Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tgOJqEwv1yV9ByHg1Ai-FRQHOX8.roa
File: tgOJqEwv1yV9ByHg1Ai-FRQHOX8.roa (raw, json)
Hash identifier: mj1Dqv4VlYzIeLwEQ9BJdo3NPM/qChEDX40bkzQ6qyc=
Subject key identifier: B6:03:89:A8:4C:2F:D7:25:7D:07:21:E0:D4:08:BE:15:14:07:39:7F
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186AD9AFC3CF9C93978E049D9B4276D0904
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tgOJqEwv1yV9ByHg1Ai-FRQHOX8.roa
Signing time: Sat 04 Mar 2023 17:11:00 +0000
ROA not before: Sat 04 Mar 2023 17:11:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 178.239.201.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
103.212.81.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ad:9a:fc:3c:f9:c9:39:78:e0:49:d9:b4:27:6d:09:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 4 17:11:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b60389a84c2fd7257d0721e0d408be151407397f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:31:da:b6:7c:f7:6d:b9:ad:4f:fb:3e:98:d2:
a1:d9:31:e9:b5:88:f3:36:37:83:29:45:01:4c:0b:
6d:9a:66:90:b2:93:ef:82:ef:75:95:d8:00:1b:75:
d0:ec:6f:1f:88:b9:6f:33:50:fb:41:98:fe:df:5c:
90:7e:4b:0b:d3:33:90:b4:f6:61:9b:c6:c6:29:9e:
ce:40:9e:88:75:c4:4e:3b:2c:59:da:d8:1f:af:a5:
5e:ca:ae:85:98:b6:20:c2:b2:67:1c:b3:85:6a:ca:
b1:9b:c6:5e:63:a5:bd:92:be:2e:59:0f:10:8b:8a:
5f:81:ae:96:c0:08:7b:8b:bb:21:f9:73:75:b5:78:
58:31:77:d0:05:83:a0:1d:00:55:15:20:5f:2d:cb:
58:28:23:86:e4:e8:28:ce:ea:e8:f2:a0:9a:18:bc:
04:9b:19:02:a4:74:d8:39:29:be:2d:87:76:1f:c2:
0e:91:ef:80:f3:3a:95:bf:d6:22:a6:01:90:c9:ca:
28:cc:42:cf:36:0a:9c:ca:1b:a4:48:e0:02:64:95:
09:81:fc:5d:9b:5f:31:df:0e:4e:4f:e5:5b:52:ee:
74:6d:24:f8:e8:7c:a2:8e:5b:eb:97:99:33:85:b6:
e3:5c:c7:ea:29:0c:57:f6:78:7b:95:e0:28:b8:5f:
57:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:03:89:A8:4C:2F:D7:25:7D:07:21:E0:D4:08:BE:15:14:07:39:7F
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tgOJqEwv1yV9ByHg1Ai-FRQHOX8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.212.81.0/24
178.239.201.0/24
185.103.75.0/24
185.229.107.0/24
185.230.250.0/24
193.42.54.0/23
Signature Algorithm: sha256WithRSAEncryption
50:4c:8d:79:56:e5:a6:5c:ea:c1:f9:d5:c9:aa:f9:5d:aa:09:
2b:89:0d:41:6c:86:67:76:85:82:49:ae:bb:6d:52:85:92:d7:
79:5b:dc:16:2c:82:a6:0a:6e:77:73:a3:f4:c9:b5:75:ff:3d:
ea:39:f8:75:a8:fc:5c:cb:0d:cd:9b:35:bd:3c:21:fa:5c:8e:
2c:e4:f4:78:cf:de:37:18:75:9a:d5:b0:49:31:37:6a:5a:dc:
81:50:9f:e4:41:48:3b:35:fe:ee:fd:e9:46:d7:8a:dc:9e:24:
76:27:3b:ba:dc:c5:26:b5:80:f1:fc:c2:ea:e7:78:6c:6d:96:
26:f5:65:c2:98:7f:f7:c5:59:f2:5f:96:32:ce:1d:18:0e:31:
2a:e9:d8:d7:f5:e0:f8:06:3c:8c:20:26:fc:e4:ab:1b:45:63:
24:3a:58:46:1a:78:78:17:79:ab:80:bb:65:64:50:ee:21:44:
6a:bb:62:8f:5c:55:30:97:fb:1f:27:20:ad:9a:f4:7c:bd:86:
91:d0:18:6e:1f:1d:c3:3e:1e:c3:27:43:c3:14:e8:a5:85:30:
0a:98:f2:db:d3:f0:df:b4:94:10:e3:78:98:d1:52:5f:92:be:
25:a8:aa:24:e8:07:e5:77:09:8e:88:45:cf:9f:e8:3b:af:a6:
77:ee:c3:3f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYatmvw8+ck5eOBJ2bQnbQkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA0MTcxMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjAzODlhODRjMmZkNzI1N2QwNzIxZTBkNDA4YmUxNTE0MDczOTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTHatnz3bbmtT/s+mNKh2THptYjz
NjeDKUUBTAttmmaQspPvgu91ldgAG3XQ7G8fiLlvM1D7QZj+31yQfksL0zOQtPZh
m8bGKZ7OQJ6IdcROOyxZ2tgfr6Veyq6FmLYgwrJnHLOFasqxm8ZeY6W9kr4uWQ8Q
i4pfga6WwAh7i7sh+XN1tXhYMXfQBYOgHQBVFSBfLctYKCOG5Ogozuro8qCaGLwE
mxkCpHTYOSm+LYd2H8IOke+A8zqVv9YipgGQycoozELPNgqcyhukSOACZJUJgfxd
m18x3w5OT+VbUu50bST46Hyijlvrl5kzhbbjXMfqKQxX9nh7leAouF9XYwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLYDiahML9clfQch4NQIvhUUBzl/MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdGdPSnFFd3YxeVY5QnlIZzFBaS1GUlFIT1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAZ9RRAwQA
su/JAwQAuWdLAwQAueVrAwQAueb6AwQBwSo2MA0GCSqGSIb3DQEBCwUAA4IBAQBQ
TI15VuWmXOrB+dXJqvldqgkriQ1BbIZndoWCSa67bVKFktd5W9wWLIKmCm53c6P0
ybV1/z3qOfh1qPxcyw3NmzW9PCH6XI4s5PR4z943GHWa1bBJMTdqWtyBUJ/kQUg7
Nf7u/elG14rcniR2Jzu63MUmtYDx/MLq53hsbZYm9WXCmH/3xVnyX5Yyzh0YDjEq
6djX9eD4BjyMICb85KsbRWMkOlhGGnh4F3mrgLtlZFDuIURqu2KPXFUwl/sfJyCt
mvR8vYaR0BhuHx3DPh7DJ0PDFOilhTAKmPLb0/DftJQQ43iY0VJfkr4lqKok6Afl
dwmOiEXPn+g7r6Z37sM/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org