Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/b_SNO0pVYqy4jGhgPiRFudGIHJU.roa
File: b_SNO0pVYqy4jGhgPiRFudGIHJU.roa (raw, json)
Hash identifier: cJ/+p1776PHU3eyI+ff7LY40xBr2/fjIhOHaRLtYW7s=
Subject key identifier: 6F:F4:8D:3B:4A:55:62:AC:B8:8C:68:60:3E:24:45:B9:D1:88:1C:95
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01873DECFF1028D364A405512CDEFC14F236
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/b_SNO0pVYqy4jGhgPiRFudGIHJU.roa
Signing time: Sat 01 Apr 2023 17:45:54 +0000
ROA not before: Sat 01 Apr 2023 17:45:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.9.55.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:3d:ec:ff:10:28:d3:64:a4:05:51:2c:de:fc:14:f2:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 1 17:45:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6ff48d3b4a5562acb88c68603e2445b9d1881c95
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:4b:d4:20:e8:ff:7f:bb:70:ee:3b:46:6f:c5:
c4:7d:1e:35:5c:28:95:97:da:8a:01:b0:f7:8a:02:
af:72:a8:14:6d:1a:f4:cc:b1:62:f1:29:81:bc:86:
c6:95:df:ae:c1:a4:71:48:d3:6e:04:8e:e4:6a:09:
4a:9a:e1:ec:7d:a6:62:5b:65:3f:33:65:3a:43:79:
ba:42:03:d0:b0:7f:b4:66:0f:d4:f3:97:34:f4:4d:
56:28:94:9d:59:7b:12:07:1c:18:62:75:af:5f:17:
5f:77:68:3e:63:22:3f:b7:a8:9f:f3:e0:34:0f:4a:
c1:6f:a3:e4:5e:0b:42:f5:80:9a:9d:68:25:c5:b3:
4e:cb:9b:0d:eb:b2:7f:fb:3d:bf:64:23:f0:82:33:
69:ce:6d:f2:79:1e:ad:30:c5:a3:f6:e6:a1:82:3c:
77:7c:58:d0:d9:66:21:d8:a1:f9:d9:bb:a4:fc:a8:
0a:27:12:f1:eb:25:c3:34:a3:53:2e:cc:a2:94:6e:
f4:90:d7:50:3f:48:10:95:6c:43:3d:15:a3:2c:9d:
6e:0e:5e:d1:3c:cf:d6:31:ec:f7:4b:f1:d1:f9:6c:
45:1a:cb:c8:44:a8:e7:fd:1f:ee:16:4d:fd:1e:31:
63:87:b5:6b:ee:64:a7:24:83:26:ce:46:77:57:2f:
b7:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:F4:8D:3B:4A:55:62:AC:B8:8C:68:60:3E:24:45:B9:D1:88:1C:95
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/b_SNO0pVYqy4jGhgPiRFudGIHJU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.9.55.0/24
194.4.157.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:99:6a:bd:b8:cf:f1:63:d5:53:16:0b:6d:b7:ec:41:99:80:
34:06:ea:65:87:cb:6c:46:8d:92:d9:4d:17:4c:58:89:54:da:
c3:a3:d5:4a:4d:aa:12:0d:7e:85:ec:b3:18:6a:98:30:06:14:
f2:aa:86:d1:03:28:fc:81:c4:8d:25:6c:cd:cd:b1:fc:90:9f:
2b:cf:bb:07:6f:ad:e3:38:52:03:5a:3b:7e:52:69:6d:00:62:
cb:6a:b2:df:66:69:d1:c6:19:96:0d:9c:fa:6c:00:0e:58:2b:
a2:2c:a6:08:00:fb:ee:d1:93:6a:98:0f:19:e4:32:0c:a4:2b:
39:84:71:d5:3b:64:e2:51:25:e2:20:30:8c:05:54:30:f2:cc:
76:aa:ca:a2:0c:ea:03:b5:36:ea:24:29:8f:3c:a3:60:0f:be:
a7:7f:6e:74:d3:80:ef:3e:dd:02:58:de:33:9f:ab:ec:47:63:
c9:8d:f6:69:41:35:b1:35:2d:7a:dc:55:12:fc:e6:0a:47:ac:
8b:93:e8:45:8e:22:c8:79:77:87:59:76:7d:e3:7e:dc:aa:a5:
31:eb:55:fb:cb:53:d0:a3:57:d7:eb:5b:8b:4f:ff:16:5b:08:
20:9d:9a:a5:43:6b:80:82:a0:8c:73:56:5b:54:35:ee:fd:76:
15:ca:d9:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYc97P8QKNNkpAVRLN78FPI2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDAxMTc0NTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmY0OGQzYjRhNTU2MmFjYjg4YzY4NjAzZTI0NDViOWQxODgxYzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokvUIOj/f7tw7jtGb8XEfR41XCiV
l9qKAbD3igKvcqgUbRr0zLFi8SmBvIbGld+uwaRxSNNuBI7kaglKmuHsfaZiW2U/
M2U6Q3m6QgPQsH+0Zg/U85c09E1WKJSdWXsSBxwYYnWvXxdfd2g+YyI/t6if8+A0
D0rBb6PkXgtC9YCanWglxbNOy5sN67J/+z2/ZCPwgjNpzm3yeR6tMMWj9uahgjx3
fFjQ2WYh2KH52buk/KgKJxLx6yXDNKNTLsyilG70kNdQP0gQlWxDPRWjLJ1uDl7R
PM/WMez3S/HR+WxFGsvIRKjn/R/uFk39HjFjh7Vr7mSnJIMmzkZ3Vy+3mQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG/0jTtKVWKsuIxoYD4kRbnRiByVMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYl9TTk8wcFZZcXk0akdoZ1BpUkZ1ZEdJSEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuQk3AwQA
wgSdMA0GCSqGSIb3DQEBCwUAA4IBAQBemWq9uM/xY9VTFgttt+xBmYA0Buplh8ts
Ro2S2U0XTFiJVNrDo9VKTaoSDX6F7LMYapgwBhTyqobRAyj8gcSNJWzNzbH8kJ8r
z7sHb63jOFIDWjt+UmltAGLLarLfZmnRxhmWDZz6bAAOWCuiLKYIAPvu0ZNqmA8Z
5DIMpCs5hHHVO2TiUSXiIDCMBVQw8sx2qsqiDOoDtTbqJCmPPKNgD76nf25004Dv
Pt0CWN4zn6vsR2PJjfZpQTWxNS163FUS/OYKR6yLk+hFjiLIeXeHWXZ9437cqqUx
61X7y1PQo1fX61uLT/8WWwggnZqlQ2uAgqCMc1ZbVDXu/XYVytkT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org