Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jARXy3VLFe2OkdlvegxKpLMUQqg.roa
File: jARXy3VLFe2OkdlvegxKpLMUQqg.roa (raw, json)
Hash identifier: LEegQ1lZIVnmhW2IVXVke8YddG0Lmmhi6JixtpYEYxQ=
Subject key identifier: 8C:04:57:CB:75:4B:15:ED:8E:91:D9:6F:7A:0C:4A:A4:B3:14:42:A8
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018746AB76A9BFDA435ED6CA98FC4973F8E5
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jARXy3VLFe2OkdlvegxKpLMUQqg.roa
Signing time: Mon 03 Apr 2023 10:30:54 +0000
ROA not before: Mon 03 Apr 2023 10:30:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.9.55.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
223.27.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:46:ab:76:a9:bf:da:43:5e:d6:ca:98:fc:49:73:f8:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 3 10:30:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8c0457cb754b15ed8e91d96f7a0c4aa4b31442a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:f9:2a:3a:6c:39:ee:d8:03:3e:d5:14:5f:6c:
f8:c7:d8:d0:d7:8e:1d:6d:01:88:af:4a:3d:97:83:
60:01:86:77:df:e1:2a:98:2e:f3:95:98:8f:ca:92:
b6:3b:fc:81:69:1a:50:ac:b8:cc:ad:03:30:c3:98:
f1:94:8b:ba:5c:e3:a8:7a:87:ce:1f:54:eb:1a:35:
bc:81:8e:d4:13:b8:49:ca:70:d2:28:c9:04:39:fc:
a6:da:55:fb:80:0b:b8:c0:42:1f:5d:9c:5f:41:0c:
94:97:55:eb:98:d4:c7:46:52:07:b0:df:74:1c:f4:
ec:39:ef:62:4b:1a:65:87:0a:52:b8:f3:d2:a0:04:
92:fa:75:41:ba:21:55:07:95:95:22:97:bb:9a:7e:
ee:c7:dd:bf:5f:23:d2:16:1f:53:0f:2e:7a:c7:42:
ab:f7:f7:e6:14:ad:d2:eb:27:1a:ae:3c:0d:ac:ba:
74:46:0d:a7:c2:ef:69:25:b4:0c:b8:bd:24:0f:ef:
16:73:38:c3:dd:cd:3f:bf:77:99:b2:80:a4:82:e0:
b6:b2:73:6c:33:c6:65:2c:91:d5:bf:56:fc:9c:16:
61:e0:17:74:25:cc:84:4a:ec:1c:a3:8c:d1:32:7c:
c3:7c:5f:37:5a:36:0c:41:85:c8:bc:4e:c0:64:d5:
b1:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:04:57:CB:75:4B:15:ED:8E:91:D9:6F:7A:0C:4A:A4:B3:14:42:A8
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/jARXy3VLFe2OkdlvegxKpLMUQqg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.9.55.0/24
194.4.157.0/24
223.27.114.0/24
Signature Algorithm: sha256WithRSAEncryption
3d:70:5a:fa:8c:89:18:1a:46:b8:19:83:80:61:10:33:77:2b:
85:91:83:83:34:2a:d8:61:d0:70:06:e0:73:93:e5:8b:17:09:
7e:76:46:6b:88:0e:a5:d0:9f:59:3b:7c:48:4f:36:1c:d1:60:
ad:3f:06:ea:d5:85:7c:fa:da:0c:9b:7f:13:36:fa:34:ec:0d:
bb:a1:42:ef:93:11:7d:d4:da:e6:d4:c2:0c:39:13:28:bc:85:
1e:03:e6:4a:e9:50:2a:9b:d2:dc:d5:6a:35:dc:bd:a1:64:67:
27:a1:4a:fe:f6:4b:86:29:63:18:43:19:0f:78:89:47:bc:88:
87:cf:63:b0:9b:22:30:9b:32:4e:55:f1:94:54:9c:b0:41:c0:
c4:75:56:7b:84:5c:54:1c:3e:a4:ed:1a:64:a6:47:1c:1a:a4:
1c:d8:a0:9f:2a:af:d5:2b:d7:e3:c4:cb:8e:5c:e4:0a:95:bf:
77:e0:1a:28:02:95:6b:14:7a:33:98:b6:bd:64:c2:f4:78:5b:
45:40:73:16:6d:07:a4:c0:1a:aa:db:c4:6e:0c:e9:dc:94:1f:
7e:d8:4d:43:d0:7d:62:90:80:5e:eb:ff:9d:df:49:6f:8c:ea:
e5:bf:f7:c8:a1:f2:55:3d:d0:e7:b8:fd:bb:57:25:6e:ab:dd:
9c:06:1c:98
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYdGq3apv9pDXtbKmPxJc/jlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDAzMTAzMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzA0NTdjYjc1NGIxNWVkOGU5MWQ5NmY3YTBjNGFhNGIzMTQ0MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfkqOmw57tgDPtUUX2z4x9jQ144d
bQGIr0o9l4NgAYZ33+EqmC7zlZiPypK2O/yBaRpQrLjMrQMww5jxlIu6XOOoeofO
H1TrGjW8gY7UE7hJynDSKMkEOfym2lX7gAu4wEIfXZxfQQyUl1XrmNTHRlIHsN90
HPTsOe9iSxplhwpSuPPSoASS+nVBuiFVB5WVIpe7mn7ux92/XyPSFh9TDy56x0Kr
9/fmFK3S6ycarjwNrLp0Rg2nwu9pJbQMuL0kD+8WczjD3c0/v3eZsoCkguC2snNs
M8ZlLJHVv1b8nBZh4Bd0JcyESuwco4zRMnzDfF83WjYMQYXIvE7AZNWxbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIwEV8t1SxXtjpHZb3oMSqSzFEKoMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvakFSWHkzVkxGZTJPa2RsdmVneEtwTE1VUXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuQk3AwQA
wgSdAwQA3xtyMA0GCSqGSIb3DQEBCwUAA4IBAQA9cFr6jIkYGka4GYOAYRAzdyuF
kYODNCrYYdBwBuBzk+WLFwl+dkZriA6l0J9ZO3xITzYc0WCtPwbq1YV8+toMm38T
Nvo07A27oULvkxF91Nrm1MIMORMovIUeA+ZK6VAqm9Lc1Wo13L2hZGcnoUr+9kuG
KWMYQxkPeIlHvIiHz2OwmyIwmzJOVfGUVJywQcDEdVZ7hFxUHD6k7RpkpkccGqQc
2KCfKq/VK9fjxMuOXOQKlb934BooApVrFHozmLa9ZML0eFtFQHMWbQekwBqq28Ru
DOnclB9+2E1D0H1ikIBe6/+d30lvjOrlv/fIofJVPdDnuP27VyVuq92cBhyY
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org