Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ajg6hQoz_kn4nGTJz2a8FPurl1M.roa
File: ajg6hQoz_kn4nGTJz2a8FPurl1M.roa (raw, json)
Hash identifier: Peu8J3yFk2uU116rWT8vwb+6r9DjJuGzM2MeU2ByDH4=
Subject key identifier: 6A:38:3A:85:0A:33:FE:49:F8:9C:64:C9:CF:66:BC:14:FB:AB:97:53
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018755C00E1AD80A6F8EF720A76B053E39A9
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ajg6hQoz_kn4nGTJz2a8FPurl1M.roa
Signing time: Thu 06 Apr 2023 08:47:42 +0000
ROA not before: Thu 06 Apr 2023 08:47:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 174
IP address blocks: 78.142.242.0/24 maxlen: 24
192.166.208.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:55:c0:0e:1a:d8:0a:6f:8e:f7:20:a7:6b:05:3e:39:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 6 08:47:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6a383a850a33fe49f89c64c9cf66bc14fbab9753
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:02:fe:b8:0c:6f:99:7a:7a:b2:38:44:4e:a5:
02:54:77:20:12:59:dc:0a:21:51:c9:46:c6:22:15:
e9:96:2b:de:28:06:cb:f4:3b:e6:1a:29:6d:66:a0:
6f:75:f2:d7:fa:e6:31:1e:51:0c:50:ee:0c:6b:22:
e1:a6:99:b5:1b:6f:e1:30:c5:d4:7f:f8:b7:22:47:
6c:1e:97:69:12:09:3c:80:2c:86:98:99:42:1b:b6:
bf:26:27:d9:20:6f:77:6e:70:ae:97:18:d2:32:d4:
13:a8:5e:36:fc:01:c2:b0:07:7e:02:d1:44:bc:a5:
a5:ff:09:fa:2c:71:b6:0e:d4:4f:51:2e:44:c7:72:
c9:f9:d2:c7:fc:04:75:67:ef:14:0b:c9:12:07:79:
ed:2e:c1:8a:31:3c:2a:4c:7e:01:e7:8c:52:96:c9:
2a:5e:0f:ba:53:b3:3e:83:a6:1e:e1:df:8c:bc:92:
e6:88:31:87:45:b9:58:a3:4a:5e:84:bb:20:2e:99:
c2:ca:e4:66:ef:88:09:b2:c9:cb:85:5e:9d:3f:35:
ba:b4:c2:23:ee:d3:33:f3:6c:ae:e2:be:26:c9:93:
fd:05:d6:d6:07:46:2f:53:9d:ce:56:d6:df:d1:41:
05:b4:57:ba:3b:c3:5f:3d:e1:ae:99:9d:ac:9d:47:
ae:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:38:3A:85:0A:33:FE:49:F8:9C:64:C9:CF:66:BC:14:FB:AB:97:53
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ajg6hQoz_kn4nGTJz2a8FPurl1M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/24
192.166.208.0/22
Signature Algorithm: sha256WithRSAEncryption
56:68:a3:c2:b6:fc:59:17:ed:87:48:10:a6:0f:1d:2a:19:38:
94:1d:a5:2a:7a:5d:ea:d7:ab:7d:c1:00:09:e0:80:7b:de:45:
9d:8b:d2:5d:ab:5a:16:80:83:0c:f0:f8:57:c9:2a:e0:0a:9d:
02:0c:44:3b:ba:ab:b6:40:2b:83:5b:ba:4e:7e:67:48:34:42:
69:26:00:ec:d4:00:fa:63:c9:07:07:af:a8:bd:63:4c:04:99:
35:9f:97:12:a9:51:e0:98:6a:cc:b6:9b:6f:ba:17:dd:bf:64:
fd:cd:8f:ed:7f:d7:72:9c:c5:7a:e9:f7:f3:38:35:d4:5f:a7:
6e:69:46:34:74:0f:51:4c:8c:b2:35:db:41:c2:07:03:72:4b:
10:f1:c0:60:0c:3c:6f:a1:b5:8b:b5:96:b3:91:5a:d9:2e:13:
f9:79:73:c3:df:8e:02:67:00:b3:e3:44:9d:6f:be:a2:00:ad:
59:7d:1a:02:45:ce:e3:24:8b:8f:1d:ea:9e:1d:95:29:14:8e:
5d:ff:f6:cc:c8:0f:fe:56:65:92:cb:7b:21:85:32:d6:d2:26:
88:e7:a6:20:3c:f3:16:aa:a1:ed:f1:73:12:a3:b4:ec:e5:f5:
e9:8b:e3:f1:c2:f3:04:2d:9f:ee:07:43:40:11:2b:aa:1f:20:
39:57:4c:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYdVwA4a2Apvjvcgp2sFPjmpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA2MDg0NzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTM4M2E4NTBhMzNmZTQ5Zjg5YzY0YzljZjY2YmMxNGZiYWI5NzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQL+uAxvmXp6sjhETqUCVHcgElnc
CiFRyUbGIhXpliveKAbL9DvmGiltZqBvdfLX+uYxHlEMUO4MayLhppm1G2/hMMXU
f/i3IkdsHpdpEgk8gCyGmJlCG7a/JifZIG93bnCulxjSMtQTqF42/AHCsAd+AtFE
vKWl/wn6LHG2DtRPUS5Ex3LJ+dLH/AR1Z+8UC8kSB3ntLsGKMTwqTH4B54xSlskq
Xg+6U7M+g6Ye4d+MvJLmiDGHRblYo0pehLsgLpnCyuRm74gJssnLhV6dPzW6tMIj
7tMz82yu4r4myZP9BdbWB0YvU53OVtbf0UEFtFe6O8NfPeGumZ2snUeuVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGo4OoUKM/5J+Jxkyc9mvBT7q5dTMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYWpnNmhRb3pfa240bkdUSnoyYThGUHVybDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATo7yAwQC
wKbQMA0GCSqGSIb3DQEBCwUAA4IBAQBWaKPCtvxZF+2HSBCmDx0qGTiUHaUqel3q
16t9wQAJ4IB73kWdi9Jdq1oWgIMM8PhXySrgCp0CDEQ7uqu2QCuDW7pOfmdINEJp
JgDs1AD6Y8kHB6+ovWNMBJk1n5cSqVHgmGrMtptvuhfdv2T9zY/tf9dynMV66ffz
ODXUX6duaUY0dA9RTIyyNdtBwgcDcksQ8cBgDDxvobWLtZazkVrZLhP5eXPD344C
ZwCz40Sdb76iAK1ZfRoCRc7jJIuPHeqeHZUpFI5d//bMyA/+VmWSy3shhTLW0iaI
56YgPPMWqqHt8XMSo7Ts5fXpi+PxwvMELZ/uB0NAESuqHyA5V0wy
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:02 2023 by rpki-client on console-fra.rpki-client.org