Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QddQqYid1pUav9MCiUDEDU0bTaU.roa
File: QddQqYid1pUav9MCiUDEDU0bTaU.roa (raw, json)
Hash identifier: zOogo2o38d6OjzJbMIulgUJfyPcHzrwl4rcoCYCyBVc=
Subject key identifier: 41:D7:50:A9:88:9D:D6:95:1A:BF:D3:02:89:40:C4:0D:4D:1B:4D:A5
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186B83EADAAD412D64D8FB1C7A7E46341F7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QddQqYid1pUav9MCiUDEDU0bTaU.roa
Signing time: Mon 06 Mar 2023 18:46:00 +0000
ROA not before: Mon 06 Mar 2023 18:46:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 150752
IP address blocks: 178.239.192.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b8:3e:ad:aa:d4:12:d6:4d:8f:b1:c7:a7:e4:63:41:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 6 18:46:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=41d750a9889dd6951abfd3028940c40d4d1b4da5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:7f:5e:ef:b4:c6:57:67:aa:31:1e:5c:c7:fb:
48:8b:96:a0:d6:7e:cf:c9:83:2e:e2:a0:2f:4f:57:
60:7b:01:89:b6:fd:be:77:1f:0f:41:fc:9d:8c:9c:
c0:52:31:63:b0:17:bf:80:ab:64:a1:4b:9b:11:d9:
e7:72:41:41:0f:48:cf:a1:48:7d:6e:44:2c:f9:bd:
a4:c5:dc:46:69:19:c8:59:08:f0:c2:a8:6f:d3:f8:
08:89:cf:81:e1:4c:f4:be:a2:d3:3d:f2:76:45:2b:
c2:5e:63:de:3f:36:99:cb:e3:83:12:ce:64:7d:1c:
2c:06:37:b7:5f:63:58:14:59:93:d9:49:48:c8:73:
aa:73:d2:6f:1f:3b:23:a3:da:8c:ed:94:f6:be:f2:
7d:48:ed:1b:6a:a2:0e:99:93:18:bd:af:cc:91:79:
0f:9e:7c:e0:00:6d:ad:71:26:71:42:c0:4b:90:4c:
4d:f7:40:2d:0e:0f:03:86:ec:69:07:90:e6:55:09:
40:87:a1:ce:32:71:99:a0:09:b0:ba:d1:62:76:0f:
b8:a3:1c:20:3f:f0:b7:85:0d:f2:d2:cc:a0:2b:dc:
35:af:7c:7c:e8:7c:34:03:e0:47:d5:a0:aa:40:b7:
0f:e6:ea:3c:3b:95:ec:8d:43:7e:c2:42:f1:aa:3a:
be:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:D7:50:A9:88:9D:D6:95:1A:BF:D3:02:89:40:C4:0D:4D:1B:4D:A5
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/QddQqYid1pUav9MCiUDEDU0bTaU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.239.192.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:d4:7b:e4:9b:48:16:dd:a4:ef:2b:68:1b:51:31:f1:98:26:
cc:bc:9c:da:0e:a5:ea:d7:c8:38:77:53:a8:73:ac:bd:93:48:
7a:74:45:60:33:66:45:a3:8b:25:50:86:55:dd:00:e0:c4:ae:
19:b5:f9:40:64:2d:fe:3f:b1:2f:2d:c7:2f:fc:13:55:bd:1a:
1f:29:6c:d4:cc:c2:45:80:26:af:8d:b9:fa:8a:e4:0f:7d:32:
12:73:65:93:0a:f6:d9:8c:93:81:2f:df:79:57:da:24:df:35:
84:c9:23:bb:a3:15:85:12:29:4a:f4:06:ca:48:ab:c5:12:6e:
a9:01:4e:b8:91:00:29:5a:e3:8e:ad:6f:06:c4:3e:7f:30:67:
b6:d8:93:f6:8c:b9:59:ff:83:c2:e7:22:fe:f0:51:a9:bf:58:
10:e2:8f:ad:62:04:a4:70:39:c4:c7:16:4c:c4:17:94:4b:5b:
7c:99:7b:eb:8c:ff:89:81:fa:7f:8f:99:35:13:c7:06:fa:6d:
d3:e0:8d:b2:b0:1d:5c:03:e2:31:4f:b7:66:2c:6c:6b:0a:79:
a4:5e:33:bf:4a:5a:7c:5a:7a:8c:23:7f:65:cb:24:74:eb:c2:
d5:26:41:6a:c5:08:b2:2d:a5:86:7d:4c:ae:e4:18:be:c6:5e:
1d:e5:64:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYa4Pq2q1BLWTY+xx6fkY0H3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA2MTg0NjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ3NTBhOTg4OWRkNjk1MWFiZmQzMDI4OTQwYzQwZDRkMWI0ZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArn9e77TGV2eqMR5cx/tIi5ag1n7P
yYMu4qAvT1dgewGJtv2+dx8PQfydjJzAUjFjsBe/gKtkoUubEdnnckFBD0jPoUh9
bkQs+b2kxdxGaRnIWQjwwqhv0/gIic+B4Uz0vqLTPfJ2RSvCXmPePzaZy+ODEs5k
fRwsBje3X2NYFFmT2UlIyHOqc9JvHzsjo9qM7ZT2vvJ9SO0baqIOmZMYva/MkXkP
nnzgAG2tcSZxQsBLkExN90AtDg8DhuxpB5DmVQlAh6HOMnGZoAmwutFidg+4oxwg
P/C3hQ3y0sygK9w1r3x86Hw0A+BH1aCqQLcP5uo8O5XsjUN+wkLxqjq+CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHXUKmIndaVGr/TAolAxA1NG02lMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUWRkUXFZaWQxcFVhdjlNQ2lVREVEVTBiVGFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu/AMA0G
CSqGSIb3DQEBCwUAA4IBAQBb1Hvkm0gW3aTvK2gbUTHxmCbMvJzaDqXq18g4d1Oo
c6y9k0h6dEVgM2ZFo4slUIZV3QDgxK4ZtflAZC3+P7EvLccv/BNVvRofKWzUzMJF
gCavjbn6iuQPfTISc2WTCvbZjJOBL995V9ok3zWEySO7oxWFEilK9AbKSKvFEm6p
AU64kQApWuOOrW8GxD5/MGe22JP2jLlZ/4PC5yL+8FGpv1gQ4o+tYgSkcDnExxZM
xBeUS1t8mXvrjP+Jgfp/j5k1E8cG+m3T4I2ysB1cA+IxT7dmLGxrCnmkXjO/Slp8
WnqMI39lyyR068LVJkFqxQiyLaWGfUyu5Bi+xl4d5WRe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org