Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MXD0VoGkvbXbGzi1RBvo7yTOyAM.roa
File: MXD0VoGkvbXbGzi1RBvo7yTOyAM.roa (raw, json)
Hash identifier: FhrU09Vlme0IuI4mVI1MsiCCrqpDjx0ezN7m1vaQQ+s=
Subject key identifier: 31:70:F4:56:81:A4:BD:B5:DB:1B:38:B5:44:1B:E8:EF:24:CE:C8:03
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018773E21406305C2DF8125E72FC69CFED32
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MXD0VoGkvbXbGzi1RBvo7yTOyAM.roa
Signing time: Wed 12 Apr 2023 05:13:28 +0000
ROA not before: Wed 12 Apr 2023 05:13:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61138
IP address blocks: 93.115.255.0/24 maxlen: 24
188.213.202.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
188.214.209.0/24 maxlen: 24
188.214.208.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:73:e2:14:06:30:5c:2d:f8:12:5e:72:fc:69:cf:ed:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 12 05:13:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3170f45681a4bdb5db1b38b5441be8ef24cec803
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:9b:f3:cf:b0:20:3f:e5:55:1a:70:80:08:e6:
35:47:89:c3:eb:d3:75:ca:12:ed:53:19:0d:59:47:
1e:62:18:c2:13:c5:8f:a1:9c:29:c0:85:9e:22:53:
d2:1f:86:43:64:11:8d:46:96:64:12:66:c2:63:76:
49:6f:61:b4:8d:ec:6b:1f:36:61:f7:09:17:07:16:
ae:f3:23:d3:29:00:70:42:b0:c7:a4:ed:b0:6a:00:
19:09:18:b5:64:b1:ac:5f:63:86:c3:7e:39:ce:10:
6f:f7:2e:83:e5:29:64:af:92:94:cb:a0:6b:da:0f:
a4:bc:ca:4a:cd:c8:68:9d:32:e3:a5:1a:ee:33:5b:
b9:a5:71:9c:e5:ab:40:ee:6e:93:9a:49:c2:53:e6:
00:1f:45:14:3d:62:38:e2:f5:56:07:13:54:b6:ed:
fd:21:2c:4c:de:59:df:b3:1a:99:0c:88:a4:a8:d4:
4b:8e:5a:f7:f8:b3:fb:b2:7f:3c:e6:8b:cf:3b:63:
e6:0a:84:df:98:40:bd:4c:f7:49:ca:0e:a3:45:52:
33:6d:48:5a:4a:66:21:96:04:a4:cd:4d:83:3a:72:
2a:5d:35:3c:a5:60:04:80:46:de:7d:8d:99:e7:4f:
a5:f7:3e:65:b4:f2:89:92:ff:90:57:40:af:17:e0:
c2:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:70:F4:56:81:A4:BD:B5:DB:1B:38:B5:44:1B:E8:EF:24:CE:C8:03
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MXD0VoGkvbXbGzi1RBvo7yTOyAM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.197.135.0/24
93.115.255.0/24
188.213.202.0/24
188.214.208.0/23
Signature Algorithm: sha256WithRSAEncryption
79:21:02:15:7a:ce:90:3b:98:e3:4f:37:94:73:0d:cc:c2:54:
49:2d:32:60:95:56:4a:cc:39:b0:b4:62:8d:54:25:d3:48:3d:
a3:fa:61:a4:2b:09:46:22:35:7f:94:c2:14:ee:32:c9:7d:08:
a8:89:a1:fe:cf:df:0c:e1:51:ac:66:2e:63:fd:b9:4a:10:ad:
b2:14:d1:c6:d1:f4:d7:2f:c3:8e:be:37:2e:c1:2c:eb:b3:67:
32:c9:74:1a:0d:bc:18:1e:82:70:4b:0d:c6:b8:e4:85:7d:91:
b1:2f:a6:b3:87:ba:a4:75:2b:f0:bc:fd:29:da:bf:77:05:ba:
88:63:a1:d0:6c:40:9a:14:a8:41:ad:3e:d7:de:59:ce:2a:a2:
21:83:e8:5c:3f:1c:45:13:8a:d5:ad:e3:67:c0:ee:a2:d9:ef:
38:27:e1:e6:8d:34:14:fa:f5:f6:df:f1:26:22:d6:2a:82:10:
cb:76:b2:b9:84:1b:9b:82:e9:c9:8a:e9:ed:82:8f:95:93:e8:
9a:b7:0b:8c:73:12:b8:36:a7:16:db:72:59:75:63:6f:ab:5f:
96:f2:45:3b:79:f5:98:b8:93:32:bd:c6:e1:a8:16:f0:05:fd:
90:43:51:00:5c:27:3c:d0:15:fb:b3:98:3c:04:56:ec:c6:fc:
ae:f9:88:b2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYdz4hQGMFwt+BJecvxpz+0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEyMDUxMzI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTcwZjQ1NjgxYTRiZGI1ZGIxYjM4YjU0NDFiZThlZjI0Y2VjODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5vzz7AgP+VVGnCACOY1R4nD69N1
yhLtUxkNWUceYhjCE8WPoZwpwIWeIlPSH4ZDZBGNRpZkEmbCY3ZJb2G0jexrHzZh
9wkXBxau8yPTKQBwQrDHpO2wagAZCRi1ZLGsX2OGw345zhBv9y6D5Slkr5KUy6Br
2g+kvMpKzchonTLjpRruM1u5pXGc5atA7m6TmknCU+YAH0UUPWI44vVWBxNUtu39
ISxM3lnfsxqZDIikqNRLjlr3+LP7sn885ovPO2PmCoTfmEC9TPdJyg6jRVIzbUha
SmYhlgSkzU2DOnIqXTU8pWAEgEbefY2Z50+l9z5ltPKJkv+QV0CvF+DCywIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDFw9FaBpL212xs4tUQb6O8kzsgDMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTVhEMFZvR2t2YlhiR3ppMVJCdm83eVRPeUFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAPsWHAwQA
XXP/AwQAvNXKAwQBvNbQMA0GCSqGSIb3DQEBCwUAA4IBAQB5IQIVes6QO5jjTzeU
cw3MwlRJLTJglVZKzDmwtGKNVCXTSD2j+mGkKwlGIjV/lMIU7jLJfQioiaH+z98M
4VGsZi5j/blKEK2yFNHG0fTXL8OOvjcuwSzrs2cyyXQaDbwYHoJwSw3GuOSFfZGx
L6azh7qkdSvwvP0p2r93BbqIY6HQbECaFKhBrT7X3lnOKqIhg+hcPxxFE4rVreNn
wO6i2e84J+HmjTQU+vX23/EmItYqghDLdrK5hBubgunJiuntgo+Vk+iatwuMcxK4
NqcW23JZdWNvq1+W8kU7efWYuJMyvcbhqBbwBf2QQ1EAXCc80BX7s5g8BFbsxvyu
+Yiy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org