Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MPwHed5W_g2XSCwEhSjoPDyQmWg.roa
File: MPwHed5W_g2XSCwEhSjoPDyQmWg.roa (raw, json)
Hash identifier: YwHR52NWRN1RhPtyl5IrX/7ARI20jaPPQAjqN+w4hLE=
Subject key identifier: 30:FC:07:79:DE:56:FE:0D:97:48:2C:04:85:28:E8:3C:3C:90:99:68
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187DB3F7E916D12094EA99DC4CEDE8D5297
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MPwHed5W_g2XSCwEhSjoPDyQmWg.roa
Signing time: Tue 02 May 2023 06:56:24 +0000
ROA not before: Tue 02 May 2023 06:56:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.121.229.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:db:3f:7e:91:6d:12:09:4e:a9:9d:c4:ce:de:8d:52:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 2 06:56:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=30fc0779de56fe0d97482c048528e83c3c909968
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:53:fe:0c:f8:93:90:48:5b:20:71:87:9c:5b:
45:c1:ca:74:11:91:4e:7f:f3:db:d4:d2:b4:4f:ee:
48:8b:3a:b4:32:bb:d7:7a:57:54:bb:96:e3:58:bb:
69:80:e3:ae:36:3c:d9:bb:ec:76:06:11:1e:60:f9:
df:43:26:62:0c:e3:f7:66:0d:db:57:3e:d3:17:41:
01:3a:22:99:b7:7f:4e:24:e4:26:43:e2:1b:cf:3e:
cd:2c:d0:81:86:c0:fb:40:35:f5:84:24:74:55:7d:
ed:6c:b6:3a:ed:bc:93:72:5e:b2:68:1e:c0:90:77:
66:68:aa:4d:a3:22:c4:94:17:ca:9e:6b:1b:9e:d4:
7e:a1:7d:46:a2:78:ff:d1:23:cc:c8:45:52:a9:b5:
b3:60:70:cf:21:89:a2:64:d0:f4:6b:6f:69:83:d9:
74:e6:eb:54:41:5e:da:f0:48:b7:97:fb:fc:c1:f1:
bb:5e:8c:69:fe:ed:90:1c:f9:33:02:1d:3e:c5:78:
2d:bf:cc:20:74:9b:6c:c0:3f:78:dd:a2:99:1e:74:
5e:1a:a7:b6:38:d8:8a:e4:64:83:e7:92:6d:8c:9f:
0e:64:d8:fa:33:e7:48:28:10:37:39:7a:b2:e6:a3:
fd:e0:0a:b5:2e:5b:b9:c2:5c:d5:9b:1b:ce:b0:3c:
67:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:FC:07:79:DE:56:FE:0D:97:48:2C:04:85:28:E8:3C:3C:90:99:68
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MPwHed5W_g2XSCwEhSjoPDyQmWg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.114.246.0/24
185.103.74.0/24
185.115.144.0/24
185.121.229.0/24
194.4.158.0/24
213.32.248.0/24
Signature Algorithm: sha256WithRSAEncryption
6c:fd:db:9f:10:1b:f9:54:b3:3f:f2:4f:6f:e7:53:8d:03:21:
a8:5e:ed:23:65:f3:fd:ca:41:76:d2:09:d8:35:99:f6:7e:fc:
8b:26:07:ce:aa:03:33:99:ca:44:60:b9:69:5f:6f:76:ad:b6:
10:a0:d5:d0:c7:77:fd:e0:66:4c:4e:2a:4b:64:8d:38:af:c3:
de:bc:f3:a5:9c:62:47:57:47:cc:32:bc:72:9c:18:1a:24:77:
e8:59:cf:55:5d:d3:a3:16:fa:4b:d1:2f:e5:b8:7c:10:8f:e4:
59:a2:cb:61:50:59:de:73:e7:d4:65:6a:21:94:ab:34:c4:8e:
92:07:71:94:16:3a:17:a6:58:16:7a:a3:5b:f8:fe:14:3b:23:
9a:08:c9:26:54:bc:cb:f9:57:28:1b:ee:4e:0a:8f:af:14:72:
6d:8f:2b:b7:80:75:09:b6:5e:76:44:bc:9e:32:51:73:04:c1:
c0:2a:7c:76:9c:89:da:90:ff:4a:fe:fe:13:3f:86:8a:5e:d8:
26:2a:cc:05:36:c4:f8:df:94:7c:12:a5:10:08:d8:08:b4:1e:
8b:2c:65:f7:c7:8d:9a:75:a3:1e:9d:1e:51:34:1b:44:4d:c8:
a9:ff:81:1a:09:bb:df:2a:e2:e5:9c:5d:e9:fc:c8:4f:43:00:
db:a7:21:20
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYfbP36RbRIJTqmdxM7ejVKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTAyMDY1NjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGZjMDc3OWRlNTZmZTBkOTc0ODJjMDQ4NTI4ZTgzYzNjOTA5OTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylP+DPiTkEhbIHGHnFtFwcp0EZFO
f/Pb1NK0T+5Iizq0MrvXeldUu5bjWLtpgOOuNjzZu+x2BhEeYPnfQyZiDOP3Zg3b
Vz7TF0EBOiKZt39OJOQmQ+Ibzz7NLNCBhsD7QDX1hCR0VX3tbLY67byTcl6yaB7A
kHdmaKpNoyLElBfKnmsbntR+oX1Gonj/0SPMyEVSqbWzYHDPIYmiZND0a29pg9l0
5utUQV7a8Ei3l/v8wfG7Xoxp/u2QHPkzAh0+xXgtv8wgdJtswD943aKZHnReGqe2
ONiK5GSD55JtjJ8OZNj6M+dIKBA3OXqy5qP94Aq1Llu5wlzVmxvOsDxnrQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDD8B3neVv4Nl0gsBIUo6Dw8kJloMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTVB3SGVkNVdfZzJYU0N3RWhTam9QRHlRbVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAXXL2AwQA
uWdKAwQAuXOQAwQAuXnlAwQAwgSeAwQA1SD4MA0GCSqGSIb3DQEBCwUAA4IBAQBs
/dufEBv5VLM/8k9v51ONAyGoXu0jZfP9ykF20gnYNZn2fvyLJgfOqgMzmcpEYLlp
X292rbYQoNXQx3f94GZMTipLZI04r8PevPOlnGJHV0fMMrxynBgaJHfoWc9VXdOj
FvpL0S/luHwQj+RZosthUFnec+fUZWohlKs0xI6SB3GUFjoXplgWeqNb+P4UOyOa
CMkmVLzL+VcoG+5OCo+vFHJtjyu3gHUJtl52RLyeMlFzBMHAKnx2nInakP9K/v4T
P4aKXtgmKswFNsT435R8EqUQCNgItB6LLGX3x42adaMenR5RNBtETcip/4EaCbvf
KuLlnF3p/MhPQwDbpyEg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org