Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zUhq_6YZzEnmx8jWfMDhVveOUQw.roa
File: zUhq_6YZzEnmx8jWfMDhVveOUQw.roa (raw, json)
Hash identifier: 6GpPtDOrYfigVt0rUnc/ef/KW+2RmFfmJ7JBMJpGXZA=
Subject key identifier: CD:48:6A:FF:A6:19:CC:49:E6:C7:C8:D6:7C:C0:E1:56:F7:8E:51:0C
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187DFF53C08202CD0868250BDC482A33F22
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zUhq_6YZzEnmx8jWfMDhVveOUQw.roa
Signing time: Wed 03 May 2023 04:53:23 +0000
ROA not before: Wed 03 May 2023 04:53:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200482
IP address blocks: 178.239.200.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:df:f5:3c:08:20:2c:d0:86:82:50:bd:c4:82:a3:3f:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 3 04:53:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cd486affa619cc49e6c7c8d67cc0e156f78e510c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:38:0f:d8:02:12:e6:6f:60:92:d9:01:af:d0:
89:98:4a:a3:75:e5:6b:0b:70:f9:b1:0b:81:c8:26:
9f:15:dd:f4:aa:b9:90:fe:d4:00:6b:10:59:eb:3f:
7e:d1:cf:eb:b3:89:73:9d:bb:0a:06:db:d7:bd:6a:
20:5d:12:31:dc:9f:f2:a9:11:c4:fd:55:2b:f7:27:
22:0c:25:e0:86:14:18:d7:62:c3:03:d8:3d:61:f8:
07:ab:b8:4b:8a:99:b8:b7:88:61:40:7e:9a:2d:03:
ac:f5:fe:eb:e0:75:72:ce:de:1e:e4:0b:95:3a:9b:
ea:23:98:09:c6:7d:cb:e0:5f:97:65:f1:2e:1c:87:
36:6e:73:52:52:7f:c0:13:a6:ad:be:c8:94:6c:92:
5f:cc:c9:1f:f2:24:7d:66:9a:0f:06:bc:5d:67:85:
27:eb:55:fa:f2:4b:93:32:c2:c6:44:a7:c9:31:63:
fd:48:64:67:3e:62:45:3d:d2:36:c9:b8:0d:09:17:
2e:5e:33:1d:2c:76:93:3b:ce:a4:e9:b8:2e:cf:92:
dd:e3:84:ae:87:3c:1b:ed:a1:33:24:ec:cc:ef:fa:
8c:60:40:53:ea:da:d6:5e:e9:f2:f5:b5:6b:44:86:
96:a7:25:00:33:02:0a:3e:1d:46:2a:62:f4:69:75:
a4:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:48:6A:FF:A6:19:CC:49:E6:C7:C8:D6:7C:C0:E1:56:F7:8E:51:0C
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zUhq_6YZzEnmx8jWfMDhVveOUQw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.197.132.0/24
91.209.12.0/24
103.205.25.0/24
178.239.193.0-178.239.194.255
178.239.200.0/24
185.229.105.0/24
185.245.236.0/24
Signature Algorithm: sha256WithRSAEncryption
24:e6:9c:9b:8e:28:20:f6:ab:c6:a3:2c:68:05:63:9f:67:4f:
81:45:dc:03:5a:12:01:98:b4:0e:b0:fc:fb:23:a4:76:63:8e:
66:72:d0:7a:75:67:c2:a9:b1:b5:c4:a4:1f:e1:fd:e4:9e:53:
82:4b:b9:9e:d0:c7:d5:0c:93:f9:48:e3:f5:c9:5c:0e:e9:15:
54:1d:1a:f1:fc:43:6f:5d:17:2c:a7:fe:35:ed:4f:a7:6c:29:
64:52:18:98:fc:85:32:2d:4e:b9:29:2f:8a:30:b5:29:12:56:
10:79:1a:b9:b1:1f:9f:c0:ff:7d:6d:10:ff:7f:88:a4:dd:1c:
40:b2:01:95:2a:ee:91:52:85:27:88:66:bd:5a:24:76:ef:4f:
07:7d:03:20:30:9a:45:f3:44:01:6f:50:5c:2c:3d:1f:ef:98:
87:7f:22:c0:c1:8b:55:64:f0:76:b6:65:0b:fa:ee:a5:0c:e7:
52:b2:73:a1:c6:d0:db:74:09:b6:80:ca:d9:a0:a6:db:1a:17:
ad:c6:08:b7:7e:8b:a4:9e:6f:aa:97:bd:f2:11:94:57:9e:6f:
69:7e:68:76:71:f4:30:29:03:e1:d3:87:7f:c1:da:cf:16:ff:
98:38:e6:fa:25:ff:ad:f2:c9:03:4b:e5:f9:87:b2:1c:da:0a:
5f:97:1a:a3
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYff9TwIICzQhoJQvcSCoz8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTAzMDQ1MzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQ4NmFmZmE2MTljYzQ5ZTZjN2M4ZDY3Y2MwZTE1NmY3OGU1MTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzgP2AIS5m9gktkBr9CJmEqjdeVr
C3D5sQuByCafFd30qrmQ/tQAaxBZ6z9+0c/rs4lznbsKBtvXvWogXRIx3J/yqRHE
/VUr9yciDCXghhQY12LDA9g9YfgHq7hLipm4t4hhQH6aLQOs9f7r4HVyzt4e5AuV
OpvqI5gJxn3L4F+XZfEuHIc2bnNSUn/AE6atvsiUbJJfzMkf8iR9ZpoPBrxdZ4Un
61X68kuTMsLGRKfJMWP9SGRnPmJFPdI2ybgNCRcuXjMdLHaTO86k6bguz5Ld44Su
hzwb7aEzJOzM7/qMYEBT6trWXuny9bVrRIaWpyUAMwIKPh1GKmL0aXWkKQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFM1Iav+mGcxJ5sfI1nzA4Vb3jlEMMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvelVocV82WVp6RW5teDhqV2ZNRGhWdmVPVVF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAPsWEAwQA
W9EMAwQAZ80ZMAwDBACy78EDBACy78IDBACy78gDBAC55WkDBAC59ewwDQYJKoZI
hvcNAQELBQADggEBACTmnJuOKCD2q8ajLGgFY59nT4FF3ANaEgGYtA6w/PsjpHZj
jmZy0Hp1Z8KpsbXEpB/h/eSeU4JLuZ7Qx9UMk/lI4/XJXA7pFVQdGvH8Q29dFyyn
/jXtT6dsKWRSGJj8hTItTrkpL4owtSkSVhB5GrmxH5/A/31tEP9/iKTdHECyAZUq
7pFShSeIZr1aJHbvTwd9AyAwmkXzRAFvUFwsPR/vmId/IsDBi1Vk8Ha2ZQv67qUM
51Kyc6HG0Nt0CbaAytmgptsaF63GCLd+i6Seb6qXvfIRlFeeb2l+aHZx9DApA+HT
h3/B2s8W/5g45vol/63yyQNL5fmHshzaCl+XGqM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:49 2024 by rpki-client on console-fra.rpki-client.org