Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HPw0pXhFq9nG764rjE5dGK1BFnk.roa
File: HPw0pXhFq9nG764rjE5dGK1BFnk.roa (raw, json)
Hash identifier: Ws4yjDJONKdC+OynBMBKw6JlvjInDxvEWXjYptZLKnM=
Subject key identifier: 1C:FC:34:A5:78:45:AB:D9:C6:EF:AE:2B:8C:4E:5D:18:AD:41:16:79
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187E59819EDBF7ABADBE3B01B3E4FE6A60C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HPw0pXhFq9nG764rjE5dGK1BFnk.roa
Signing time: Thu 04 May 2023 07:09:23 +0000
ROA not before: Thu 04 May 2023 07:09:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200482
IP address blocks: 178.239.200.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:e5:98:19:ed:bf:7a:ba:db:e3:b0:1b:3e:4f:e6:a6:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 4 07:09:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1cfc34a57845abd9c6efae2b8c4e5d18ad411679
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:b8:41:46:d2:76:f3:fc:79:6d:ec:08:93:2d:
38:b4:22:32:e8:ef:58:9f:33:36:25:9d:91:5b:d5:
2d:6c:88:59:5c:10:6a:c3:65:52:fe:fb:7d:a5:6b:
24:3d:36:6f:7e:8b:48:1d:a9:d5:74:23:bd:7c:27:
05:67:00:b8:6b:33:4e:2e:03:29:16:81:3c:26:4a:
d4:04:25:58:1b:31:b1:ac:be:f0:53:91:ad:dc:4f:
b6:c0:c8:dc:73:5c:10:7c:81:75:61:40:b0:39:3e:
4b:5b:a8:4a:d9:e9:7a:da:09:28:1a:08:82:de:0e:
26:86:c4:c4:7c:dd:4e:da:99:d7:97:0f:2c:e8:77:
11:4b:b2:e5:e1:8a:ea:98:b3:2b:b9:28:0f:97:54:
76:e4:ad:46:85:53:37:10:89:a1:0d:c6:5f:ea:cd:
20:7e:c1:e4:20:b5:d0:f2:77:6b:53:e3:cb:97:61:
b9:fa:48:c5:2f:7a:47:08:5a:fb:65:69:7f:e8:1f:
fc:a0:93:ff:96:45:70:0a:0e:8c:c1:db:82:b1:01:
dc:08:c6:14:92:17:88:d7:84:d4:aa:1b:1a:0f:ca:
70:80:5e:07:b3:7e:02:c6:1e:61:e6:b3:f2:ff:49:
2b:a8:be:2a:55:fc:71:31:36:d9:a2:8f:63:d9:2f:
17:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:FC:34:A5:78:45:AB:D9:C6:EF:AE:2B:8C:4E:5D:18:AD:41:16:79
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HPw0pXhFq9nG764rjE5dGK1BFnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.197.132.0/24
91.209.12.0/24
103.205.25.0/24
178.239.193.0-178.239.194.255
178.239.200.0/24
Signature Algorithm: sha256WithRSAEncryption
27:cc:0b:07:35:e3:47:5f:71:66:fc:63:e3:24:af:17:23:92:
07:f4:7c:7d:ad:93:d9:38:d1:3b:99:3e:c4:0f:66:c0:1f:04:
f9:ee:ef:86:e1:a7:3d:23:0f:f7:1a:3c:99:08:6d:ae:c1:87:
4f:d6:c2:77:1c:89:84:b9:35:c2:fc:d8:48:81:b8:dd:4f:ca:
2b:7d:3d:da:cf:8b:f2:0a:35:81:61:96:21:e7:8e:78:f7:7f:
c4:82:2e:aa:5c:8d:ce:7a:95:e3:38:e0:07:37:8d:be:93:aa:
eb:6a:54:5b:4d:3d:e6:6c:bf:15:04:e6:09:ee:16:bb:f4:5c:
41:39:c2:47:71:ee:cd:c9:6b:c9:50:03:9a:f5:6c:22:7c:26:
43:27:fc:df:46:d3:92:1c:ea:81:e0:2c:7c:01:db:54:5b:11:
54:c8:20:e9:33:97:cc:36:c0:e5:44:2d:73:8e:96:cd:73:8c:
eb:26:79:54:22:78:6e:9b:68:0d:37:80:5f:5d:18:c9:08:53:
97:88:03:e5:27:66:b0:47:5f:00:fb:29:41:7c:76:64:3d:e7:
78:aa:6d:38:73:98:db:3e:cf:a2:cd:53:1a:97:a0:ac:ee:16:
72:f0:6c:86:88:c2:a7:a2:a0:72:ec:9e:e3:9d:db:a5:98:0a:
fd:5a:db:33
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYflmBntv3q62+OwGz5P5qYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTA0MDcwOTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2ZjMzRhNTc4NDVhYmQ5YzZlZmFlMmI4YzRlNWQxOGFkNDExNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhBRtJ28/x5bewIky04tCIy6O9Y
nzM2JZ2RW9UtbIhZXBBqw2VS/vt9pWskPTZvfotIHanVdCO9fCcFZwC4azNOLgMp
FoE8JkrUBCVYGzGxrL7wU5Gt3E+2wMjcc1wQfIF1YUCwOT5LW6hK2el62gkoGgiC
3g4mhsTEfN1O2pnXlw8s6HcRS7Ll4YrqmLMruSgPl1R25K1GhVM3EImhDcZf6s0g
fsHkILXQ8ndrU+PLl2G5+kjFL3pHCFr7ZWl/6B/8oJP/lkVwCg6MwduCsQHcCMYU
kheI14TUqhsaD8pwgF4Hs34Cxh5h5rPy/0krqL4qVfxxMTbZoo9j2S8XRQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFBz8NKV4RavZxu+uK4xOXRitQRZ5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSFB3MHBYaEZxOW5HNzY0cmpFNWRHSzFCRm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAPsWEAwQA
W9EMAwQAZ80ZMAwDBACy78EDBACy78IDBACy78gwDQYJKoZIhvcNAQELBQADggEB
ACfMCwc140dfcWb8Y+Mkrxcjkgf0fH2tk9k40TuZPsQPZsAfBPnu74bhpz0jD/ca
PJkIba7Bh0/WwncciYS5NcL82EiBuN1Pyit9PdrPi/IKNYFhliHnjnj3f8SCLqpc
jc56leM44Ac3jb6TqutqVFtNPeZsvxUE5gnuFrv0XEE5wkdx7s3Ja8lQA5r1bCJ8
JkMn/N9G05Ic6oHgLHwB21RbEVTIIOkzl8w2wOVELXOOls1zjOsmeVQieG6baA03
gF9dGMkIU5eIA+UnZrBHXwD7KUF8dmQ953iqbThzmNs+z6LNUxqXoKzuFnLwbIaI
wqeioHLsnuOd26WYCv1a2zM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org