Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KIJ5qyjpHyfdbSyf8HzcIZFgZ0s.roa
File: KIJ5qyjpHyfdbSyf8HzcIZFgZ0s.roa (raw, json)
Hash identifier: Z9cea0j2Vota1O/jOkEdMSMHp2r0lBIUEZJYKLrmVlE=
Subject key identifier: 28:82:79:AB:28:E9:1F:27:DD:6D:2C:9F:F0:7C:DC:21:91:60:67:4B
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01870DB3E8591945BD28E23D5921470794F1
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KIJ5qyjpHyfdbSyf8HzcIZFgZ0s.roa
Signing time: Thu 23 Mar 2023 09:01:46 +0000
ROA not before: Thu 23 Mar 2023 09:01:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135752
IP address blocks: 178.239.203.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
185.9.55.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:0d:b3:e8:59:19:45:bd:28:e2:3d:59:21:47:07:94:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 23 09:01:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=288279ab28e91f27dd6d2c9ff07cdc219160674b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:8e:8d:7f:04:7f:98:fc:1a:f2:3a:e8:98:ed:
9f:f4:f4:79:86:81:25:a2:fc:b0:c7:58:e6:1d:7e:
ff:23:8c:c1:84:44:1b:dc:6c:3b:6f:2f:d3:c0:4c:
dd:74:ab:d9:ed:42:7e:eb:53:f4:53:a1:45:17:18:
c1:b8:c1:5a:29:59:89:d1:f4:7f:bc:72:ec:3b:33:
8a:9f:ea:e1:eb:f0:6c:94:c6:f6:51:3c:01:d6:ee:
27:6e:00:99:e3:7f:1a:a2:19:a0:47:22:a8:ba:c6:
a1:e8:da:44:c2:cc:7a:7c:30:0c:de:69:cb:43:03:
d0:cd:ee:0e:04:63:f3:07:c1:c4:34:6a:13:47:e2:
b5:1b:d4:ea:3b:cf:13:86:68:5b:54:e1:2b:56:cf:
8c:eb:da:f4:9b:a3:2e:b1:ec:85:0f:5a:07:38:13:
29:8c:4a:d1:fd:3f:53:69:8b:32:c9:5c:bc:f1:0a:
e9:9a:e0:38:66:fb:77:a0:4b:cf:45:78:ec:c9:3f:
79:af:5b:08:ec:e2:50:a3:d4:d5:07:b1:19:76:5d:
ee:e6:32:bf:c1:89:fe:7c:96:6c:52:f5:e9:a0:18:
44:8c:d5:90:3b:66:cc:4d:31:71:13:f2:82:a5:a9:
cb:8a:c7:09:5d:13:92:7f:c0:62:d1:51:a7:3f:ec:
fa:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:82:79:AB:28:E9:1F:27:DD:6D:2C:9F:F0:7C:DC:21:91:60:67:4B
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KIJ5qyjpHyfdbSyf8HzcIZFgZ0s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.160.0/24
89.43.210.0/24
178.239.203.0/24
185.9.55.0/24
185.103.74.0/24
Signature Algorithm: sha256WithRSAEncryption
09:11:99:5c:53:7b:5f:7d:4c:d8:b7:56:f6:cf:33:9d:88:f9:
35:0b:7d:67:1c:f9:a2:0a:2d:51:fb:fc:95:52:54:42:37:ba:
3a:39:07:59:bd:e3:23:ec:7f:a2:6c:0f:5e:a4:5e:e9:0e:f9:
80:1e:82:09:d1:ad:3c:d7:e1:62:10:6b:85:52:3c:56:07:bd:
89:84:cf:22:25:38:c1:c8:5a:e8:db:06:e9:a0:41:48:85:70:
73:fa:96:a3:c7:ec:f3:44:7c:0e:56:56:a2:31:74:79:aa:76:
36:4c:b2:1c:72:36:bb:b7:ad:4a:f2:d7:53:d3:b4:df:1d:ff:
eb:95:be:ed:2e:79:a3:ce:87:86:fc:a5:30:0e:03:73:56:a5:
c1:62:2d:c1:41:90:30:fb:e7:4a:30:bb:6a:6b:4f:36:d9:55:
ac:6e:02:95:b7:d0:b9:73:67:e8:02:2b:a1:97:d7:c2:7a:de:
48:d6:2e:a1:2d:cc:d6:0d:2c:e1:1f:9a:2f:05:fc:25:51:07:
7b:53:33:56:98:70:75:b6:10:7a:71:43:be:a1:1f:7c:d8:fe:
41:8b:54:d3:a0:e1:29:f2:3b:11:3e:48:95:a2:ad:88:56:d0:
f3:49:ed:92:57:4f:7a:f6:db:2b:22:01:9b:d5:13:61:be:83:
22:4e:55:b9
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYcNs+hZGUW9KOI9WSFHB5TxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzIzMDkwMTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODgyNzlhYjI4ZTkxZjI3ZGQ2ZDJjOWZmMDdjZGMyMTkxNjA2NzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApo6NfwR/mPwa8jromO2f9PR5hoEl
ovywx1jmHX7/I4zBhEQb3Gw7by/TwEzddKvZ7UJ+61P0U6FFFxjBuMFaKVmJ0fR/
vHLsOzOKn+rh6/BslMb2UTwB1u4nbgCZ438aohmgRyKousah6NpEwsx6fDAM3mnL
QwPQze4OBGPzB8HENGoTR+K1G9TqO88ThmhbVOErVs+M69r0m6MuseyFD1oHOBMp
jErR/T9TaYsyyVy88QrpmuA4Zvt3oEvPRXjsyT95r1sI7OJQo9TVB7EZdl3u5jK/
wYn+fJZsUvXpoBhEjNWQO2bMTTFxE/KCpanLiscJXROSf8Bi0VGnP+z6qQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCiCeaso6R8n3W0sn/B83CGRYGdLMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS0lKNXF5anBIeWZkYlN5ZjhIemNJWkZnWjBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAWSigAwQA
WSvSAwQAsu/LAwQAuQk3AwQAuWdKMA0GCSqGSIb3DQEBCwUAA4IBAQAJEZlcU3tf
fUzYt1b2zzOdiPk1C31nHPmiCi1R+/yVUlRCN7o6OQdZveMj7H+ibA9epF7pDvmA
HoIJ0a081+FiEGuFUjxWB72JhM8iJTjByFro2wbpoEFIhXBz+pajx+zzRHwOVlai
MXR5qnY2TLIccja7t61K8tdT07TfHf/rlb7tLnmjzoeG/KUwDgNzVqXBYi3BQZAw
++dKMLtqa0822VWsbgKVt9C5c2foAiuhl9fCet5I1i6hLczWDSzhH5ovBfwlUQd7
UzNWmHB1thB6cUO+oR982P5Bi1TToOEp8jsRPkiVoq2IVtDzSe2SV0969tsrIgGb
1RNhvoMiTlW5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org