Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/csi7mne6_EB6w8UI8ToCLNbnPLY.roa
File: csi7mne6_EB6w8UI8ToCLNbnPLY.roa (raw, json)
Hash identifier: bhnTva/Wwv+GyXdjdpbXdZIHs9EdM2H2Iijth61yruA=
Subject key identifier: 72:C8:BB:9A:77:BA:FC:40:7A:C3:C5:08:F1:3A:02:2C:D6:E7:3C:B6
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188D7237176833147A53C85171CE6640FC4
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/csi7mne6_EB6w8UI8ToCLNbnPLY.roa
Signing time: Tue 20 Jun 2023 04:50:04 +0000
ROA not before: Tue 20 Jun 2023 04:50:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.121.229.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:d7:23:71:76:83:31:47:a5:3c:85:17:1c:e6:64:0f:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 20 04:50:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=72c8bb9a77bafc407ac3c508f13a022cd6e73cb6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:b2:5b:87:3c:c7:40:86:ea:1c:08:6d:92:24:
58:fd:11:18:ee:67:ca:34:6d:fe:a0:22:32:ec:5f:
0b:fc:e7:c2:ae:b6:d9:71:10:94:b3:7e:86:d7:14:
c3:a5:ea:1e:e7:e2:b9:73:af:33:c2:67:15:a5:cc:
f7:3d:e8:72:f4:f4:57:34:ae:10:cf:c1:3a:d8:ad:
2f:31:b4:33:15:6c:53:f8:d1:2e:3d:99:21:6a:aa:
5c:5b:0b:7b:06:84:b3:50:8a:cf:cb:da:d1:95:e6:
44:2a:4a:d0:6c:d7:38:bf:15:b3:47:51:82:09:aa:
7c:ec:5e:40:18:b4:41:04:42:9e:16:7f:d2:68:02:
09:44:43:8e:7a:1a:ba:f2:36:ac:1c:5c:dd:f2:42:
2e:ca:66:79:1b:0a:91:41:b1:09:6b:1b:a4:07:af:
44:dc:1b:33:52:5f:ea:57:27:39:84:fe:4c:66:58:
f1:25:ab:7d:d3:f8:b6:4b:d0:1c:98:9f:ba:eb:c9:
31:4e:73:5c:63:ef:5c:4d:de:d4:3b:2c:e0:13:9b:
ee:68:5a:ec:ac:e2:5e:3e:be:b6:37:f7:71:a8:a6:
5e:d1:db:e8:aa:07:8a:69:b3:41:c6:1b:f0:37:fb:
91:74:0f:46:95:e2:63:57:4d:1b:bd:3c:ae:65:c7:
28:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:C8:BB:9A:77:BA:FC:40:7A:C3:C5:08:F1:3A:02:2C:D6:E7:3C:B6
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/csi7mne6_EB6w8UI8ToCLNbnPLY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.103.74.0/24
185.121.229.0/24
194.4.158.0/24
213.32.248.0/24
Signature Algorithm: sha256WithRSAEncryption
88:95:63:2c:b6:f7:87:57:2d:76:e4:d5:61:fc:34:97:8c:ac:
97:f9:8f:78:a8:7a:f8:71:20:a2:8b:b8:7c:65:82:f5:3c:00:
2c:f3:54:cf:57:0b:96:68:e4:73:7a:b8:71:05:6a:b5:ad:1e:
8f:90:4e:ad:82:14:8e:5a:e3:2b:b2:87:6c:fd:8b:64:9d:40:
59:2c:40:15:b0:98:de:d3:ca:b7:c3:d5:d4:fb:62:9e:88:d3:
92:4f:ae:5c:e1:38:67:84:f5:7b:13:fa:b1:4f:f2:c7:f3:70:
2d:58:0b:21:6a:f7:51:86:d3:43:be:0b:f3:f0:60:79:4c:0e:
1f:b3:35:f2:3d:04:c4:db:a2:82:13:c4:54:86:3f:4b:0d:c0:
62:5c:a8:9e:89:6f:18:c2:2b:c7:20:35:a3:90:ec:de:42:72:
46:ae:a4:42:37:9a:fe:e7:79:38:fd:c6:38:0e:de:97:c2:08:
35:35:ae:c6:f2:ed:3e:95:43:f7:16:d2:27:f4:1e:2b:cf:a7:
94:6b:49:9f:e8:6d:7c:d6:49:a4:04:29:20:64:c5:bd:0b:1e:
11:70:e7:7a:43:a6:bc:96:9e:0a:41:f6:1f:24:10:f9:5d:71:
16:0b:2e:43:f5:15:9c:90:72:75:54:10:66:d2:9a:dd:7f:a1:
1a:0a:9b:67
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYjXI3F2gzFHpTyFFxzmZA/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjIwMDQ1MDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmM4YmI5YTc3YmFmYzQwN2FjM2M1MDhmMTNhMDIyY2Q2ZTczY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirJbhzzHQIbqHAhtkiRY/REY7mfK
NG3+oCIy7F8L/OfCrrbZcRCUs36G1xTDpeoe5+K5c68zwmcVpcz3Pehy9PRXNK4Q
z8E62K0vMbQzFWxT+NEuPZkhaqpcWwt7BoSzUIrPy9rRleZEKkrQbNc4vxWzR1GC
Cap87F5AGLRBBEKeFn/SaAIJREOOehq68jasHFzd8kIuymZ5GwqRQbEJaxukB69E
3BszUl/qVyc5hP5MZljxJat90/i2S9AcmJ+668kxTnNcY+9cTd7UOyzgE5vuaFrs
rOJePr62N/dxqKZe0dvoqgeKabNBxhvwN/uRdA9GleJjV00bvTyuZccoHQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHLIu5p3uvxAesPFCPE6AizW5zy2MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvY3NpN21uZTZfRUI2dzhVSThUb0NMTmJuUExZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAuWdKAwQA
uXnlAwQAwgSeAwQA1SD4MA0GCSqGSIb3DQEBCwUAA4IBAQCIlWMstveHVy125NVh
/DSXjKyX+Y94qHr4cSCii7h8ZYL1PAAs81TPVwuWaORzerhxBWq1rR6PkE6tghSO
WuMrsods/YtknUBZLEAVsJje08q3w9XU+2KeiNOST65c4ThnhPV7E/qxT/LH83At
WAshavdRhtNDvgvz8GB5TA4fszXyPQTE26KCE8RUhj9LDcBiXKieiW8YwivHIDWj
kOzeQnJGrqRCN5r+53k4/cY4Dt6Xwgg1Na7G8u0+lUP3FtIn9B4rz6eUa0mf6G18
1kmkBCkgZMW9Cx4RcOd6Q6a8lp4KQfYfJBD5XXEWCy5D9RWckHJ1VBBm0prdf6Ea
Cptn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org