Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xwQYAPfpd3ulDKkLyogurqlX-O0.roa
File: xwQYAPfpd3ulDKkLyogurqlX-O0.roa (raw, json)
Hash identifier: mhl9a90+7FAyXA41dxrfptpby/TS0D9r0GUPIxKxyrA=
Subject key identifier: C7:04:18:00:F7:E9:77:7B:A5:0C:A9:0B:CA:88:2E:AE:A9:57:F8:ED
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01873BBADE8622DB46E8FE972071D41BEC93
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xwQYAPfpd3ulDKkLyogurqlX-O0.roa
Signing time: Sat 01 Apr 2023 07:31:55 +0000
ROA not before: Sat 01 Apr 2023 07:31:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 135752
IP address blocks: 178.239.203.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:3b:ba:de:86:22:db:46:e8:fe:97:20:71:d4:1b:ec:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 1 07:31:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c7041800f7e9777ba50ca90bca882eaea957f8ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:58:2f:21:ce:36:e1:e7:14:d8:5e:f3:9b:44:
54:a9:ed:0c:9d:fe:47:b6:52:3f:ee:55:78:40:1e:
e3:21:4a:a8:93:06:1c:50:28:9a:c3:f5:cf:d2:55:
89:1a:14:ba:39:dd:f4:3b:b2:07:7c:55:94:ee:b1:
1c:27:19:34:49:3b:0d:3c:73:f1:16:e0:b9:b2:f1:
98:dc:f9:3d:41:e0:90:9e:34:35:eb:65:9b:3e:62:
a8:68:e4:1b:1c:88:62:ea:5b:2f:29:16:f1:b2:83:
f6:a4:4a:31:bd:c8:b8:1d:6e:2d:0a:30:8f:6b:7b:
df:de:17:4d:6a:86:38:7d:27:64:e4:06:90:f2:d2:
60:24:b1:d8:22:db:70:44:79:fa:be:ea:79:22:5f:
f7:e3:e9:91:33:0a:6e:03:14:c5:f1:66:2a:fc:4a:
87:1f:ad:e3:de:f8:57:97:ad:b4:36:18:ea:a6:7d:
17:17:5a:5c:92:76:0d:75:7c:df:4c:97:2c:1f:34:
89:fd:8d:0b:21:9f:0e:5a:f4:82:0b:14:1b:7f:4b:
3f:e7:7b:07:58:2b:85:c2:a8:18:7b:23:63:0b:98:
69:ac:f7:a5:03:58:2a:fc:ab:0b:49:2e:e0:2f:2f:
64:f4:9c:f8:93:13:5a:11:5a:f6:71:9f:00:53:11:
a2:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:04:18:00:F7:E9:77:7B:A5:0C:A9:0B:CA:88:2E:AE:A9:57:F8:ED
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xwQYAPfpd3ulDKkLyogurqlX-O0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.160.0/24
178.239.203.0/24
Signature Algorithm: sha256WithRSAEncryption
95:b5:64:5b:ff:06:42:42:c1:b9:c6:9d:a3:94:34:3c:c0:1f:
a0:f4:1d:98:27:59:fb:f0:ba:ca:1d:38:ac:4c:5f:7f:16:7e:
df:b1:56:95:c3:83:59:f1:af:68:16:1b:c1:04:52:3e:ca:5c:
b2:6f:43:24:a6:b3:81:91:26:56:a1:2b:89:75:d7:b5:87:d2:
20:dc:5b:b2:22:13:85:de:56:8b:ab:1e:1e:e8:79:95:72:df:
63:17:5b:3b:a3:65:9e:07:c3:97:0b:57:ef:e4:7d:ae:2b:94:
45:eb:a1:9c:ac:09:b7:67:c7:a0:90:9b:6a:e2:27:14:94:f6:
20:bb:2f:d1:6e:12:75:69:6b:24:66:c8:2b:5c:08:72:78:e3:
5d:f6:c2:e6:44:a0:3f:d3:14:8a:bc:cb:0b:02:e4:8e:5a:57:
4a:8e:f2:29:21:34:f8:1e:d9:9d:ec:2d:de:9d:74:9d:0d:05:
6a:5e:5d:3a:ee:20:70:ac:b6:e0:9d:e6:e0:38:a9:e2:df:5c:
5b:90:e3:a1:75:af:e9:da:39:42:4a:09:e7:bb:aa:86:16:f3:
a9:85:b4:be:2b:0e:8e:1f:1f:bd:27:67:3b:12:26:29:df:5e:
96:a9:6e:08:9d:bf:d6:b8:6f:28:83:1a:10:8d:bc:9c:90:26:
20:ee:41:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYc7ut6GIttG6P6XIHHUG+yTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDAxMDczMTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzA0MTgwMGY3ZTk3NzdiYTUwY2E5MGJjYTg4MmVhZWE5NTdmOGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVgvIc424ecU2F7zm0RUqe0Mnf5H
tlI/7lV4QB7jIUqokwYcUCiaw/XP0lWJGhS6Od30O7IHfFWU7rEcJxk0STsNPHPx
FuC5svGY3Pk9QeCQnjQ162WbPmKoaOQbHIhi6lsvKRbxsoP2pEoxvci4HW4tCjCP
a3vf3hdNaoY4fSdk5AaQ8tJgJLHYIttwRHn6vup5Il/34+mRMwpuAxTF8WYq/EqH
H63j3vhXl620Nhjqpn0XF1pcknYNdXzfTJcsHzSJ/Y0LIZ8OWvSCCxQbf0s/53sH
WCuFwqgYeyNjC5hprPelA1gq/KsLSS7gLy9k9Jz4kxNaEVr2cZ8AUxGirQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMcEGAD36Xd7pQypC8qILq6pV/jtMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEveHdRWUFQZnBkM3VsREtrTHlvZ3VycWxYLU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSigAwQA
su/LMA0GCSqGSIb3DQEBCwUAA4IBAQCVtWRb/wZCQsG5xp2jlDQ8wB+g9B2YJ1n7
8LrKHTisTF9/Fn7fsVaVw4NZ8a9oFhvBBFI+ylyyb0MkprOBkSZWoSuJdde1h9Ig
3FuyIhOF3laLqx4e6HmVct9jF1s7o2WeB8OXC1fv5H2uK5RF66GcrAm3Z8egkJtq
4icUlPYguy/RbhJ1aWskZsgrXAhyeONd9sLmRKA/0xSKvMsLAuSOWldKjvIpITT4
Htmd7C3enXSdDQVqXl067iBwrLbgnebgOKni31xbkOOhda/p2jlCSgnnu6qGFvOp
hbS+Kw6OHx+9J2c7EiYp316WqW4Inb/WuG8ogxoQjbyckCYg7kHA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:49 2024 by rpki-client on console-fra.rpki-client.org