Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KtnEKmm0322Nzj3hNV2QPLT_NnY.roa
File: KtnEKmm0322Nzj3hNV2QPLT_NnY.roa (raw, json)
Hash identifier: cx3tv12Z16EusJAhXFhXsZWG7vRDovOy9vRiIxf/Ojg=
Subject key identifier: 2A:D9:C4:2A:69:B4:DF:6D:8D:CE:3D:E1:35:5D:90:3C:B4:FF:36:76
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01872426847B18C6274A3CCDEFCD25EB47BD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KtnEKmm0322Nzj3hNV2QPLT_NnY.roa
Signing time: Mon 27 Mar 2023 17:38:36 +0000
ROA not before: Mon 27 Mar 2023 17:38:36 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44103
IP address blocks: 185.121.228.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:24:26:84:7b:18:c6:27:4a:3c:cd:ef:cd:25:eb:47:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 27 17:38:36 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2ad9c42a69b4df6d8dce3de1355d903cb4ff3676
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:18:96:4f:f6:03:12:11:a1:6b:9f:cf:9d:90:
e8:50:84:6a:68:04:00:7b:d8:cc:f7:fd:2a:18:02:
df:ed:f6:76:29:a0:8d:30:79:36:6a:ef:50:45:5e:
f5:cb:b2:d6:39:09:c7:13:ac:eb:ee:ee:02:7f:c5:
cf:26:3a:aa:13:db:de:79:85:4f:8a:34:75:1b:45:
b9:96:5d:2c:fc:1c:61:88:1e:a0:a6:24:22:0c:b2:
8f:9b:b3:b2:60:f9:82:1a:6e:42:c9:d7:78:60:c1:
50:d6:1e:5a:b6:ef:6e:c4:1d:de:2a:45:26:73:26:
90:08:f3:9b:8d:03:d8:0a:11:81:d7:30:c3:26:de:
70:cd:ae:c6:49:99:18:a8:c7:14:67:bb:19:69:6d:
d9:7c:57:37:62:1c:81:32:4a:df:00:6f:62:88:4e:
a5:5f:e7:95:76:66:18:75:d5:4a:51:60:85:0e:80:
dc:5a:61:ba:2a:52:6a:25:89:57:99:e2:03:bb:1e:
c5:37:90:92:7f:af:66:7c:df:9f:1b:71:b9:ae:bd:
e7:ee:20:1f:6a:19:a1:bc:5f:1a:59:91:5c:ba:d2:
f7:96:a8:e4:85:10:21:75:05:c9:b5:20:6c:8d:29:
73:72:36:fb:cd:d0:2b:0b:fe:91:33:45:af:70:71:
f0:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:D9:C4:2A:69:B4:DF:6D:8D:CE:3D:E1:35:5D:90:3C:B4:FF:36:76
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KtnEKmm0322Nzj3hNV2QPLT_NnY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.75.62.0/24
185.121.228.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:07:b0:f6:43:53:9e:b8:bc:b5:45:a3:9e:7d:c1:63:5f:58:
f7:88:9d:84:ec:95:f9:5e:97:42:30:f6:72:2e:3b:67:e3:3f:
18:a0:84:03:03:6b:4b:a2:d8:e5:8e:e3:91:0c:d6:8c:83:2c:
b8:be:73:78:73:0d:2e:49:05:ae:ff:96:ab:43:f3:48:73:69:
f8:98:36:9c:62:bc:4c:fd:2d:aa:7b:fc:44:bb:a3:40:7c:25:
9c:20:a0:0a:70:92:ac:59:5a:15:55:b6:fc:49:0e:d0:9b:dd:
54:59:98:b0:e8:76:03:4a:6e:3a:98:2e:3b:63:c8:fa:42:ec:
a5:32:12:89:96:ef:09:e8:ac:cd:d5:d0:4c:35:14:4b:6b:2f:
68:f1:e7:c6:42:38:53:e1:d6:54:c8:15:59:de:2a:55:a2:07:
93:2d:37:84:2c:30:12:9b:29:a8:80:02:e4:bb:68:21:86:ec:
d8:63:a6:21:e1:dd:95:b1:df:72:dc:e1:b2:1f:72:0d:79:31:
ad:b5:e0:53:8b:2a:75:b0:4c:ef:16:64:1e:24:2b:14:44:e9:
7d:75:52:75:d1:8a:ab:be:a6:ae:10:82:9e:a1:ff:bd:b1:e2:
3a:d1:06:c8:eb:78:46:a7:f0:99:28:21:37:4c:d1:c4:c5:fa:
55:6a:f9:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYckJoR7GMYnSjzN780l60e9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI3MTczODM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQ5YzQyYTY5YjRkZjZkOGRjZTNkZTEzNTVkOTAzY2I0ZmYzNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxiWT/YDEhGha5/PnZDoUIRqaAQA
e9jM9/0qGALf7fZ2KaCNMHk2au9QRV71y7LWOQnHE6zr7u4Cf8XPJjqqE9veeYVP
ijR1G0W5ll0s/BxhiB6gpiQiDLKPm7OyYPmCGm5Cydd4YMFQ1h5atu9uxB3eKkUm
cyaQCPObjQPYChGB1zDDJt5wza7GSZkYqMcUZ7sZaW3ZfFc3YhyBMkrfAG9iiE6l
X+eVdmYYddVKUWCFDoDcWmG6KlJqJYlXmeIDux7FN5CSf69mfN+fG3G5rr3n7iAf
ahmhvF8aWZFcutL3lqjkhRAhdQXJtSBsjSlzcjb7zdArC/6RM0WvcHHwfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCrZxCpptN9tjc494TVdkDy0/zZ2MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS3RuRUttbTAzMjJOemozaE5WMlFQTFRfTm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATUs+AwQA
uXnkMA0GCSqGSIb3DQEBCwUAA4IBAQBPB7D2Q1OeuLy1RaOefcFjX1j3iJ2E7JX5
XpdCMPZyLjtn4z8YoIQDA2tLotjljuORDNaMgyy4vnN4cw0uSQWu/5arQ/NIc2n4
mDacYrxM/S2qe/xEu6NAfCWcIKAKcJKsWVoVVbb8SQ7Qm91UWZiw6HYDSm46mC47
Y8j6QuylMhKJlu8J6KzN1dBMNRRLay9o8efGQjhT4dZUyBVZ3ipVogeTLTeELDAS
mymogALku2ghhuzYY6Yh4d2Vsd9y3OGyH3INeTGtteBTiyp1sEzvFmQeJCsUROl9
dVJ10YqrvqauEIKeof+9seI60QbI63hGp/CZKCE3TNHExfpVavnm
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org