Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zFk0fkk-G9mjtfVE3AseZRM0Ytw.roa
File: zFk0fkk-G9mjtfVE3AseZRM0Ytw.roa (raw, json)
Hash identifier: HLKkd8pnzbGJVzSC1pjXAqO0U8Yf0fUrjQ7W6qHAZgk=
Subject key identifier: CC:59:34:7E:49:3E:1B:D9:A3:B5:F5:44:DC:0B:1E:65:13:34:62:DC
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018692D8CA774AFBD7D9C7D90DB27019B051
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zFk0fkk-G9mjtfVE3AseZRM0Ytw.roa
Signing time: Mon 27 Feb 2023 12:28:46 +0000
ROA not before: Mon 27 Feb 2023 12:28:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200482
IP address blocks: 178.239.200.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.128.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
89.43.209.0/24 maxlen: 24
223.27.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:92:d8:ca:77:4a:fb:d7:d9:c7:d9:0d:b2:70:19:b0:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 27 12:28:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cc59347e493e1bd9a3b5f544dc0b1e65133462dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:6f:20:18:7b:af:07:31:f4:94:42:60:88:5e:
22:db:15:b2:05:80:5c:f6:74:02:92:be:f3:13:eb:
0d:69:1f:22:96:30:4c:fb:b0:2f:28:8e:d4:76:38:
08:f3:f7:71:bf:65:7c:d1:7f:ad:db:cd:99:af:cd:
bc:d5:48:ea:39:55:86:ea:7d:4e:a1:be:81:be:6a:
aa:43:85:47:66:c4:94:7f:bc:35:fc:1b:48:ee:f9:
7e:4d:ee:c8:50:f4:74:02:cc:d2:33:72:b5:97:2f:
61:45:bf:e6:d2:ef:fe:1e:5a:cd:33:3e:44:34:2a:
9f:97:62:0b:66:f5:ce:a2:47:bc:95:28:be:1a:62:
ae:94:16:b7:97:4a:12:96:ea:ae:f5:2a:82:c9:08:
1d:72:d4:78:f2:44:64:55:33:57:97:b4:bb:d3:d2:
e1:d0:40:29:f3:07:2b:57:c1:8d:ff:86:fc:a0:fa:
a3:72:67:9f:c6:4a:ba:d6:93:1f:69:25:f5:80:b8:
29:5e:bf:6c:f6:57:cd:cc:e8:3f:80:b0:92:cf:bd:
89:93:0f:a0:0c:3f:4f:38:e5:de:d1:c4:04:78:6b:
ee:e0:d3:3f:41:72:00:d2:79:9a:90:01:a3:19:ae:
7d:2f:13:83:cc:af:10:1b:fd:5c:74:67:bf:6f:12:
88:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:59:34:7E:49:3E:1B:D9:A3:B5:F5:44:DC:0B:1E:65:13:34:62:DC
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zFk0fkk-G9mjtfVE3AseZRM0Ytw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.197.128.0/24
62.197.132.0/24
89.43.209.0/24
89.43.211.0/24
178.239.200.0/24
223.27.114.0/24
Signature Algorithm: sha256WithRSAEncryption
11:d4:b1:df:9b:ca:c0:b4:b5:3a:4c:ce:a4:00:64:75:5c:f2:
14:22:2c:45:09:d0:45:76:96:b9:2d:87:5f:ad:ad:4d:3e:35:
33:5a:69:ea:2a:47:68:89:f0:f7:78:5c:a7:78:83:88:37:d9:
52:c8:2a:17:34:05:a9:98:d7:66:dc:ab:26:6f:24:f5:26:7e:
74:2c:7b:12:ea:49:af:f4:18:5b:55:cd:5f:ea:c8:3a:b7:e8:
75:23:4f:d0:a7:e4:15:6d:35:fd:b1:d5:0a:c9:01:3c:ee:f3:
13:0c:ff:c1:e2:bb:93:1a:47:08:c0:8e:6b:76:ce:88:b1:0a:
67:87:b4:28:dc:a0:84:f8:09:08:09:43:94:cb:6a:b2:3b:bf:
10:39:d7:67:27:3b:93:8e:6e:18:24:d0:2f:02:b1:44:a5:22:
c5:c2:ed:52:c0:4c:29:15:1a:9e:20:7f:bf:ce:c9:a8:17:16:
f2:7f:dc:d7:52:fb:45:74:2f:4e:7e:df:f9:ef:38:62:03:b0:
2b:f2:9b:16:9c:d9:f9:d4:1c:bd:c2:a1:7e:88:7e:54:ae:5b:
31:db:9d:f3:8b:79:27:cf:ba:f9:ba:bb:5c:1e:90:19:a3:9b:
dc:46:37:e5:79:86:ec:af:69:02:d9:29:ce:61:3f:54:56:75:
7d:39:cf:8d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYaS2Mp3SvvX2cfZDbJwGbBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjI3MTIyODQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzU5MzQ3ZTQ5M2UxYmQ5YTNiNWY1NDRkYzBiMWU2NTEzMzQ2MmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm8gGHuvBzH0lEJgiF4i2xWyBYBc
9nQCkr7zE+sNaR8iljBM+7AvKI7UdjgI8/dxv2V80X+t282Zr8281UjqOVWG6n1O
ob6BvmqqQ4VHZsSUf7w1/BtI7vl+Te7IUPR0AszSM3K1ly9hRb/m0u/+HlrNMz5E
NCqfl2ILZvXOoke8lSi+GmKulBa3l0oSluqu9SqCyQgdctR48kRkVTNXl7S709Lh
0EAp8wcrV8GN/4b8oPqjcmefxkq61pMfaSX1gLgpXr9s9lfNzOg/gLCSz72Jkw+g
DD9POOXe0cQEeGvu4NM/QXIA0nmakAGjGa59LxODzK8QG/1cdGe/bxKI+wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMxZNH5JPhvZo7X1RNwLHmUTNGLcMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvekZrMGZray1HOW1qdGZWRTNBc2VaUk0wWXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAPsWAAwQA
PsWEAwQAWSvRAwQAWSvTAwQAsu/IAwQA3xtyMA0GCSqGSIb3DQEBCwUAA4IBAQAR
1LHfm8rAtLU6TM6kAGR1XPIUIixFCdBFdpa5LYdfra1NPjUzWmnqKkdoifD3eFyn
eIOIN9lSyCoXNAWpmNdm3KsmbyT1Jn50LHsS6kmv9BhbVc1f6sg6t+h1I0/Qp+QV
bTX9sdUKyQE87vMTDP/B4ruTGkcIwI5rds6IsQpnh7Qo3KCE+AkICUOUy2qyO78Q
OddnJzuTjm4YJNAvArFEpSLFwu1SwEwpFRqeIH+/zsmoFxbyf9zXUvtFdC9Oft/5
7zhiA7Ar8psWnNn51By9wqF+iH5Urlsx253zi3knz7r5urtcHpAZo5vcRjfleYbs
r2kC2SnOYT9UVnV9Oc+N
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org