Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/H7DyqY3iU7Gqsa2rHHknIHeYYsk.roa
File: H7DyqY3iU7Gqsa2rHHknIHeYYsk.roa (raw, json)
Hash identifier: LJIpKjXVSJoYjyHzKmx88Zhjh3lAfvMwPDqqex3wmXM=
Subject key identifier: 1F:B0:F2:A9:8D:E2:53:B1:AA:B1:AD:AB:1C:79:27:20:77:98:62:C9
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187268F96D59D4F6BB8977B50A0A18F8FB0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/H7DyqY3iU7Gqsa2rHHknIHeYYsk.roa
Signing time: Tue 28 Mar 2023 04:52:37 +0000
ROA not before: Tue 28 Mar 2023 04:52:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 78.142.242.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:26:8f:96:d5:9d:4f:6b:b8:97:7b:50:a0:a1:8f:8f:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 28 04:52:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1fb0f2a98de253b1aab1adab1c792720779862c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:47:d6:f9:f7:fa:be:77:a1:97:6c:33:b8:0a:
0f:98:63:51:1d:97:35:fa:11:51:97:8e:ad:2d:82:
b2:3a:fe:dd:1b:79:96:9e:15:fd:0e:8b:59:18:93:
46:14:dc:bc:f8:df:54:04:95:51:79:99:1d:ce:64:
80:29:f7:1a:5a:db:50:98:fe:b2:cf:fb:b6:eb:14:
d4:48:5b:aa:28:cf:e6:fa:6a:05:4a:52:ec:3d:51:
28:3b:87:89:13:da:ab:1a:32:1f:93:35:0c:41:ca:
4f:e5:9e:d7:dc:63:33:b4:d5:8f:a2:07:c0:01:5a:
3e:ed:35:0c:10:7b:4e:47:d0:31:9c:ff:fe:b0:53:
40:0c:2b:f3:24:c2:a8:8b:90:56:cf:96:a9:9b:99:
33:5a:3f:3b:4b:4e:23:52:1e:74:cd:e0:bf:e1:65:
73:9d:e4:0a:1f:8e:67:32:1d:01:f9:e8:bc:47:25:
6a:3c:e8:0c:4a:8f:fe:39:57:8e:54:ad:9e:cf:22:
03:44:15:23:80:ac:84:29:df:d8:df:0f:05:bd:39:
ac:ae:bc:a7:53:be:2e:a4:c0:ea:50:46:3f:64:7b:
83:fb:83:9e:a5:75:a7:83:62:66:85:87:dd:ba:a1:
e9:4d:e1:7b:ee:8d:9f:9e:0e:9a:1d:83:7d:8b:eb:
1f:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:B0:F2:A9:8D:E2:53:B1:AA:B1:AD:AB:1C:79:27:20:77:98:62:C9
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/H7DyqY3iU7Gqsa2rHHknIHeYYsk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/24
193.19.106.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
88:6d:c4:8c:69:a2:17:6c:ba:96:4b:24:cf:84:29:2c:09:93:
e3:46:fe:0c:6f:1a:1a:1d:fa:8b:cf:b2:5b:49:61:95:90:3d:
ff:54:38:68:81:2d:38:34:67:f6:da:d8:06:5b:f2:bf:e8:b3:
bc:7d:fe:ae:7d:43:8e:57:f8:ea:2d:58:b8:35:f6:9a:74:f1:
bf:c9:02:ab:63:6c:f5:fd:82:67:20:30:7d:f1:34:bf:4c:57:
d9:04:c9:6a:c3:fd:e0:53:83:12:67:ca:1e:b1:a8:1e:33:39:
a5:46:f5:68:73:00:bc:3c:7f:21:7a:89:18:71:d4:2d:a8:9b:
7d:07:35:b6:e9:e6:e4:c4:e7:87:88:1d:cd:45:0c:5d:21:29:
4a:71:0c:9b:ce:8e:41:60:e0:c6:7c:2a:5a:01:2b:29:2b:98:
6f:c9:b6:53:eb:5d:e9:1e:6b:ce:74:55:0a:c8:d6:81:8e:5f:
9d:c8:db:d0:d4:2a:ee:83:12:43:54:35:55:06:47:39:08:7d:
f2:cb:a4:99:ce:30:a8:a6:9e:d2:75:02:27:b9:9d:4b:84:ac:
bd:d1:b4:a0:82:04:18:13:7e:16:b3:4b:c3:ce:d6:df:2d:db:
b8:60:dc:49:29:11:36:ca:23:6c:1b:67:73:03:76:f0:df:51:
5d:72:4c:4f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYcmj5bVnU9ruJd7UKChj4+wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI4MDQ1MjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmIwZjJhOThkZTI1M2IxYWFiMWFkYWIxYzc5MjcyMDc3OTg2MmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0fW+ff6vnehl2wzuAoPmGNRHZc1
+hFRl46tLYKyOv7dG3mWnhX9DotZGJNGFNy8+N9UBJVReZkdzmSAKfcaWttQmP6y
z/u26xTUSFuqKM/m+moFSlLsPVEoO4eJE9qrGjIfkzUMQcpP5Z7X3GMztNWPogfA
AVo+7TUMEHtOR9AxnP/+sFNADCvzJMKoi5BWz5apm5kzWj87S04jUh50zeC/4WVz
neQKH45nMh0B+ei8RyVqPOgMSo/+OVeOVK2ezyIDRBUjgKyEKd/Y3w8FvTmsrryn
U74upMDqUEY/ZHuD+4OepXWng2JmhYfduqHpTeF77o2fng6aHYN9i+sfjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB+w8qmN4lOxqrGtqxx5JyB3mGLJMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSDdEeXFZM2lVN0dxc2EyckhIa25JSGVZWXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATo7yAwQA
wRNqAwQA1SD5MA0GCSqGSIb3DQEBCwUAA4IBAQCIbcSMaaIXbLqWSyTPhCksCZPj
Rv4MbxoaHfqLz7JbSWGVkD3/VDhogS04NGf22tgGW/K/6LO8ff6ufUOOV/jqLVi4
NfaadPG/yQKrY2z1/YJnIDB98TS/TFfZBMlqw/3gU4MSZ8oesageMzmlRvVocwC8
PH8heokYcdQtqJt9BzW26ebkxOeHiB3NRQxdISlKcQybzo5BYODGfCpaASspK5hv
ybZT613pHmvOdFUKyNaBjl+dyNvQ1CrugxJDVDVVBkc5CH3yy6SZzjCopp7SdQIn
uZ1LhKy90bSgggQYE34Ws0vDztbfLdu4YNxJKRE2yiNsG2dzA3bw31FdckxP
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org