Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dtCK0gPqTfJ3gb9lFDjrL0u6fbA.roa
File: dtCK0gPqTfJ3gb9lFDjrL0u6fbA.roa (raw, json)
Hash identifier: WyksPo15iKiLrSj1rdBDIm+snmG1GGT3SpX1I5HMiEw=
Subject key identifier: 76:D0:8A:D2:03:EA:4D:F2:77:81:BF:65:14:38:EB:2F:4B:BA:7D:B0
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186B8032D850E7D3EE52788971744214662
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dtCK0gPqTfJ3gb9lFDjrL0u6fbA.roa
Signing time: Mon 06 Mar 2023 17:41:01 +0000
ROA not before: Mon 06 Mar 2023 17:41:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200010
IP address blocks: 185.236.62.0/24 maxlen: 24
178.239.195.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b8:03:2d:85:0e:7d:3e:e5:27:88:97:17:44:21:46:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 6 17:41:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=76d08ad203ea4df27781bf651438eb2f4bba7db0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:83:60:85:09:71:49:26:9d:30:e3:cc:31:10:
a4:68:6c:7a:e3:48:df:c4:2f:b7:f1:12:54:79:af:
59:62:ea:52:44:59:d2:83:57:d4:2e:81:ed:5c:6b:
f1:3f:93:32:a7:58:51:5b:72:61:4f:0a:89:78:bd:
ee:8e:bd:f1:24:ee:38:ed:1c:0e:fc:2f:fb:f0:37:
c5:0b:27:d2:f5:21:0a:8b:13:e1:b2:b3:d4:13:d7:
e7:5e:37:de:28:2e:f5:01:43:c3:ca:fb:9b:52:79:
b6:13:8e:11:fc:1c:77:4b:51:c5:66:c4:16:7c:5f:
cb:8c:78:d0:5e:42:cd:f1:e5:ac:4b:6c:52:ef:94:
4c:52:e2:4f:16:c2:fd:21:74:bb:44:b5:c8:09:87:
3d:f5:0e:dc:c3:17:1b:b3:3f:a6:f4:a1:7d:ee:ec:
a4:ec:22:ba:03:c7:11:58:10:a8:6f:e8:75:da:87:
b3:db:6c:18:92:4c:1c:bb:42:3a:2c:ca:32:17:09:
2b:c8:ec:60:bf:99:c5:34:6a:b6:42:21:28:e4:53:
c4:a7:c4:f6:e7:03:a9:c7:98:28:70:1b:94:77:7b:
24:f0:f2:9b:1a:96:e1:85:39:f5:68:01:5c:a1:03:
ae:2b:d4:77:3e:e3:c2:54:74:58:43:50:5a:af:03:
15:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:D0:8A:D2:03:EA:4D:F2:77:81:BF:65:14:38:EB:2F:4B:BA:7D:B0
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/dtCK0gPqTfJ3gb9lFDjrL0u6fbA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.239.195.0/24
185.236.62.0/24
Signature Algorithm: sha256WithRSAEncryption
44:e2:d4:83:b8:45:b5:40:37:b3:60:7a:17:5f:49:90:d5:4d:
a3:03:cb:0a:8c:2d:75:76:1b:1d:b2:24:67:43:19:78:f6:20:
de:7b:65:8f:82:fb:c7:8f:13:a1:5f:e1:07:46:52:27:80:3e:
e2:3a:0c:67:a1:80:09:cf:5b:49:41:40:4b:e5:23:ae:38:77:
6f:58:69:4a:b0:65:ef:e8:9b:b7:04:36:d0:18:9c:c6:86:b6:
b8:f5:87:45:d6:6e:8f:b0:76:f6:ad:08:5c:44:03:44:a5:4a:
a6:83:05:8c:2a:31:f1:48:51:36:a1:d5:d9:0b:60:fc:da:02:
2e:a6:bb:e7:3e:e9:b8:d7:7f:49:a1:16:53:d3:7a:3c:71:7a:
b7:9f:75:52:14:9a:ef:36:1b:18:27:56:ed:c1:6e:1f:a6:4c:
cc:76:84:07:c6:57:a5:f5:dd:a4:ba:7a:5a:f5:dc:07:b7:ed:
c3:5e:8a:54:15:3d:fc:6b:0b:b7:2f:3c:38:6c:94:40:5f:1c:
e1:25:14:b2:44:20:64:bd:38:f5:39:96:e4:d2:65:20:df:d6:
a1:45:fd:7a:f7:b1:ec:c7:b1:7e:2e:5f:96:1b:56:19:75:49:
0d:bb:f9:38:8a:0a:90:fd:1e:29:44:24:7c:d8:a0:0f:34:73:
b9:b3:03:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYa4Ay2FDn0+5SeIlxdEIUZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA2MTc0MTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmQwOGFkMjAzZWE0ZGYyNzc4MWJmNjUxNDM4ZWIyZjRiYmE3ZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsINghQlxSSadMOPMMRCkaGx640jf
xC+38RJUea9ZYupSRFnSg1fULoHtXGvxP5Myp1hRW3JhTwqJeL3ujr3xJO447RwO
/C/78DfFCyfS9SEKixPhsrPUE9fnXjfeKC71AUPDyvubUnm2E44R/Bx3S1HFZsQW
fF/LjHjQXkLN8eWsS2xS75RMUuJPFsL9IXS7RLXICYc99Q7cwxcbsz+m9KF97uyk
7CK6A8cRWBCob+h12oez22wYkkwcu0I6LMoyFwkryOxgv5nFNGq2QiEo5FPEp8T2
5wOpx5gocBuUd3sk8PKbGpbhhTn1aAFcoQOuK9R3PuPCVHRYQ1BarwMVXQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHbQitID6k3yd4G/ZRQ46y9Lun2wMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZHRDSzBnUHFUZkozZ2I5bEZEanJMMHU2ZmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu/DAwQA
uew+MA0GCSqGSIb3DQEBCwUAA4IBAQBE4tSDuEW1QDezYHoXX0mQ1U2jA8sKjC11
dhsdsiRnQxl49iDee2WPgvvHjxOhX+EHRlIngD7iOgxnoYAJz1tJQUBL5SOuOHdv
WGlKsGXv6Ju3BDbQGJzGhra49YdF1m6PsHb2rQhcRANEpUqmgwWMKjHxSFE2odXZ
C2D82gIuprvnPum4139JoRZT03o8cXq3n3VSFJrvNhsYJ1btwW4fpkzMdoQHxlel
9d2kunpa9dwHt+3DXopUFT38awu3Lzw4bJRAXxzhJRSyRCBkvTj1OZbk0mUg39ah
Rf1697Hsx7F+Ll+WG1YZdUkNu/k4igqQ/R4pRCR82KAPNHO5swNQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:47 2024 by rpki-client on console-fra.rpki-client.org