Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/S0MNp_io64htHiPSCEZj-F7xEVk.roa
File: S0MNp_io64htHiPSCEZj-F7xEVk.roa (raw, json)
Hash identifier: bNrVO7tGsBuxXK4zCf9+fHkqoVcUuUKFn+gUuctB85c=
Subject key identifier: 4B:43:0D:A7:F8:A8:EB:88:6D:1E:23:D2:08:46:63:F8:5E:F1:11:59
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186A6A3103FD97AEAAE4664644F24CB1297
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/S0MNp_io64htHiPSCEZj-F7xEVk.roa
Signing time: Fri 03 Mar 2023 08:42:29 +0000
ROA not before: Fri 03 Mar 2023 08:42:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 178.239.201.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
103.212.81.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a6:a3:10:3f:d9:7a:ea:ae:46:64:64:4f:24:cb:12:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 3 08:42:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4b430da7f8a8eb886d1e23d2084663f85ef11159
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:4c:39:f0:f7:1c:72:d4:62:62:67:a2:33:76:
fc:11:97:1f:ef:68:d4:7d:73:f1:26:de:fa:ff:07:
65:db:e9:70:be:a7:2c:14:2e:4f:29:67:ac:2f:d7:
e8:9d:ee:b1:ff:95:c5:68:25:71:07:b0:70:53:03:
87:00:8b:f4:1d:b5:28:89:0d:ed:09:4e:9f:e1:d7:
8a:f0:d3:43:2a:23:95:ba:19:d3:3c:02:51:ea:af:
f5:ff:05:33:d6:4b:0d:f8:e8:5a:37:4f:0e:71:13:
a2:d1:82:b7:85:d0:1b:a5:4d:a2:69:6c:11:34:43:
61:58:15:3e:7b:cb:02:26:91:a2:22:54:88:a9:93:
53:2f:6a:40:2c:dc:18:39:dd:2c:91:e2:41:d3:b2:
ae:2a:ef:79:ac:7d:72:47:a7:86:f7:45:06:4b:e3:
37:a5:9f:16:e6:6a:1e:69:29:27:cc:d6:9e:61:be:
21:79:ed:d4:02:4b:93:da:e0:24:e2:77:f4:b9:fb:
a2:c1:0e:52:95:d3:a1:72:0b:e9:94:e8:cd:6b:81:
00:70:71:7e:6c:4d:e6:ec:7a:34:33:04:14:cc:f9:
25:9f:0e:36:70:33:59:4f:20:89:17:28:71:a1:9d:
84:93:d8:18:9b:f1:ee:b9:ab:f1:43:a5:9e:46:dd:
8c:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:43:0D:A7:F8:A8:EB:88:6D:1E:23:D2:08:46:63:F8:5E:F1:11:59
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/S0MNp_io64htHiPSCEZj-F7xEVk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.212.81.0/24
178.239.201.0/24
193.42.54.0/23
Signature Algorithm: sha256WithRSAEncryption
6e:f4:0f:38:fb:31:6b:2f:f9:30:df:2c:f3:b5:ad:74:ad:2d:
69:47:23:5c:5d:04:1d:b5:c6:f7:57:69:d5:f9:31:7e:b6:be:
e7:ed:b2:1f:f9:01:16:e4:0c:33:2e:c0:00:e2:a0:bb:ad:38:
bc:88:4e:08:7c:77:cc:41:d8:41:5b:84:74:eb:84:0d:be:0b:
b7:97:93:cb:d3:d9:26:c2:ba:dd:31:26:36:4b:d3:57:c2:91:
ab:25:78:31:c6:20:f8:d2:78:b6:15:ae:23:43:af:7c:13:05:
ee:ae:e0:bd:23:3f:6b:3b:98:df:de:45:35:4b:bc:d6:e5:52:
46:48:bd:77:c6:03:36:19:43:e6:25:92:9f:63:a4:af:18:48:
1c:88:7c:ef:1b:79:4f:8f:dd:dc:a0:07:ea:45:06:a6:ff:64:
b6:9a:29:7b:ca:e8:5e:1d:58:bf:47:70:7f:4f:34:ea:62:8f:
5f:24:b3:f2:1a:a2:2d:b1:86:99:07:18:9c:80:1d:fd:cd:a2:
ca:32:58:1b:5c:03:5b:cd:66:43:55:03:58:e4:7e:e9:38:a1:
c7:8d:49:d4:60:3d:eb:c3:7f:41:89:ac:e8:51:33:2d:6f:a6:
d3:49:06:4d:59:de:81:55:18:aa:14:1c:43:e0:14:0c:44:3c:
f4:14:ef:05
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYamoxA/2XrqrkZkZE8kyxKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzAzMDg0MjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQzMGRhN2Y4YThlYjg4NmQxZTIzZDIwODQ2NjNmODVlZjExMTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkw58PccctRiYmeiM3b8EZcf72jU
fXPxJt76/wdl2+lwvqcsFC5PKWesL9fone6x/5XFaCVxB7BwUwOHAIv0HbUoiQ3t
CU6f4deK8NNDKiOVuhnTPAJR6q/1/wUz1ksN+OhaN08OcROi0YK3hdAbpU2iaWwR
NENhWBU+e8sCJpGiIlSIqZNTL2pALNwYOd0skeJB07KuKu95rH1yR6eG90UGS+M3
pZ8W5moeaSknzNaeYb4hee3UAkuT2uAk4nf0ufuiwQ5SldOhcgvplOjNa4EAcHF+
bE3m7Ho0MwQUzPklnw42cDNZTyCJFyhxoZ2Ek9gYm/HuuavxQ6WeRt2MawIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEtDDaf4qOuIbR4j0ghGY/he8RFZMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUzBNTnBfaW82NGh0SGlQU0NFWmotRjd4RVZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAZ9RRAwQA
su/JAwQBwSo2MA0GCSqGSIb3DQEBCwUAA4IBAQBu9A84+zFrL/kw3yzzta10rS1p
RyNcXQQdtcb3V2nV+TF+tr7n7bIf+QEW5AwzLsAA4qC7rTi8iE4IfHfMQdhBW4R0
64QNvgu3l5PL09kmwrrdMSY2S9NXwpGrJXgxxiD40ni2Fa4jQ698EwXuruC9Iz9r
O5jf3kU1S7zW5VJGSL13xgM2GUPmJZKfY6SvGEgciHzvG3lPj93coAfqRQam/2S2
mil7yuheHVi/R3B/TzTqYo9fJLPyGqItsYaZBxicgB39zaLKMlgbXANbzWZDVQNY
5H7pOKHHjUnUYD3rw39BiazoUTMtb6bTSQZNWd6BVRiqFBxD4BQMRDz0FO8F
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org