Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sz6EkaAL7Ps_exnPs2phhfGeUW8.roa
File: sz6EkaAL7Ps_exnPs2phhfGeUW8.roa (raw, json)
Hash identifier: bs8fP5MnTtXDyMdvTUAU4tfsbXHFTRa7HU7SEEnbDpE=
Subject key identifier: B3:3E:84:91:A0:0B:EC:FB:3F:7B:19:CF:B3:6A:61:85:F1:9E:51:6F
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186E0EF0A0BB645F4333062D71406D428E5
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sz6EkaAL7Ps_exnPs2phhfGeUW8.roa
Signing time: Tue 14 Mar 2023 16:23:27 +0000
ROA not before: Tue 14 Mar 2023 16:23:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212219
IP address blocks: 78.142.243.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e0:ef:0a:0b:b6:45:f4:33:30:62:d7:14:06:d4:28:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 14 16:23:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b33e8491a00becfb3f7b19cfb36a6185f19e516f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:4e:3e:66:d2:16:39:72:e1:04:fd:2f:e5:be:
03:67:a8:30:3c:d4:bf:49:a5:77:11:ef:7e:5e:30:
f5:3d:33:ae:47:fc:06:f9:10:3a:03:0b:29:64:71:
2c:d8:53:e4:f4:33:47:74:e0:e3:5d:bb:bb:dc:a0:
d4:cc:34:49:65:86:c3:8d:c0:d7:09:58:5c:40:f2:
5e:75:dd:d6:bd:13:bf:e9:8a:6b:69:c1:28:46:9c:
59:d5:78:a4:8e:33:d6:55:3d:60:d8:c7:7f:9c:65:
96:93:93:fa:41:25:b5:d3:60:32:bc:a8:2f:ec:4a:
c0:f8:09:a1:d5:a1:fa:b8:6a:14:de:f8:f5:9f:63:
7c:7d:c0:cb:89:ac:9a:a2:4d:53:d5:35:53:e5:a2:
83:da:a5:09:19:98:a5:80:54:de:c1:57:33:e1:80:
39:8a:a1:fa:70:74:41:ff:f7:f5:61:d0:65:20:f6:
5d:c9:33:38:1e:a8:38:34:7b:6a:2b:5a:a4:ad:73:
37:d3:32:b3:9e:03:97:33:94:a7:1c:6e:b8:8b:f4:
ac:fd:cf:3e:85:f4:8d:a5:3e:83:b0:d6:6d:1d:ed:
0c:a9:7c:db:5f:4a:fe:9b:4f:b1:da:7e:a5:39:99:
66:75:6b:e3:43:66:de:1f:02:96:52:87:53:c5:7d:
03:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:3E:84:91:A0:0B:EC:FB:3F:7B:19:CF:B3:6A:61:85:F1:9E:51:6F
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sz6EkaAL7Ps_exnPs2phhfGeUW8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.243.0/24
185.230.249.0/24
185.245.238.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:35:d7:ce:2a:47:91:f7:8b:7f:72:97:49:35:64:57:a5:8b:
32:8d:c2:a5:c8:ff:5d:92:b7:b7:45:a3:96:f2:c2:8d:cc:a7:
f7:3c:e3:b1:a4:e5:79:99:12:ce:30:51:0e:58:a0:68:d9:13:
81:89:29:f1:15:61:36:9d:b3:ae:a5:09:1d:73:21:05:8a:7f:
28:ba:56:f9:b3:29:0a:28:88:2d:ae:ed:05:65:30:bf:61:25:
09:8a:b4:80:3f:c4:02:23:d3:c2:55:c3:19:b1:ee:1f:f2:d3:
72:88:3d:fc:b9:15:c2:a0:68:5b:f0:50:3f:60:c5:a7:18:a2:
7f:7c:33:34:a6:28:48:a0:b3:de:2e:65:54:bd:0e:cb:e0:b9:
96:d4:28:ca:e5:d3:b5:99:0e:8d:fd:18:99:67:69:97:6d:cb:
4b:a5:c7:10:2b:f1:d9:65:73:9b:12:db:9b:e3:9e:4e:68:72:
0a:68:62:28:79:91:7b:9f:27:51:09:4b:2b:fc:90:aa:ae:33:
92:0c:79:92:ef:ba:5f:0f:44:33:e1:e7:26:60:5e:2b:a4:48:
bd:3e:b7:ce:b3:d5:6d:13:2e:e0:d1:4b:fd:32:9c:6e:87:12:
27:18:3a:18:d7:da:53:8f:13:80:32:06:69:dc:07:26:56:6a:
de:b8:44:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYbg7woLtkX0MzBi1xQG1CjlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzE0MTYyMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzNlODQ5MWEwMGJlY2ZiM2Y3YjE5Y2ZiMzZhNjE4NWYxOWU1MTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtE4+ZtIWOXLhBP0v5b4DZ6gwPNS/
SaV3Ee9+XjD1PTOuR/wG+RA6AwspZHEs2FPk9DNHdODjXbu73KDUzDRJZYbDjcDX
CVhcQPJedd3WvRO/6YpracEoRpxZ1XikjjPWVT1g2Md/nGWWk5P6QSW102AyvKgv
7ErA+Amh1aH6uGoU3vj1n2N8fcDLiayaok1T1TVT5aKD2qUJGZilgFTewVcz4YA5
iqH6cHRB//f1YdBlIPZdyTM4Hqg4NHtqK1qkrXM30zKzngOXM5SnHG64i/Ss/c8+
hfSNpT6DsNZtHe0MqXzbX0r+m0+x2n6lOZlmdWvjQ2beHwKWUodTxX0DfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLM+hJGgC+z7P3sZz7NqYYXxnlFvMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvc3o2RWthQUw3UHNfZXhuUHMycGhoZkdlVVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATo7zAwQA
ueb5AwQAufXuMA0GCSqGSIb3DQEBCwUAA4IBAQB+NdfOKkeR94t/cpdJNWRXpYsy
jcKlyP9dkre3RaOW8sKNzKf3POOxpOV5mRLOMFEOWKBo2ROBiSnxFWE2nbOupQkd
cyEFin8oulb5sykKKIgtru0FZTC/YSUJirSAP8QCI9PCVcMZse4f8tNyiD38uRXC
oGhb8FA/YMWnGKJ/fDM0pihIoLPeLmVUvQ7L4LmW1CjK5dO1mQ6N/RiZZ2mXbctL
pccQK/HZZXObEtub455OaHIKaGIoeZF7nydRCUsr/JCqrjOSDHmS77pfD0Qz4ecm
YF4rpEi9PrfOs9VtEy7g0Uv9MpxuhxInGDoY19pTjxOAMgZp3AcmVmreuETA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org