Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pRuhQlq0zO5qhpFtInBRSx1CvFE.roa
File: pRuhQlq0zO5qhpFtInBRSx1CvFE.roa (raw, json)
Hash identifier: JyPc6JC2cUbVuElN6TvjCf6dYonKyw4bozP3KvvU2S8=
Subject key identifier: A5:1B:A1:42:5A:B4:CC:EE:6A:86:91:6D:22:70:51:4B:1D:42:BC:51
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018641C538006E8E1E9E67D285D57C768C85
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pRuhQlq0zO5qhpFtInBRSx1CvFE.roa
Signing time: Sat 11 Feb 2023 18:38:09 +0000
ROA not before: Sat 11 Feb 2023 18:38:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135752
IP address blocks: 178.239.203.0/24 maxlen: 24
193.42.52.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:41:c5:38:00:6e:8e:1e:9e:67:d2:85:d5:7c:76:8c:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 11 18:38:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a51ba1425ab4ccee6a86916d2270514b1d42bc51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:22:31:5f:68:2d:e5:bf:60:03:8d:82:5b:4a:
94:fe:05:2e:a7:f2:9b:93:70:cc:b1:3f:aa:85:d0:
ff:9d:ed:dd:c1:51:1c:6a:99:ae:f2:89:ab:d4:e7:
5d:cc:4c:93:70:e0:fe:f7:1f:a4:06:84:bb:00:18:
87:76:4f:a3:18:bd:ab:b9:df:21:df:e4:75:60:55:
35:ea:72:0e:ac:5a:1a:37:19:d8:19:0c:94:c8:55:
14:87:a0:29:5f:8e:49:7b:b1:7e:89:da:a3:cc:3a:
00:18:dd:df:7e:d2:99:57:6a:35:5e:fa:48:41:de:
35:af:f0:e0:f7:e1:0a:83:fa:54:98:1d:e8:72:71:
ec:c3:ab:94:b2:38:dd:b3:d4:1c:b9:a7:02:e8:7c:
ba:d6:99:1f:8d:fc:0e:d9:df:35:5e:0a:60:e5:8a:
4d:09:68:a0:5b:da:be:8e:7c:3d:de:f0:84:63:64:
3c:55:a3:45:50:98:1b:81:e7:ce:2d:94:26:6b:ae:
07:b9:7e:8b:ee:5b:0c:82:57:e6:b4:d2:99:30:d5:
79:6c:fa:dd:78:bf:60:4f:6e:4d:36:39:7e:5b:e2:
19:12:d3:28:ff:92:7e:a5:a1:f8:e7:20:c7:22:ae:
07:f6:8e:e1:b8:47:60:2d:95:1b:ec:4e:6a:24:1d:
0c:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:1B:A1:42:5A:B4:CC:EE:6A:86:91:6D:22:70:51:4B:1D:42:BC:51
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pRuhQlq0zO5qhpFtInBRSx1CvFE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.239.203.0/24
185.103.74.0/24
193.42.52.0/24
Signature Algorithm: sha256WithRSAEncryption
38:dd:b2:6d:cb:72:26:0d:b5:c7:fe:66:0a:e6:77:84:7f:a7:
e1:07:52:c6:b8:85:e5:f1:1a:92:a5:ef:4e:60:08:2a:f6:22:
a4:58:18:fe:03:d4:c8:e5:3e:dd:a1:9a:22:b8:d9:85:98:69:
57:05:04:4e:61:e9:3b:e6:f9:d5:0e:8c:78:05:6f:76:5b:73:
87:47:2d:32:bf:37:ae:50:a6:53:4f:f3:19:91:2c:a2:ca:cc:
25:9c:cd:54:55:60:0e:70:4a:b1:53:4d:59:9b:19:9b:3c:39:
df:38:4e:32:36:6b:94:a0:d3:89:34:44:eb:f1:05:24:b2:9d:
06:7f:d3:a1:f4:d9:b9:02:3b:dd:32:f1:a3:aa:e9:49:03:d2:
23:2c:aa:12:a8:c0:37:e5:c2:70:be:cd:80:38:d3:e1:0f:85:
6f:f1:70:a6:f5:11:4e:2d:fe:11:03:8b:92:6d:b1:f0:51:11:
58:a3:33:5c:e9:63:a5:1c:1d:80:ba:87:c3:0b:28:e8:a2:7c:
34:e1:8c:84:c7:12:d9:b3:f6:4a:30:fa:90:11:52:c0:e4:8b:
0e:81:cd:ae:79:c5:bc:82:cc:bd:a1:5d:a1:4c:eb:43:74:9e:
7a:02:d9:0d:da:ad:0f:e5:5b:39:0a:27:34:75:09:1c:4b:4a:
be:45:76:20
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYZBxTgAbo4enmfShdV8doyFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjExMTgzODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTFiYTE0MjVhYjRjY2VlNmE4NjkxNmQyMjcwNTE0YjFkNDJiYzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCIxX2gt5b9gA42CW0qU/gUup/Kb
k3DMsT+qhdD/ne3dwVEcapmu8omr1OddzEyTcOD+9x+kBoS7ABiHdk+jGL2rud8h
3+R1YFU16nIOrFoaNxnYGQyUyFUUh6ApX45Je7F+idqjzDoAGN3fftKZV2o1XvpI
Qd41r/Dg9+EKg/pUmB3ocnHsw6uUsjjds9QcuacC6Hy61pkfjfwO2d81Xgpg5YpN
CWigW9q+jnw93vCEY2Q8VaNFUJgbgefOLZQma64HuX6L7lsMglfmtNKZMNV5bPrd
eL9gT25NNjl+W+IZEtMo/5J+paH45yDHIq4H9o7huEdgLZUb7E5qJB0MTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKUboUJatMzuaoaRbSJwUUsdQrxRMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcFJ1aFFscTB6TzVxaHBGdEluQlJTeDFDdkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsu/LAwQA
uWdKAwQAwSo0MA0GCSqGSIb3DQEBCwUAA4IBAQA43bJty3ImDbXH/mYK5neEf6fh
B1LGuIXl8RqSpe9OYAgq9iKkWBj+A9TI5T7doZoiuNmFmGlXBQROYek75vnVDox4
BW92W3OHRy0yvzeuUKZTT/MZkSyiyswlnM1UVWAOcEqxU01ZmxmbPDnfOE4yNmuU
oNOJNETr8QUksp0Gf9Oh9Nm5AjvdMvGjqulJA9IjLKoSqMA35cJwvs2AONPhD4Vv
8XCm9RFOLf4RA4uSbbHwURFYozNc6WOlHB2AuofDCyjoonw04YyExxLZs/ZKMPqQ
EVLA5IsOgc2uecW8gsy9oV2hTOtDdJ56AtkN2q0P5Vs5Cic0dQkcS0q+RXYg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org