Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rCAjVAdL00unLoq8ZrwqAgK8Xqk.roa
File: rCAjVAdL00unLoq8ZrwqAgK8Xqk.roa (raw, json)
Hash identifier: Sw7Mh0uY7qnzTAZjqCTDQRDmx4JwPHhTUlCr3ebjEWM=
Subject key identifier: AC:20:23:54:07:4B:D3:4B:A7:2E:8A:BC:66:BC:2A:02:02:BC:5E:A9
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186BFDEDE8DF576F4B341B6806441C8BF0F
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rCAjVAdL00unLoq8ZrwqAgK8Xqk.roa
Signing time: Wed 08 Mar 2023 06:18:19 +0000
ROA not before: Wed 08 Mar 2023 06:18:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212219
IP address blocks: 78.142.243.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:bf:de:de:8d:f5:76:f4:b3:41:b6:80:64:41:c8:bf:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 8 06:18:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac202354074bd34ba72e8abc66bc2a0202bc5ea9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:98:5b:ca:c9:5b:ad:f2:b3:3b:e9:47:23:a0:
e2:ab:a8:af:54:0e:0b:d3:d2:7b:43:2f:ba:f3:57:
9d:e2:ef:85:ef:5b:e2:f3:7d:e4:d7:ef:65:85:5e:
05:a1:f0:da:d5:a0:4e:1f:de:90:4b:c4:4e:25:db:
b6:29:f1:4e:a6:91:93:4a:1e:ab:7a:b1:9c:01:1d:
01:a2:80:91:68:3e:da:e7:a2:14:23:95:89:de:d3:
5a:b5:d3:b7:0b:72:0a:78:8e:fa:e3:15:db:63:7f:
18:b7:db:bc:cc:67:57:e4:29:6b:af:b9:36:d1:5a:
bd:be:12:4a:c9:4f:8d:77:ac:31:c2:a4:71:64:40:
0f:b4:b0:a0:3d:14:10:4f:22:6b:3d:ee:53:81:24:
43:8c:28:69:37:ab:2f:95:16:0a:01:a6:66:23:9e:
83:bf:29:da:d1:5c:80:a4:92:da:a4:9d:a7:b4:9f:
e6:d8:78:62:fe:c7:33:2f:13:db:b7:6a:8f:55:cb:
99:20:c7:ac:0b:f3:ff:be:42:8b:8e:69:03:f2:f5:
cb:78:8a:2d:5d:05:d8:2b:64:dc:ff:cc:75:21:93:
bd:f1:86:1b:bc:f6:8f:7f:66:4f:6f:de:58:5a:49:
f1:d8:1f:93:e5:f6:54:93:18:91:55:6a:21:3b:fa:
d3:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:20:23:54:07:4B:D3:4B:A7:2E:8A:BC:66:BC:2A:02:02:BC:5E:A9
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rCAjVAdL00unLoq8ZrwqAgK8Xqk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.243.0/24
185.245.238.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:52:e7:65:3b:0f:bf:22:1e:2b:41:9f:6c:75:56:00:a6:8b:
5f:ae:b7:69:d9:d1:cb:73:ee:cc:ee:67:9b:ef:f0:31:6e:66:
da:ce:8f:a9:57:9a:5b:fd:50:f4:65:4b:c7:23:8d:f4:4c:df:
34:6b:de:a5:c9:81:43:f1:c4:9d:ce:2d:d9:6d:e4:58:d6:7c:
4f:03:bc:bf:46:0a:37:7c:9e:ab:7e:d7:39:1d:20:b7:61:fd:
22:fa:41:f3:70:b3:81:d0:74:ca:f8:44:a6:fd:69:20:90:93:
bd:70:8a:17:6f:76:6f:72:c0:0e:cc:88:ad:fe:76:4e:23:58:
2d:0a:dd:da:bc:d1:08:7f:90:3e:21:93:ac:9b:51:32:e7:e0:
22:92:7b:06:ee:a2:3e:c3:52:43:03:84:31:10:22:e2:ff:39:
32:b4:32:cb:a8:2e:f3:37:75:2c:56:8f:34:16:3b:02:55:4d:
a5:a1:b5:f1:3e:fa:dc:2b:b8:67:7a:47:92:0a:f2:f6:e0:db:
87:f5:88:4b:64:ef:24:98:ee:92:e6:9a:7c:2d:38:f1:a1:30:
da:a9:35:46:4c:3d:40:e1:b5:bb:65:5d:25:a2:98:eb:d4:df:
37:89:c4:f5:5a:9d:c4:9c:d1:bb:55:53:18:a8:97:2e:73:e6:
52:df:47:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYa/3t6N9Xb0s0G2gGRByL8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA4MDYxODE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzIwMjM1NDA3NGJkMzRiYTcyZThhYmM2NmJjMmEwMjAyYmM1ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5hbyslbrfKzO+lHI6Diq6ivVA4L
09J7Qy+681ed4u+F71vi833k1+9lhV4FofDa1aBOH96QS8ROJdu2KfFOppGTSh6r
erGcAR0BooCRaD7a56IUI5WJ3tNatdO3C3IKeI764xXbY38Yt9u8zGdX5Clrr7k2
0Vq9vhJKyU+Nd6wxwqRxZEAPtLCgPRQQTyJrPe5TgSRDjChpN6svlRYKAaZmI56D
vyna0VyApJLapJ2ntJ/m2Hhi/sczLxPbt2qPVcuZIMesC/P/vkKLjmkD8vXLeIot
XQXYK2Tc/8x1IZO98YYbvPaPf2ZPb95YWknx2B+T5fZUkxiRVWohO/rTGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKwgI1QHS9NLpy6KvGa8KgICvF6pMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvckNBalZBZEwwMHVuTG9xOFpyd3FBZ0s4WHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATo7zAwQA
ufXuMA0GCSqGSIb3DQEBCwUAA4IBAQB/UudlOw+/Ih4rQZ9sdVYApotfrrdp2dHL
c+7M7meb7/Axbmbazo+pV5pb/VD0ZUvHI430TN80a96lyYFD8cSdzi3ZbeRY1nxP
A7y/Rgo3fJ6rftc5HSC3Yf0i+kHzcLOB0HTK+ESm/WkgkJO9cIoXb3ZvcsAOzIit
/nZOI1gtCt3avNEIf5A+IZOsm1Ey5+AiknsG7qI+w1JDA4QxECLi/zkytDLLqC7z
N3UsVo80FjsCVU2lobXxPvrcK7hnekeSCvL24NuH9YhLZO8kmO6S5pp8LTjxoTDa
qTVGTD1A4bW7ZV0lopjr1N83icT1Wp3EnNG7VVMYqJcuc+ZS30c2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org