Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FELmFdhO1eksjgEqs4_pIH6-vaQ.roa
File: FELmFdhO1eksjgEqs4_pIH6-vaQ.roa (raw, json)
Hash identifier: 0J50Bb4x84AEwa0ARQDKUu415G24da0p3nrrVLoeAX8=
Subject key identifier: 14:42:E6:15:D8:4E:D5:E9:2C:8E:01:2A:B3:8F:E9:20:7E:BE:BD:A4
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186CFEA0BD9EEC6BA563952DCD115E4DDBE
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FELmFdhO1eksjgEqs4_pIH6-vaQ.roa
Signing time: Sat 11 Mar 2023 09:04:27 +0000
ROA not before: Sat 11 Mar 2023 09:04:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60721
IP address blocks: 185.230.251.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:cf:ea:0b:d9:ee:c6:ba:56:39:52:dc:d1:15:e4:dd:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 11 09:04:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1442e615d84ed5e92c8e012ab38fe9207ebebda4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:aa:b8:1b:9e:2c:98:53:fb:be:db:14:c1:af:
3b:44:08:1b:c8:7c:66:31:88:a5:60:46:55:55:b2:
3d:b6:94:fd:cf:1a:f9:03:f4:ba:e1:d7:b8:0a:2a:
65:83:c7:c1:99:b2:3f:a7:4c:fd:85:c7:5c:39:db:
a6:83:16:be:8d:47:4a:41:aa:18:15:28:c9:e5:75:
7e:86:88:75:14:6c:d8:3c:a4:db:84:dd:9e:ae:95:
b2:95:0c:7a:1f:06:f8:6e:73:f5:06:a3:1e:e0:23:
76:50:f3:4b:98:70:ef:6c:c5:ff:26:fa:eb:0f:0b:
8f:81:a3:ed:dc:9f:ad:bc:a7:27:e6:14:cb:55:91:
46:6f:0f:de:a4:0e:bd:28:65:27:ee:98:8c:bc:64:
08:50:cc:d1:96:ac:d7:7c:4d:d7:a6:bd:88:9b:05:
f4:42:14:0d:46:6f:9b:78:06:65:b7:bf:e9:0c:dc:
bf:a0:91:ae:85:cf:49:0f:87:f3:7c:52:7b:b1:5b:
51:48:40:d7:54:dd:7d:33:3e:d7:27:7d:ad:60:ec:
26:8f:89:74:d6:e3:28:2d:90:43:e4:dd:53:6f:e2:
fb:b9:5e:9a:23:f5:f0:e5:83:b3:a4:fb:72:bd:d1:
10:4f:af:76:c2:d7:4a:a8:36:6b:20:b4:4d:e5:4e:
01:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:42:E6:15:D8:4E:D5:E9:2C:8E:01:2A:B3:8F:E9:20:7E:BE:BD:A4
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FELmFdhO1eksjgEqs4_pIH6-vaQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.230.251.0/24
185.236.63.0/24
Signature Algorithm: sha256WithRSAEncryption
31:57:aa:54:5f:b2:21:61:cc:55:96:a5:2b:84:1d:a7:2b:6d:
19:ba:ab:c3:cc:36:95:1a:d5:0f:4a:cc:10:38:47:42:46:5e:
90:8f:3f:5b:3b:45:31:95:23:f8:27:b5:55:3d:22:00:f2:28:
6b:a1:6a:49:db:42:85:76:50:31:5a:d5:e6:f4:66:32:45:e3:
87:a0:ed:60:e0:56:bd:22:4b:83:32:2c:73:c7:81:f4:d9:58:
2d:9e:57:6b:c4:3e:83:dc:b2:9a:28:e9:8d:6a:89:36:bf:2d:
c9:38:60:f7:b1:d3:3a:3f:a5:88:fe:21:51:ef:2c:2d:e9:73:
13:3b:f1:7c:64:ab:23:8a:9e:be:68:64:0f:13:5b:bc:72:75:
72:d8:cd:0b:cd:66:01:e6:93:0b:11:55:9c:17:61:a3:f3:be:
54:f7:10:6b:41:c1:ba:02:43:e3:cb:41:28:b4:25:a6:e3:cd:
53:87:55:50:25:b0:e1:96:e2:ca:bd:17:af:fc:b2:e1:30:34:
f0:41:f9:0b:69:fe:ec:90:d4:83:a1:82:5c:5c:7a:50:74:5f:
00:cb:5d:f2:9f:2d:b7:b0:d2:bb:45:57:83:12:89:58:93:39:
a6:fc:90:62:3d:89:00:26:e4:88:8d:d9:63:4d:5e:91:fd:f1:
7f:53:ba:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYbP6gvZ7sa6VjlS3NEV5N2+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzExMDkwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQyZTYxNWQ4NGVkNWU5MmM4ZTAxMmFiMzhmZTkyMDdlYmViZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6q4G54smFP7vtsUwa87RAgbyHxm
MYilYEZVVbI9tpT9zxr5A/S64de4Ciplg8fBmbI/p0z9hcdcOdumgxa+jUdKQaoY
FSjJ5XV+hoh1FGzYPKTbhN2erpWylQx6Hwb4bnP1BqMe4CN2UPNLmHDvbMX/Jvrr
DwuPgaPt3J+tvKcn5hTLVZFGbw/epA69KGUn7piMvGQIUMzRlqzXfE3Xpr2ImwX0
QhQNRm+beAZlt7/pDNy/oJGuhc9JD4fzfFJ7sVtRSEDXVN19Mz7XJ32tYOwmj4l0
1uMoLZBD5N1Tb+L7uV6aI/Xw5YOzpPtyvdEQT692wtdKqDZrILRN5U4BDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBRC5hXYTtXpLI4BKrOP6SB+vr2kMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRkVMbUZkaE8xZWtzamdFcXM0X3BJSDYtdmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueb7AwQA
uew/MA0GCSqGSIb3DQEBCwUAA4IBAQAxV6pUX7IhYcxVlqUrhB2nK20ZuqvDzDaV
GtUPSswQOEdCRl6Qjz9bO0UxlSP4J7VVPSIA8ihroWpJ20KFdlAxWtXm9GYyReOH
oO1g4Fa9IkuDMixzx4H02VgtnldrxD6D3LKaKOmNaok2vy3JOGD3sdM6P6WI/iFR
7ywt6XMTO/F8ZKsjip6+aGQPE1u8cnVy2M0LzWYB5pMLEVWcF2Gj875U9xBrQcG6
AkPjy0EotCWm481Th1VQJbDhluLKvRev/LLhMDTwQfkLaf7skNSDoYJcXHpQdF8A
y13yny23sNK7RVeDEolYkzmm/JBiPYkAJuSIjdljTV6R/fF/U7qb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org