Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G6nKFquKPgphvaRNSnst5p57feU.roa
File: G6nKFquKPgphvaRNSnst5p57feU.roa (raw, json)
Hash identifier: fWQoveZFJXxM8RF1pL9JofH6ixoPzSIFVVjAr14Ag8w=
Subject key identifier: 1B:A9:CA:16:AB:8A:3E:0A:61:BD:A4:4D:4A:7B:2D:E6:9E:7B:7D:E5
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187517FB30C2068C8D910045F281065437F
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G6nKFquKPgphvaRNSnst5p57feU.roa
Signing time: Wed 05 Apr 2023 12:58:56 +0000
ROA not before: Wed 05 Apr 2023 12:58:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 78.142.242.0/24 maxlen: 24
188.214.27.0/24 maxlen: 24
78.142.243.0/24 maxlen: 24
185.9.55.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:51:7f:b3:0c:20:68:c8:d9:10:04:5f:28:10:65:43:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 5 12:58:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1ba9ca16ab8a3e0a61bda44d4a7b2de69e7b7de5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:df:4e:c4:8f:ad:41:98:3f:10:5c:ba:4c:68:
5f:48:a4:88:b4:a8:ab:0b:56:f9:fd:f0:97:73:48:
94:4c:13:6a:cf:06:4a:b3:03:be:c6:24:89:34:b4:
70:d0:ce:bf:6f:fa:eb:79:4e:a3:11:38:09:b3:91:
30:53:9d:e8:71:43:da:f2:ff:fe:e9:89:07:83:77:
ff:e0:1f:77:4d:4d:12:68:cb:07:3a:2a:57:82:88:
8d:92:8f:50:74:53:8f:88:a4:8f:8f:c4:c8:62:33:
bc:71:af:86:17:10:d8:60:4d:a7:51:cd:30:ae:11:
60:e7:f8:39:39:f7:de:7d:cc:f7:e1:db:cb:40:76:
7c:a8:b6:50:82:8e:00:35:39:b7:3c:63:a4:f2:a2:
9e:f1:51:a9:e2:24:13:bd:be:46:b9:5c:9c:d6:4e:
c6:35:7d:cf:c6:cf:be:a0:00:20:c7:20:e2:27:67:
9a:5d:08:75:fa:d9:18:57:33:bb:e8:46:d7:c8:64:
ca:df:5c:e2:fd:e3:af:0b:10:c0:80:a0:c8:54:0f:
35:e3:21:df:a3:c7:1b:7e:3c:4a:ff:c7:39:eb:7a:
27:a4:7a:21:6c:8a:70:a7:61:04:6f:aa:30:0f:d1:
9d:01:97:c1:08:1c:e8:31:99:38:75:af:b2:c3:3c:
04:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:A9:CA:16:AB:8A:3E:0A:61:BD:A4:4D:4A:7B:2D:E6:9E:7B:7D:E5
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/G6nKFquKPgphvaRNSnst5p57feU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/23
103.205.27.0/24
185.9.55.0/24
185.103.75.0/24
188.214.27.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
52:aa:a1:c1:8b:47:70:8c:64:e4:78:2f:39:a2:b5:f4:57:21:
a9:e8:81:6a:89:a8:61:82:a4:ab:8f:fc:f4:2a:b1:d2:fd:2a:
be:51:d0:ce:52:c1:69:aa:f4:a4:21:07:66:96:23:4f:55:db:
9d:7b:8d:0b:08:93:2a:17:0e:e8:a8:9e:31:a2:c4:58:f7:ec:
c3:3f:dd:62:b1:27:19:60:47:ea:c7:60:3a:12:d3:9e:7a:b5:
3a:4c:5e:a2:59:39:42:90:2f:ee:26:3c:28:e7:73:fb:3d:56:
7b:9b:72:05:80:56:20:7d:72:f1:be:3a:5c:78:7c:05:ea:18:
d9:3c:a1:84:c1:35:62:f1:22:87:e9:64:95:54:5b:85:98:89:
79:7e:ff:d1:91:88:d9:b8:af:e3:94:62:ba:48:3a:e0:0a:90:
43:12:a2:b0:d1:28:13:98:45:db:b0:7d:4f:38:14:a3:9a:99:
d9:d7:87:6e:72:41:2f:e7:f0:fd:2a:e7:87:c9:6c:aa:b3:13:
50:a0:80:d2:e1:44:fd:c5:17:d0:4f:0c:aa:f9:ca:3f:a8:69:
2e:9d:bd:03:3e:cc:bd:84:dd:80:95:84:75:70:2a:32:07:7f:
c9:b7:21:ed:b8:fe:c2:b8:81:c3:2a:7c:ef:4d:11:5f:27:1b:
0b:c2:b1:b3
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYdRf7MMIGjI2RAEXygQZUN/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA1MTI1ODU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmE5Y2ExNmFiOGEzZTBhNjFiZGE0NGQ0YTdiMmRlNjllN2I3ZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp99OxI+tQZg/EFy6TGhfSKSItKir
C1b5/fCXc0iUTBNqzwZKswO+xiSJNLRw0M6/b/rreU6jETgJs5EwU53ocUPa8v/+
6YkHg3f/4B93TU0SaMsHOipXgoiNko9QdFOPiKSPj8TIYjO8ca+GFxDYYE2nUc0w
rhFg5/g5Offefcz34dvLQHZ8qLZQgo4ANTm3PGOk8qKe8VGp4iQTvb5GuVyc1k7G
NX3Pxs++oAAgxyDiJ2eaXQh1+tkYVzO76EbXyGTK31zi/eOvCxDAgKDIVA814yHf
o8cbfjxK/8c563onpHohbIpwp2EEb6owD9GdAZfBCBzoMZk4da+ywzwEbQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFBupyharij4KYb2kTUp7Leaee33lMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRzZuS0ZxdUtQZ3BodmFSTlNuc3Q1cDU3ZmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBTo7yAwQA
Z80bAwQAuQk3AwQAuWdLAwQAvNYbAwQAwgSdAwQAywAIMA0GCSqGSIb3DQEBCwUA
A4IBAQBSqqHBi0dwjGTkeC85orX0VyGp6IFqiahhgqSrj/z0KrHS/Sq+UdDOUsFp
qvSkIQdmliNPVdude40LCJMqFw7oqJ4xosRY9+zDP91isScZYEfqx2A6EtOeerU6
TF6iWTlCkC/uJjwo53P7PVZ7m3IFgFYgfXLxvjpceHwF6hjZPKGEwTVi8SKH6WSV
VFuFmIl5fv/RkYjZuK/jlGK6SDrgCpBDEqKw0SgTmEXbsH1POBSjmpnZ14duckEv
5/D9KueHyWyqsxNQoIDS4UT9xRfQTwyq+co/qGkunb0DPsy9hN2AlYR1cCoyB3/J
tyHtuP7CuIHDKnzvTRFfJxsLwrGz
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org