Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PQk7HIf59ghsWUMNpmMVUDw5qpA.roa
File: PQk7HIf59ghsWUMNpmMVUDw5qpA.roa (raw, json)
Hash identifier: zCWdkVopMY+tsMyk02A4RvmgS89ws9R8I/+7SpjxZrI=
Subject key identifier: 3D:09:3B:1C:87:F9:F6:08:6C:59:43:0D:A6:63:15:50:3C:39:AA:90
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01867A563F3368F0FC29D2F90CB9914E0467
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PQk7HIf59ghsWUMNpmMVUDw5qpA.roa
Signing time: Wed 22 Feb 2023 18:15:17 +0000
ROA not before: Wed 22 Feb 2023 18:15:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135752
IP address blocks: 178.239.203.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
193.42.52.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:7a:56:3f:33:68:f0:fc:29:d2:f9:0c:b9:91:4e:04:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 22 18:15:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3d093b1c87f9f6086c59430da66315503c39aa90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:9a:92:af:f4:2c:ea:16:18:cb:7e:2d:60:14:
ce:a7:88:ea:d3:d8:bf:0b:98:97:64:ca:62:87:96:
d3:e3:62:8a:5e:4b:bd:1d:62:f0:ad:90:95:af:8f:
4e:78:bd:38:02:78:8f:e4:e5:e9:21:46:2d:0a:5d:
8c:1b:f9:74:61:92:e7:09:8a:6d:a0:2d:3a:d1:52:
b1:e1:c9:6e:b4:01:0c:63:2c:df:9b:e8:59:da:17:
8d:73:46:7d:0f:0c:7e:12:cc:c2:f6:f2:b3:a7:1e:
30:08:20:ea:56:24:df:60:3e:6c:61:a7:30:1e:b1:
87:22:dd:3b:76:73:0e:9c:d8:92:73:65:5f:72:ec:
56:be:38:5b:ec:46:35:99:65:15:70:bb:25:fd:fd:
f5:98:9c:1b:26:d5:a4:cc:1b:7c:03:4c:a7:76:53:
30:3c:80:48:63:fe:33:35:48:be:e9:32:98:95:4b:
27:88:d5:59:4b:0c:d8:ce:dc:52:e3:9a:0e:80:06:
97:08:fe:c7:c1:25:c1:ea:9e:43:4e:2c:b2:dc:2b:
9a:ad:b3:99:99:30:30:46:9d:c5:24:28:ec:a0:7e:
9b:1b:4b:6b:a7:37:6c:9b:ff:64:14:82:8b:14:ad:
86:1b:5f:22:e6:a3:77:d1:64:f4:d1:dc:40:1f:e1:
ca:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:09:3B:1C:87:F9:F6:08:6C:59:43:0D:A6:63:15:50:3C:39:AA:90
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/PQk7HIf59ghsWUMNpmMVUDw5qpA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.160.0/24
178.239.203.0/24
185.103.74.0/24
193.42.52.0/24
Signature Algorithm: sha256WithRSAEncryption
88:e1:0b:34:d2:d5:ad:91:85:97:87:24:7f:40:fe:96:ed:03:
94:5d:d4:1a:4c:18:d9:f1:d5:12:e7:2e:9c:82:a6:af:fa:6d:
65:18:1c:25:0b:1b:70:ff:dc:e3:26:66:ec:f1:fa:54:94:68:
78:8d:3c:f7:91:5c:70:a7:6e:91:08:07:63:f2:a3:8d:d0:18:
d3:02:df:9c:91:db:c0:7d:24:c9:84:22:20:9a:18:0d:2a:6e:
9d:36:8f:9b:2a:8a:74:26:1a:f9:e9:a3:94:7c:66:3b:60:e0:
b0:aa:b0:e4:8c:67:78:88:19:84:cf:0f:38:ff:3d:ea:45:20:
f0:38:3c:a6:6f:62:aa:f6:99:40:e9:a4:b7:56:dc:82:37:19:
77:01:9c:f7:c0:76:18:32:fc:f0:e6:c1:50:31:4b:5d:cb:30:
5c:f2:06:03:20:12:26:ea:da:87:42:c6:94:13:f3:4f:fb:b9:
4c:61:b3:b1:64:aa:67:37:9e:e4:c2:dd:a2:12:d3:7b:b2:84:
73:28:86:3d:16:21:12:43:01:b3:1f:e2:da:6c:42:a8:eb:8d:
f9:52:9b:ed:98:83:25:6b:37:05:38:f4:a4:6c:3d:ca:c9:e7:
e5:50:68:73:fd:39:af:72:e0:e1:97:ea:bd:1f:4e:e4:99:c3:
fc:66:4f:a7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYZ6Vj8zaPD8KdL5DLmRTgRnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjIyMTgxNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDA5M2IxYzg3ZjlmNjA4NmM1OTQzMGRhNjYzMTU1MDNjMzlhYTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspqSr/Qs6hYYy34tYBTOp4jq09i/
C5iXZMpih5bT42KKXku9HWLwrZCVr49OeL04AniP5OXpIUYtCl2MG/l0YZLnCYpt
oC060VKx4clutAEMYyzfm+hZ2heNc0Z9Dwx+EszC9vKzpx4wCCDqViTfYD5sYacw
HrGHIt07dnMOnNiSc2VfcuxWvjhb7EY1mWUVcLsl/f31mJwbJtWkzBt8A0yndlMw
PIBIY/4zNUi+6TKYlUsniNVZSwzYztxS45oOgAaXCP7HwSXB6p5DTiyy3CuarbOZ
mTAwRp3FJCjsoH6bG0trpzdsm/9kFIKLFK2GG18i5qN30WT00dxAH+HKdwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD0JOxyH+fYIbFlDDaZjFVA8OaqQMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUFFrN0hJZjU5Z2hzV1VNTnBtTVZVRHc1cXBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWSigAwQA
su/LAwQAuWdKAwQAwSo0MA0GCSqGSIb3DQEBCwUAA4IBAQCI4Qs00tWtkYWXhyR/
QP6W7QOUXdQaTBjZ8dUS5y6cgqav+m1lGBwlCxtw/9zjJmbs8fpUlGh4jTz3kVxw
p26RCAdj8qON0BjTAt+ckdvAfSTJhCIgmhgNKm6dNo+bKop0Jhr56aOUfGY7YOCw
qrDkjGd4iBmEzw84/z3qRSDwODymb2Kq9plA6aS3VtyCNxl3AZz3wHYYMvzw5sFQ
MUtdyzBc8gYDIBIm6tqHQsaUE/NP+7lMYbOxZKpnN57kwt2iEtN7soRzKIY9FiES
QwGzH+LabEKo6435UpvtmIMlazcFOPSkbD3KyeflUGhz/TmvcuDhl+q9H07kmcP8
Zk+n
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org