Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mG8EpezfcmQ5mwTLLkJxagjFiQI.roa
File: mG8EpezfcmQ5mwTLLkJxagjFiQI.roa (raw, json)
Hash identifier: Ny2SV6Zd338dTHS4U/Wi5xBn3Zc3lepRs9WTYbnROfk=
Subject key identifier: 98:6F:04:A5:EC:DF:72:64:39:9B:04:CB:2E:42:71:6A:08:C5:89:02
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01880B3F7AD505091092579BAD4BE8DC6FB3
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mG8EpezfcmQ5mwTLLkJxagjFiQI.roa
Signing time: Thu 11 May 2023 14:38:09 +0000
ROA not before: Thu 11 May 2023 14:38:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 185.121.229.0/24 maxlen: 24
78.142.242.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:0b:3f:7a:d5:05:09:10:92:57:9b:ad:4b:e8:dc:6f:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 11 14:38:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=986f04a5ecdf7264399b04cb2e42716a08c58902
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:57:8a:1d:54:ab:c3:78:91:a1:04:ac:a5:94:
38:8d:8f:37:1f:61:f4:54:f4:94:48:6d:14:23:df:
a8:29:39:34:9e:76:eb:f5:a6:c7:42:e1:59:32:78:
10:9f:b7:b2:1b:e3:ac:ec:27:35:0a:17:31:1a:bc:
5a:61:60:78:33:71:ca:4c:93:1c:5d:70:6b:68:0e:
ed:a3:41:0a:00:1b:26:7f:23:3c:07:e3:54:ee:62:
eb:eb:65:11:ba:e4:af:36:d2:a6:81:7c:1d:ed:94:
6b:79:af:d0:d6:ea:04:e6:b3:41:4b:71:cd:0e:cd:
19:b1:a2:95:d5:c5:37:0c:a0:be:7a:89:40:9b:43:
d8:92:77:bd:16:e7:0c:72:ca:88:31:80:e8:79:18:
a8:24:60:f5:13:ad:82:11:e3:62:27:9a:51:67:c2:
11:99:89:01:71:04:71:20:2e:0f:39:2c:89:aa:1e:
9c:67:cd:76:d3:02:66:70:a3:45:2b:63:a9:b0:0e:
e6:b3:71:e7:18:c3:8b:7c:f0:8e:49:f3:bd:e3:75:
99:b8:83:c6:80:fd:34:5f:b9:82:9b:dd:d6:38:fd:
6e:4b:6c:8b:04:e4:e1:9a:0f:f0:78:83:00:01:a9:
75:e5:0e:4a:95:c3:6b:83:e0:19:29:d1:ea:84:9b:
c7:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:6F:04:A5:EC:DF:72:64:39:9B:04:CB:2E:42:71:6A:08:C5:89:02
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mG8EpezfcmQ5mwTLLkJxagjFiQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/24
93.114.246.0/24
185.103.74.0/24
185.115.144.0/24
185.121.229.0/24
194.4.158.0/24
213.32.248.0/24
Signature Algorithm: sha256WithRSAEncryption
90:d5:3d:00:99:60:00:32:c9:01:6a:2b:7c:63:cc:f5:34:23:
9f:25:06:17:40:bd:a5:bf:4f:35:c3:26:af:d8:b5:6f:ec:75:
cc:59:06:b6:5e:b0:c3:75:b9:20:5e:80:49:86:d4:70:5e:12:
4c:c2:6b:be:c3:49:41:e5:a9:c0:16:58:c5:6e:75:ef:01:43:
9f:8c:75:aa:59:64:41:c6:65:b2:39:a0:59:22:ed:9d:40:de:
36:04:b8:34:c4:15:b8:62:e4:26:41:4d:b9:49:a0:89:03:96:
d4:31:91:8d:ca:19:66:a3:86:56:19:36:22:0c:9e:86:34:cc:
f2:1e:30:a2:08:f5:fa:8b:a5:0b:b3:4c:98:cd:c9:3e:fd:a3:
fb:96:a3:7b:d1:86:18:07:23:90:37:c4:6d:c6:c7:7a:87:78:
fe:5f:e5:36:26:80:02:8e:29:11:5a:af:73:0a:8c:2b:8b:db:
c9:d3:92:4e:93:62:e6:17:b8:b5:bd:e1:15:3f:ca:3f:9c:81:
29:89:7e:db:b1:d4:1e:f6:c0:3e:16:b0:a2:12:cc:e5:45:39:
22:5b:78:e4:39:c0:f6:ec:53:47:f2:bd:c1:03:0b:43:3e:48:
ca:61:b1:f4:23:48:15:a9:44:7f:a4:b8:a1:8c:f6:13:6d:17:
cc:d8:55:b0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYgLP3rVBQkQklebrUvo3G+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTExMTQzODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZmMDRhNWVjZGY3MjY0Mzk5YjA0Y2IyZTQyNzE2YTA4YzU4OTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAileKHVSrw3iRoQSspZQ4jY83H2H0
VPSUSG0UI9+oKTk0nnbr9abHQuFZMngQn7eyG+Os7Cc1ChcxGrxaYWB4M3HKTJMc
XXBraA7to0EKABsmfyM8B+NU7mLr62URuuSvNtKmgXwd7ZRrea/Q1uoE5rNBS3HN
Ds0ZsaKV1cU3DKC+eolAm0PYkne9FucMcsqIMYDoeRioJGD1E62CEeNiJ5pRZ8IR
mYkBcQRxIC4POSyJqh6cZ8120wJmcKNFK2OpsA7ms3HnGMOLfPCOSfO943WZuIPG
gP00X7mCm93WOP1uS2yLBOThmg/weIMAAal15Q5KlcNrg+AZKdHqhJvHcQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJhvBKXs33JkOZsEyy5CcWoIxYkCMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbUc4RXBlemZjbVE1bXdUTExrSnhhZ2pGaVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQATo7yAwQA
XXL2AwQAuWdKAwQAuXOQAwQAuXnlAwQAwgSeAwQA1SD4MA0GCSqGSIb3DQEBCwUA
A4IBAQCQ1T0AmWAAMskBait8Y8z1NCOfJQYXQL2lv081wyav2LVv7HXMWQa2XrDD
dbkgXoBJhtRwXhJMwmu+w0lB5anAFljFbnXvAUOfjHWqWWRBxmWyOaBZIu2dQN42
BLg0xBW4YuQmQU25SaCJA5bUMZGNyhlmo4ZWGTYiDJ6GNMzyHjCiCPX6i6ULs0yY
zck+/aP7lqN70YYYByOQN8Rtxsd6h3j+X+U2JoACjikRWq9zCowri9vJ05JOk2Lm
F7i1veEVP8o/nIEpiX7bsdQe9sA+FrCiEszlRTkiW3jkOcD27FNH8r3BAwtDPkjK
YbH0I0gVqUR/pLihjPYTbRfM2FWw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org