Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NWzrZhmw6YFWNMkZ3nGXaCdVvkI.roa
File: NWzrZhmw6YFWNMkZ3nGXaCdVvkI.roa (raw, json)
Hash identifier: AAj5+x/QFbsfWp0NXgu4BeeSgxdHAzhogQkbN8vErnQ=
Subject key identifier: 35:6C:EB:66:19:B0:E9:81:56:34:C9:19:DE:71:97:68:27:55:BE:42
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187173823A6BB4B8851D6B2964DF0065899
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NWzrZhmw6YFWNMkZ3nGXaCdVvkI.roa
Signing time: Sat 25 Mar 2023 05:22:47 +0000
ROA not before: Sat 25 Mar 2023 05:22:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135752
IP address blocks: 178.239.203.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
185.9.55.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:17:38:23:a6:bb:4b:88:51:d6:b2:96:4d:f0:06:58:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 25 05:22:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=356ceb6619b0e9815634c919de7197682755be42
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:d7:75:e4:b8:d2:ad:91:14:ae:4c:87:bc:38:
7c:87:00:a1:4a:aa:fe:88:76:c4:6f:b5:83:92:d0:
c7:be:25:05:0b:03:94:17:ec:7f:7d:f2:5a:a9:c8:
06:01:50:1f:44:59:b0:95:bc:0f:90:4d:0f:64:51:
ae:08:c9:32:b4:87:94:b3:8c:70:32:29:a8:05:25:
cb:04:6e:c4:71:80:f3:b1:6b:d5:b5:92:48:dd:f3:
25:c7:74:0c:0e:9a:04:5b:51:5d:fc:7f:69:d3:7b:
40:a1:b2:e3:c1:b1:69:8f:0a:d5:37:dd:39:9d:a7:
82:e4:2c:9a:3e:24:c3:d6:2f:4b:56:80:b9:b4:22:
11:47:9e:fb:4a:b6:d1:68:4f:45:8a:10:85:18:c9:
a2:69:91:a7:07:07:2b:20:86:c3:f0:75:b2:90:4a:
1e:e4:71:83:e8:31:f2:ed:4a:2a:2a:22:80:3c:e6:
08:65:3f:48:b9:44:2b:59:b9:0a:d1:c2:5e:2d:72:
a5:1b:71:1b:d9:f8:09:9a:ed:78:ae:be:06:dc:3b:
5d:9f:e7:39:03:7f:52:ad:32:a4:9b:3c:fb:fb:ca:
c2:cd:49:c9:58:7a:a7:71:cc:ed:0b:68:45:1f:e8:
99:ed:33:26:a5:54:7f:b1:77:a7:5e:c1:cf:8e:72:
44:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:6C:EB:66:19:B0:E9:81:56:34:C9:19:DE:71:97:68:27:55:BE:42
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NWzrZhmw6YFWNMkZ3nGXaCdVvkI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.160.0/24
178.239.203.0/24
185.9.55.0/24
185.103.74.0/24
Signature Algorithm: sha256WithRSAEncryption
1e:2c:da:b2:ac:6b:cc:2b:2d:d2:9e:77:dc:2e:ea:e6:a3:b7:
f7:70:2f:4f:34:4a:53:44:08:a5:48:1d:3a:be:59:2d:ba:6b:
c0:bf:6c:52:0d:22:ee:70:70:77:29:d8:9c:32:82:99:8a:e8:
ab:6f:77:c2:16:5e:13:d6:f1:85:c8:91:0c:77:b5:14:41:9d:
9e:98:0e:52:af:04:eb:1d:bb:a6:b0:2a:9c:b7:39:c4:4b:14:
bc:fd:4d:9b:aa:34:d8:25:df:ca:44:0d:c2:50:b2:ca:f1:f9:
da:19:bd:a4:73:15:8c:ce:3f:ad:f3:3b:bc:e7:e8:95:da:a2:
f7:6e:71:13:12:10:55:e1:6a:ee:db:42:57:27:4d:5b:b9:5d:
94:25:12:0f:a5:0a:67:74:ca:9e:a5:c3:df:43:c7:98:06:d2:
20:14:ec:00:f4:fa:cf:06:7a:93:f9:36:7a:ec:55:a9:27:48:
47:ad:bf:30:17:a2:60:e8:d4:e6:85:cc:93:3e:6e:09:4d:f7:
fc:44:9d:f9:de:4f:f9:c4:8d:7c:a3:71:eb:86:68:19:af:4f:
e3:69:07:26:a1:63:50:c9:af:29:b0:6f:57:a5:0a:5d:7f:cc:
21:b9:d4:de:af:34:05:73:be:f4:39:9b:8b:c7:a6:ef:85:b4:
0c:ff:f2:5b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYcXOCOmu0uIUdaylk3wBliZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI1MDUyMjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTZjZWI2NjE5YjBlOTgxNTYzNGM5MTlkZTcxOTc2ODI3NTViZTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9d15LjSrZEUrkyHvDh8hwChSqr+
iHbEb7WDktDHviUFCwOUF+x/ffJaqcgGAVAfRFmwlbwPkE0PZFGuCMkytIeUs4xw
MimoBSXLBG7EcYDzsWvVtZJI3fMlx3QMDpoEW1Fd/H9p03tAobLjwbFpjwrVN905
naeC5CyaPiTD1i9LVoC5tCIRR577SrbRaE9FihCFGMmiaZGnBwcrIIbD8HWykEoe
5HGD6DHy7UoqKiKAPOYIZT9IuUQrWbkK0cJeLXKlG3Eb2fgJmu14rr4G3Dtdn+c5
A39SrTKkmzz7+8rCzUnJWHqnccztC2hFH+iZ7TMmpVR/sXenXsHPjnJErQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDVs62YZsOmBVjTJGd5xl2gnVb5CMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTld6clpobXc2WUZXTk1rWjNuR1hhQ2RWdmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWSigAwQA
su/LAwQAuQk3AwQAuWdKMA0GCSqGSIb3DQEBCwUAA4IBAQAeLNqyrGvMKy3Snnfc
Lurmo7f3cC9PNEpTRAilSB06vlktumvAv2xSDSLucHB3KdicMoKZiuirb3fCFl4T
1vGFyJEMd7UUQZ2emA5SrwTrHbumsCqctznESxS8/U2bqjTYJd/KRA3CULLK8fna
Gb2kcxWMzj+t8zu85+iV2qL3bnETEhBV4Wru20JXJ01buV2UJRIPpQpndMqepcPf
Q8eYBtIgFOwA9PrPBnqT+TZ67FWpJ0hHrb8wF6Jg6NTmhcyTPm4JTff8RJ353k/5
xI18o3HrhmgZr0/jaQcmoWNQya8psG9XpQpdf8whudTerzQFc770OZuLx6bvhbQM
//Jb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org