Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tiJW-iETDk8Zs3_CEIRqJPusKho.roa
File: tiJW-iETDk8Zs3_CEIRqJPusKho.roa (raw, json)
Hash identifier: zemkf+DcVwIWbFFmiiIWf0fpG8mv4bpzjhk4MfKPkrk=
Subject key identifier: B6:22:56:FA:21:13:0E:4F:19:B3:7F:C2:10:84:6A:24:FB:AC:2A:1A
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01862CFC2E861E830B3F7F4C1ACC4FF07D29
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tiJW-iETDk8Zs3_CEIRqJPusKho.roa
Signing time: Tue 07 Feb 2023 17:46:09 +0000
ROA not before: Tue 07 Feb 2023 17:46:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 78.142.242.0/24 maxlen: 24
194.4.156.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:2c:fc:2e:86:1e:83:0b:3f:7f:4c:1a:cc:4f:f0:7d:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 7 17:46:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b62256fa21130e4f19b37fc210846a24fbac2a1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:1d:c0:e1:3e:e2:29:e5:4a:08:a6:2a:82:d0:
78:4c:2b:53:17:df:b3:1c:87:3a:e1:d3:08:40:99:
29:50:ff:a3:04:d7:62:16:a7:0c:26:d7:2e:1a:6c:
19:2c:8f:d0:02:7a:0d:9c:c2:30:f3:a7:30:08:35:
4b:dc:90:ae:9d:98:f0:2a:fb:c0:6a:b8:ec:6a:a7:
d8:96:16:2e:84:d3:18:d7:62:0f:70:e9:b8:f8:8d:
ee:95:a3:e7:9d:dd:da:28:9c:3e:41:de:f9:54:94:
ec:44:f1:dd:f7:18:0b:b6:1f:54:b8:bd:82:09:42:
f5:c5:b6:4c:b4:33:7e:e3:77:6c:83:0a:cd:46:94:
19:32:33:df:17:36:de:f9:42:19:10:66:c2:42:35:
ce:48:ee:a7:01:8a:44:ce:1e:b7:e2:12:45:c8:e9:
22:f7:8c:f9:72:62:18:c7:a8:f9:09:32:26:1b:4a:
88:da:c3:10:2e:e2:d1:f8:a9:e9:2b:61:74:7e:9a:
54:9b:10:71:e5:49:5c:25:80:53:44:38:12:cf:cb:
7b:ca:a7:a9:3d:9a:56:34:40:42:0c:81:7d:4a:15:
2c:aa:d9:2f:3c:56:f4:53:b6:f7:27:fa:fb:7c:08:
42:9e:30:e2:ea:b8:b9:96:63:65:c8:29:9b:fd:cf:
f8:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:22:56:FA:21:13:0E:4F:19:B3:7F:C2:10:84:6A:24:FB:AC:2A:1A
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tiJW-iETDk8Zs3_CEIRqJPusKho.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.142.242.0/24
193.19.106.0/24
194.4.156.0/24
Signature Algorithm: sha256WithRSAEncryption
52:89:23:0f:db:8d:87:b3:7f:9d:b2:c8:58:00:4e:1d:7e:b8:
75:96:b4:62:6b:8b:cf:86:92:7d:23:0e:bb:0a:cf:65:29:a4:
06:18:a4:b4:85:37:5f:8c:c0:c9:6f:aa:f7:13:40:be:be:30:
2e:73:19:75:74:a9:50:fd:1d:95:15:aa:a2:5c:9d:b3:33:b7:
f8:86:ee:b8:48:b0:bf:01:a9:33:f8:01:88:34:54:cf:ef:51:
8a:2d:66:9d:c1:10:7e:94:28:98:f0:f8:a8:72:9f:7f:97:32:
a5:bb:66:21:e7:60:bc:50:e5:bd:06:4a:a1:40:0d:4f:ae:77:
c0:03:ee:03:e3:f7:80:4e:e6:dc:a5:5c:46:ab:2e:64:fa:83:
92:82:c1:af:68:e4:43:f0:10:df:8d:8f:b8:f1:d7:3c:27:45:
3d:36:3e:cc:3e:09:30:c5:5b:32:f4:ef:60:3f:35:e9:34:4a:
9f:19:80:33:94:c4:b4:68:8a:f0:f3:52:7c:16:54:a8:79:aa:
e4:67:6c:28:48:1c:0f:f3:4d:74:fe:be:5e:a3:51:87:bd:0f:
5b:fb:c6:b1:4b:0a:75:39:b6:69:c1:d9:2c:16:6c:ce:33:d1:
07:76:65:a1:24:d6:ba:5a:7f:0c:3c:d1:7f:65:c2:46:02:c1:
6f:8b:6b:a6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYYs/C6GHoMLP39MGsxP8H0pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjA3MTc0NjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjIyNTZmYTIxMTMwZTRmMTliMzdmYzIxMDg0NmEyNGZiYWMyYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR3A4T7iKeVKCKYqgtB4TCtTF9+z
HIc64dMIQJkpUP+jBNdiFqcMJtcuGmwZLI/QAnoNnMIw86cwCDVL3JCunZjwKvvA
arjsaqfYlhYuhNMY12IPcOm4+I3ulaPnnd3aKJw+Qd75VJTsRPHd9xgLth9UuL2C
CUL1xbZMtDN+43dsgwrNRpQZMjPfFzbe+UIZEGbCQjXOSO6nAYpEzh634hJFyOki
94z5cmIYx6j5CTImG0qI2sMQLuLR+KnpK2F0fppUmxBx5UlcJYBTRDgSz8t7yqep
PZpWNEBCDIF9ShUsqtkvPFb0U7b3J/r7fAhCnjDi6ri5lmNlyCmb/c/4gwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLYiVvohEw5PGbN/whCEaiT7rCoaMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdGlKVy1pRVREazhaczNfQ0VJUnFKUHVzS2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQATo7yAwQA
wRNqAwQAwgScMA0GCSqGSIb3DQEBCwUAA4IBAQBSiSMP242Hs3+dsshYAE4dfrh1
lrRia4vPhpJ9Iw67Cs9lKaQGGKS0hTdfjMDJb6r3E0C+vjAucxl1dKlQ/R2VFaqi
XJ2zM7f4hu64SLC/Aakz+AGINFTP71GKLWadwRB+lCiY8Piocp9/lzKlu2Yh52C8
UOW9BkqhQA1PrnfAA+4D4/eATubcpVxGqy5k+oOSgsGvaORD8BDfjY+48dc8J0U9
Nj7MPgkwxVsy9O9gPzXpNEqfGYAzlMS0aIrw81J8FlSoearkZ2woSBwP8010/r5e
o1GHvQ9b+8axSwp1ObZpwdksFmzOM9EHdmWhJNa6Wn8MPNF/ZcJGAsFvi2um
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org