Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HS7dZkerphiGQ6gvJ2YGZE0r_K8.roa
File: HS7dZkerphiGQ6gvJ2YGZE0r_K8.roa (raw, json)
Hash identifier: 3Bl/A6aoRbAt3z8g/dDQMG8jHgU7qZiatZZHs0od/Ro=
Subject key identifier: 1D:2E:DD:66:47:AB:A6:18:86:43:A8:2F:27:66:06:64:4D:2B:FC:AF
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018876291B56C843595251E5CFA0CFB4E749
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HS7dZkerphiGQ6gvJ2YGZE0r_K8.roa
Signing time: Thu 01 Jun 2023 08:53:05 +0000
ROA not before: Thu 01 Jun 2023 08:53:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.121.229.0/24 maxlen: 24
78.142.242.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:76:29:1b:56:c8:43:59:52:51:e5:cf:a0:cf:b4:e7:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 1 08:53:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1d2edd6647aba6188643a82f276606644d2bfcaf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:ff:f0:4e:08:8d:69:9c:36:5a:c6:2b:cf:c0:
1d:a8:ae:df:66:a7:2d:06:97:c4:f3:0a:32:a5:e9:
c1:7d:c0:a9:8a:d2:65:32:43:85:c9:98:25:f6:a6:
52:56:23:eb:68:af:00:0f:20:7e:67:3e:1f:50:c9:
a7:38:ee:93:df:47:41:c5:71:9f:ca:7b:b9:d5:79:
fa:f3:18:72:21:a6:d2:b1:32:04:cb:4e:ed:1c:50:
74:41:9c:0a:ee:89:68:6f:32:c6:52:63:bf:22:75:
24:11:79:9e:94:d9:0c:f6:0e:ce:81:df:fc:ba:92:
8b:35:fe:b3:03:ed:63:fb:16:e7:6f:41:2b:e1:93:
c6:ec:68:21:bd:a6:f7:ea:41:78:8c:86:38:23:c5:
41:f4:c7:f2:8e:aa:c2:6e:ec:47:8f:f8:61:5c:c5:
47:9e:57:2e:5e:b6:f8:cd:83:e9:bc:9d:d0:19:be:
c3:21:94:a6:e4:ea:07:7d:cc:d9:73:78:de:fe:94:
da:fa:55:af:1c:4b:f4:0c:07:f6:e5:dd:fe:76:40:
38:48:ad:a2:e1:84:23:0c:1d:63:bc:ce:7d:84:fd:
21:67:66:ab:56:8f:ff:bf:92:96:4e:d0:3b:92:b5:
e0:f6:e6:21:47:9d:cd:95:b1:17:65:ac:ef:dd:6a:
33:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:2E:DD:66:47:AB:A6:18:86:43:A8:2F:27:66:06:64:4D:2B:FC:AF
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HS7dZkerphiGQ6gvJ2YGZE0r_K8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/24
93.114.246.0/24
185.103.74.0/24
185.121.229.0/24
194.4.158.0/24
213.32.248.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:c2:58:0d:d0:84:4e:62:15:b3:1d:cb:fb:b5:7e:2a:c4:7f:
db:7c:b3:7f:7d:b2:0b:c2:74:c2:f3:02:97:6b:1c:ec:e1:5c:
25:7d:9d:22:4a:9e:2e:af:b1:c4:5f:17:2a:ff:d4:51:90:86:
3a:26:8f:fc:61:38:f7:81:fc:9f:00:d6:1d:ce:0d:e5:0d:f4:
a7:dd:d5:06:e8:ec:ae:0e:ce:2a:34:e7:2e:b0:21:e3:2f:39:
5e:73:a2:0c:72:b0:25:2a:93:ac:bf:c2:39:57:9a:4e:28:a6:
48:6c:af:bf:e4:60:f3:a0:6b:f9:bc:e3:10:98:4f:f9:72:a0:
8b:46:4d:92:2d:9e:ad:64:36:91:90:70:3c:05:26:99:c8:57:
1e:6c:7e:d8:60:4d:22:2e:b2:53:42:a1:07:ec:a9:2d:b0:84:
5e:1a:c9:7b:7f:ca:c9:b7:75:8d:4c:9d:04:d8:93:20:86:6f:
82:da:44:33:33:c3:70:4e:f0:67:d0:eb:5a:32:6f:ab:c5:21:
7e:ad:29:54:f8:10:df:72:45:5b:5e:c6:52:7b:51:be:10:e4:
83:c3:ae:a2:c4:03:08:df:f1:40:31:67:82:84:e8:89:81:60:
4f:69:5d:31:ad:52:25:7a:07:ca:10:84:92:f4:5b:2d:74:bc:
76:f0:27:6e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYh2KRtWyENZUlHlz6DPtOdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjAxMDg1MzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDJlZGQ2NjQ3YWJhNjE4ODY0M2E4MmYyNzY2MDY2NDRkMmJmY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP/wTgiNaZw2WsYrz8AdqK7fZqct
BpfE8woypenBfcCpitJlMkOFyZgl9qZSViPraK8ADyB+Zz4fUMmnOO6T30dBxXGf
ynu51Xn68xhyIabSsTIEy07tHFB0QZwK7olobzLGUmO/InUkEXmelNkM9g7Ogd/8
upKLNf6zA+1j+xbnb0Er4ZPG7Gghvab36kF4jIY4I8VB9MfyjqrCbuxHj/hhXMVH
nlcuXrb4zYPpvJ3QGb7DIZSm5OoHfczZc3je/pTa+lWvHEv0DAf25d3+dkA4SK2i
4YQjDB1jvM59hP0hZ2arVo//v5KWTtA7krXg9uYhR53NlbEXZazv3WozXQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFB0u3WZHq6YYhkOoLydmBmRNK/yvMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSFM3ZFprZXJwaGlHUTZndkoyWUdaRTByX0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQATo7yAwQA
XXL2AwQAuWdKAwQAuXnlAwQAwgSeAwQA1SD4MA0GCSqGSIb3DQEBCwUAA4IBAQB/
wlgN0IROYhWzHcv7tX4qxH/bfLN/fbILwnTC8wKXaxzs4VwlfZ0iSp4ur7HEXxcq
/9RRkIY6Jo/8YTj3gfyfANYdzg3lDfSn3dUG6OyuDs4qNOcusCHjLzlec6IMcrAl
KpOsv8I5V5pOKKZIbK+/5GDzoGv5vOMQmE/5cqCLRk2SLZ6tZDaRkHA8BSaZyFce
bH7YYE0iLrJTQqEH7KktsIReGsl7f8rJt3WNTJ0E2JMghm+C2kQzM8NwTvBn0Ota
Mm+rxSF+rSlU+BDfckVbXsZSe1G+EOSDw66ixAMI3/FAMWeChOiJgWBPaV0xrVIl
egfKEISS9FstdLx28Cdu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org