Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/UEj3IJA55m9G20hFo2cqiDifxII.roa
File: UEj3IJA55m9G20hFo2cqiDifxII.roa (raw, json)
Hash identifier: quJ+h7jv2feiP6k1CFAkWDOfhcjXtDeubhPVb0f0bnE=
Subject key identifier: 50:48:F7:20:90:39:E6:6F:46:DB:48:45:A3:67:2A:88:38:9F:C4:82
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018635F8E1534B3D1FF90B2F636BF019CCBA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/UEj3IJA55m9G20hFo2cqiDifxII.roa
Signing time: Thu 09 Feb 2023 11:39:08 +0000
ROA not before: Thu 09 Feb 2023 11:39:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 178.239.202.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
62.197.133.0/24 maxlen: 24
89.38.101.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:35:f8:e1:53:4b:3d:1f:f9:0b:2f:63:6b:f0:19:cc:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 9 11:39:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5048f7209039e66f46db4845a3672a88389fc482
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:49:45:1e:24:0f:d2:c4:b1:ae:97:b9:7d:a7:
7e:e3:23:bd:ed:df:26:35:c2:53:0e:7d:08:49:03:
14:72:e5:8e:7d:c0:e3:da:9f:c0:e8:65:71:63:15:
75:eb:d6:92:db:10:ed:c8:7a:59:0c:5c:e7:e4:f5:
71:81:ef:ae:35:48:af:4d:44:d0:8f:71:14:32:a7:
93:59:72:7c:29:37:78:5a:66:94:6e:7a:b4:f1:9d:
60:d9:9e:4e:18:a9:15:33:73:5c:88:a9:3e:1c:25:
10:5c:79:4d:2b:e2:51:20:e4:5b:b0:af:1c:2b:b4:
26:b8:45:b1:4f:33:82:cb:98:35:90:ff:b8:9b:0b:
5b:48:1b:3a:95:5f:9e:25:51:94:fd:6d:d3:22:13:
7a:c7:79:e6:f0:de:e7:42:60:23:1d:59:ff:2f:fe:
a8:5d:ce:84:45:cb:73:2a:8a:f8:c8:31:b7:49:1a:
ac:d0:b2:72:ab:48:a6:48:7b:67:90:0b:1d:5a:fc:
52:63:b4:30:85:bf:cb:60:af:dd:48:4e:e7:96:54:
8a:0e:81:f7:6e:9a:0e:d2:a2:c5:ce:95:4a:81:03:
88:b7:0c:05:c1:8f:3a:42:76:07:37:55:c9:79:b3:
16:7f:31:ae:e6:50:79:a7:cb:76:4e:a4:d3:72:77:
4a:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:48:F7:20:90:39:E6:6F:46:DB:48:45:A3:67:2A:88:38:9F:C4:82
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/UEj3IJA55m9G20hFo2cqiDifxII.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.197.133.0/24
77.75.60.0/24
89.38.101.0/24
178.239.202.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
30:b9:bf:39:98:f1:ec:49:6b:51:22:9a:95:02:99:4c:75:2c:
a7:8a:3b:3a:bd:b7:b0:3d:87:11:cc:d6:c1:d4:19:f6:97:28:
31:62:9f:60:8b:f4:74:d1:20:28:d3:55:a5:7f:57:c9:11:d0:
ed:b3:95:b5:ea:62:de:dc:d1:9e:bd:ab:cb:11:d3:59:75:51:
b9:e4:db:61:43:d7:50:1b:34:34:b4:94:87:52:97:d6:ce:3d:
ae:c7:97:ef:c3:55:9f:29:7a:25:28:d5:fb:0f:2b:57:46:ba:
0a:a9:0c:5c:e5:f2:70:84:4c:48:c6:77:e1:27:84:28:4a:4a:
86:1c:bd:91:68:d5:2a:fe:00:92:bc:bc:94:4c:a1:3b:ea:3d:
c5:20:90:a8:a6:c9:f4:6b:9b:f3:fd:d0:70:2e:6f:af:0a:af:
63:5e:5a:27:0d:8e:97:87:21:9e:24:84:d8:9d:40:6f:54:05:
9c:36:52:8e:c1:4d:2e:5e:99:8d:62:49:b5:4d:1d:88:90:68:
fa:56:5c:17:ae:c5:c2:d9:d2:da:6b:49:7d:e2:a3:1c:52:1f:
29:0a:ff:40:32:29:14:47:dc:98:cd:58:f5:cd:2f:91:ab:06:
18:e3:4a:40:c5:87:1a:7a:59:be:3e:26:f1:26:be:f8:64:c0:
61:d9:27:19
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYY1+OFTSz0f+QsvY2vwGcy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjA5MTEzOTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDQ4ZjcyMDkwMzllNjZmNDZkYjQ4NDVhMzY3MmE4ODM4OWZjNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0lFHiQP0sSxrpe5fad+4yO97d8m
NcJTDn0ISQMUcuWOfcDj2p/A6GVxYxV169aS2xDtyHpZDFzn5PVxge+uNUivTUTQ
j3EUMqeTWXJ8KTd4WmaUbnq08Z1g2Z5OGKkVM3NciKk+HCUQXHlNK+JRIORbsK8c
K7QmuEWxTzOCy5g1kP+4mwtbSBs6lV+eJVGU/W3TIhN6x3nm8N7nQmAjHVn/L/6o
Xc6ERctzKor4yDG3SRqs0LJyq0imSHtnkAsdWvxSY7Qwhb/LYK/dSE7nllSKDoH3
bpoO0qLFzpVKgQOItwwFwY86QnYHN1XJebMWfzGu5lB5p8t2TqTTcndKRwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFBI9yCQOeZvRttIRaNnKog4n8SCMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVUVqM0lKQTU1bTlHMjBoRm8yY3FpRGlmeElJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAPsWFAwQA
TUs8AwQAWSZlAwQAsu/KAwQAwgSdAwQAywAIMA0GCSqGSIb3DQEBCwUAA4IBAQAw
ub85mPHsSWtRIpqVAplMdSynijs6vbewPYcRzNbB1Bn2lygxYp9gi/R00SAo01Wl
f1fJEdDts5W16mLe3NGevavLEdNZdVG55NthQ9dQGzQ0tJSHUpfWzj2ux5fvw1Wf
KXolKNX7DytXRroKqQxc5fJwhExIxnfhJ4QoSkqGHL2RaNUq/gCSvLyUTKE76j3F
IJCopsn0a5vz/dBwLm+vCq9jXlonDY6XhyGeJITYnUBvVAWcNlKOwU0uXpmNYkm1
TR2IkGj6VlwXrsXC2dLaa0l94qMcUh8pCv9AMikUR9yYzVj1zS+RqwYY40pAxYca
elm+PibxJr74ZMBh2ScZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org