Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mhy3YE7_Ftuk9F4LyzO0RHaJHFI.roa
File: mhy3YE7_Ftuk9F4LyzO0RHaJHFI.roa (raw, json)
Hash identifier: Cqv560xzZqXFEoxY5n90np/seAO8H54JLSbYjdIGRok=
Subject key identifier: 9A:1C:B7:60:4E:FF:16:DB:A4:F4:5E:0B:CB:33:B4:44:76:89:1C:52
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01875601FA431F6F36298764DEFA55A6F740
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mhy3YE7_Ftuk9F4LyzO0RHaJHFI.roa
Signing time: Thu 06 Apr 2023 09:59:42 +0000
ROA not before: Thu 06 Apr 2023 09:59:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12912
IP address blocks: 103.205.27.0/24 maxlen: 24
223.27.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:56:01:fa:43:1f:6f:36:29:87:64:de:fa:55:a6:f7:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 6 09:59:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9a1cb7604eff16dba4f45e0bcb33b44476891c52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:38:4e:57:97:5c:56:92:bd:bb:e7:22:b4:5a:
8d:26:d0:1a:e5:34:43:b6:b0:1e:7b:7b:6a:2e:fb:
db:f7:a5:7f:36:ec:a8:70:cf:4f:6a:a6:3f:da:e2:
5f:64:6c:3d:04:db:b5:b5:35:88:5a:11:6d:00:10:
a8:d3:33:6b:c0:ad:a8:0a:13:b3:98:7a:c4:9d:72:
83:3f:fd:e7:d6:e3:f6:51:2b:2a:2d:b8:69:e3:d1:
47:73:c5:d7:47:07:4c:43:3c:c3:6e:f5:92:02:7d:
e0:2d:ad:ce:66:e0:d1:47:12:8f:91:eb:15:dc:50:
22:23:9a:93:d3:21:87:97:38:03:ba:21:be:1c:5c:
25:30:e5:a1:93:25:f2:37:1f:6b:55:80:27:77:25:
f0:09:21:c9:43:23:73:62:36:a7:79:29:7a:41:bc:
c2:14:89:91:ef:d6:54:5f:3e:c0:18:1c:6e:6e:38:
1b:7d:f1:4b:12:8f:64:7a:17:27:44:1e:58:e8:a1:
69:40:ed:1b:ba:08:1d:c3:a1:65:f4:90:c8:c3:e4:
3e:f0:b6:26:91:db:cb:85:59:ce:de:83:a8:f3:0d:
b4:b5:e2:2c:df:8d:69:21:7f:79:f6:f4:83:34:26:
de:2d:67:7b:05:29:ab:0c:a7:20:91:e0:4c:82:2b:
4d:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:1C:B7:60:4E:FF:16:DB:A4:F4:5E:0B:CB:33:B4:44:76:89:1C:52
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mhy3YE7_Ftuk9F4LyzO0RHaJHFI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.205.27.0/24
223.27.114.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:dc:62:37:a9:e4:73:19:26:af:f7:06:93:a9:f9:6b:da:b2:
85:6c:10:11:2f:e1:6c:8b:f2:df:86:a2:c0:2c:47:51:d3:9d:
93:5e:98:b8:60:f8:e3:50:1c:0e:34:19:1e:b3:ac:21:92:57:
60:56:27:17:58:f3:e9:e2:fb:ce:6d:03:ef:d2:a8:1d:75:29:
12:1c:b1:54:21:e7:fb:c0:77:a7:aa:f2:34:9b:a0:84:da:84:
44:cd:f1:8c:77:19:ac:2e:4f:4b:28:3f:8e:10:21:1d:93:a0:
bd:93:5f:a7:3e:ea:10:10:79:ec:a4:0e:59:99:a2:d5:e5:e4:
bb:58:65:a7:eb:dd:f3:69:1b:78:bc:ea:25:81:1a:93:67:c4:
00:84:f1:81:2e:38:dc:e4:d5:e5:59:7f:c1:2e:dc:b7:99:be:
1d:e2:82:e0:2e:44:92:2e:fc:c0:27:b6:bf:11:75:a7:fa:6d:
28:a1:aa:01:ca:7a:83:d0:c7:4a:97:ed:58:40:c1:5f:a2:d5:
c2:cd:1d:16:a2:d4:f8:31:ac:fb:1c:7b:5f:8d:ee:2a:39:76:
2c:33:39:3a:32:7b:ec:41:d4:da:ff:c0:e5:03:54:18:cf:77:
58:4f:e7:63:df:68:70:6f:5a:47:84:0d:bc:1f:ee:bf:04:ec:
8c:8f:fd:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYdWAfpDH282KYdk3vpVpvdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA2MDk1OTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTFjYjc2MDRlZmYxNmRiYTRmNDVlMGJjYjMzYjQ0NDc2ODkxYzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvThOV5dcVpK9u+citFqNJtAa5TRD
trAee3tqLvvb96V/NuyocM9PaqY/2uJfZGw9BNu1tTWIWhFtABCo0zNrwK2oChOz
mHrEnXKDP/3n1uP2USsqLbhp49FHc8XXRwdMQzzDbvWSAn3gLa3OZuDRRxKPkesV
3FAiI5qT0yGHlzgDuiG+HFwlMOWhkyXyNx9rVYAndyXwCSHJQyNzYjaneSl6QbzC
FImR79ZUXz7AGBxubjgbffFLEo9kehcnRB5Y6KFpQO0buggdw6Fl9JDIw+Q+8LYm
kdvLhVnO3oOo8w20teIs341pIX959vSDNCbeLWd7BSmrDKcgkeBMgitNhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJoct2BO/xbbpPReC8sztER2iRxSMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbWh5M1lFN19GdHVrOUY0THl6TzBSSGFKSEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ80bAwQA
3xtyMA0GCSqGSIb3DQEBCwUAA4IBAQBe3GI3qeRzGSav9waTqflr2rKFbBARL+Fs
i/LfhqLALEdR052TXpi4YPjjUBwONBkes6whkldgVicXWPPp4vvObQPv0qgddSkS
HLFUIef7wHenqvI0m6CE2oREzfGMdxmsLk9LKD+OECEdk6C9k1+nPuoQEHnspA5Z
maLV5eS7WGWn693zaRt4vOolgRqTZ8QAhPGBLjjc5NXlWX/BLty3mb4d4oLgLkSS
LvzAJ7a/EXWn+m0ooaoBynqD0MdKl+1YQMFfotXCzR0WotT4Maz7HHtfje4qOXYs
Mzk6MnvsQdTa/8DlA1QYz3dYT+dj32hwb1pHhA28H+6/BOyMj/1/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org