6f:56:
b6:6b:9e:42:86:b6:b9:0e:98:ef:aa:7d:58:36:73:8c:7f:ab:
81:2e:d4:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYYXWT4/TKXps2ck0XPjAeCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjAzMTI1NjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjQ3M2Q3MDYzODY0NTJiMzRiODI1YjQwODlmOGFlMWMzOTJjNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eJ6eTiH27gJWIDc5Gsltpn8jrnz
BVFWsD9JEyF2f8SOfG2Ha6Ca2ovOpgDwgDxOoK+VB3ITi8jXZ1pv5uKJbgFrYhkp
ZUWmZei+f3MJggX49FgSyqlo4pqE3YZ1A25vbWJRgc/0ypHfjEhQmWdsh6XdvXJS
ORKXea+dvkjvfke2fPQz5Bt9roh6fN3njt84abej08hQ6FyTowzjgGFSnVAxx3Al
HN2J0OTazccxCd7a1mtlbiFoS7srLKp/Vds4M282MGqbHJd72TQKjKXiEASS9VtC
idIzEgehYkueUxMbs/xMW/Kfw4SwUlp6kSz/HVnYyXsRAJxHMzTCMmLztwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBJHPXBjhkUrNLgltAifiuHDksUHMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRWtjOWNHT0dSU3MwdUNXMENKLUs0Y09TeFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATo7yAwQA
wgScMA0GCSqGSIb3DQEBCwUAA4IBAQCSkA9xgEUrfhFi0+e9wW3TIMkH4WBp2WSE
RvIjd5RlxWvvBETzXwS76/YEoeNCxj04cB0iJ2oHwnkoRtDdJdnUk8BSbLWOr8sA
0bQzM7WIXTnU9Rfy1GBZubIjhhvKjzkvcQtiaz9jxvfx/acyEL/yXEBtnXwuu20j
DohiXooWTYLMqJ1gQtyXHT3b5vhpbl+0HxiuINrUVcBT8pMdWpe6Aemd04NOTOxa
dwhu/v+aN3OlOEpSgK/V6CurmsfwUVGa+3RTY9XJSABZ3uboBOLt2wVAnpRrJ5DE
QFKVC62LakUVksu6RFfZb1a2a55Chra5Dpjvqn1YNnOMf6uBLtQp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org