Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/11S9dW-S7tgmzsDadQSqLyzvZ58.roa
File: 11S9dW-S7tgmzsDadQSqLyzvZ58.roa (raw, json)
Hash identifier: ex6zY5aylPzJB8pHh20epSBj1imvlfEqAitTowdko9s=
Subject key identifier: D7:54:BD:75:6F:92:EE:D8:26:CE:C0:DA:75:04:AA:2F:2C:EF:67:9F
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0185B39601CD40F0A1A5B5C6B47A407A9BB3
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/11S9dW-S7tgmzsDadQSqLyzvZ58.roa
Signing time: Sun 15 Jan 2023 04:00:30 +0000
ROA not before: Sun 15 Jan 2023 04:00:30 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212238
IP address blocks: 194.5.85.0/24 maxlen: 24
45.154.24.0/22 maxlen: 22
45.12.172.0/22 maxlen: 22
193.19.108.0/24 maxlen: 24
45.248.144.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:b3:96:01:cd:40:f0:a1:a5:b5:c6:b4:7a:40:7a:9b:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 15 04:00:30 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d754bd756f92eed826cec0da7504aa2f2cef679f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:7a:78:ca:b7:f0:31:12:6f:bd:90:c8:93:74:
0b:cf:14:3c:0d:f2:51:74:6f:88:d6:32:71:11:7e:
3f:0b:21:41:17:e5:88:26:c4:c6:20:52:a8:b0:0a:
ce:f2:d9:ac:d2:31:85:07:b0:3e:58:b4:ac:90:b6:
5d:79:56:31:83:a0:67:4e:cd:a7:50:61:d0:1d:fd:
98:68:0e:d7:ac:95:5f:f5:8f:12:a9:d1:6f:7b:39:
fe:c1:e0:b8:4c:3e:e6:5a:f0:a8:28:bb:5f:18:3a:
1c:e3:58:4d:fc:fa:22:be:0c:5b:c9:e9:b1:32:0d:
8f:4d:2b:c7:e8:f8:39:de:99:46:ad:f5:36:a8:5b:
c5:d4:2b:7f:3f:c6:cf:00:bd:0e:57:da:fe:ff:33:
5c:ac:a3:92:42:85:b7:28:32:ec:6c:0f:33:7c:9e:
62:ba:17:70:9b:12:ac:55:88:ba:fd:01:60:e1:3d:
b8:4c:5d:da:f5:dd:58:0b:88:40:3a:94:62:04:ca:
2b:f3:0a:67:77:72:cf:21:21:8b:bf:36:9a:d9:fb:
a5:58:83:b7:9b:2d:d3:09:29:86:47:d4:89:ef:df:
5c:0a:c8:fb:82:da:06:22:77:4e:d9:70:39:b7:b1:
11:4c:be:f3:f8:a7:7f:ff:f4:c2:30:2c:c8:d1:5a:
ec:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:54:BD:75:6F:92:EE:D8:26:CE:C0:DA:75:04:AA:2F:2C:EF:67:9F
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/11S9dW-S7tgmzsDadQSqLyzvZ58.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.172.0/22
45.154.24.0/22
45.248.144.0/22
193.19.108.0/24
194.5.85.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:57:58:2e:fc:e3:d5:32:d2:cd:f4:54:8c:95:49:fa:c6:91:
51:08:18:5a:a2:85:98:63:ba:04:62:2c:1b:da:a8:c9:3d:93:
61:13:34:f2:e1:47:e4:22:f6:9a:a1:cd:7d:9c:de:7b:55:8e:
ce:1d:06:e3:5f:1e:7c:a6:91:b2:ea:d9:a1:26:5a:6b:4a:85:
41:2a:a8:7e:7c:e8:be:19:b0:2a:2b:d4:9c:71:f1:1d:60:d4:
4a:40:c1:3e:5c:44:19:6b:2c:82:bd:ea:bf:c9:47:9b:66:5a:
d9:46:a5:4f:2b:0f:b8:cd:78:8a:de:63:45:9e:5e:05:01:2e:
65:8c:14:5b:e8:20:7d:48:69:58:ba:04:71:5b:79:27:3c:0b:
df:3d:c8:eb:9f:ad:9e:7f:4a:1a:08:c9:68:f2:c3:7f:e7:6d:
3f:3f:05:4a:b7:55:bb:6a:04:4d:3d:28:46:8c:f5:e6:84:3f:
80:04:38:da:0d:21:2b:55:61:35:2a:30:df:b4:83:96:d1:f9:
fb:f1:ef:e1:83:61:ec:0a:99:2a:a0:84:d2:ff:39:bd:fb:81:
60:c9:9f:3c:e0:64:ea:02:44:52:8d:b0:9e:f7:74:77:98:37:
5c:ba:af:e5:d7:e8:f1:69:45:56:02:47:8e:3a:3c:6b:b9:cf:
e9:5d:99:03
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYWzlgHNQPChpbXGtHpAepuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTE1MDQwMDMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzU0YmQ3NTZmOTJlZWQ4MjZjZWMwZGE3NTA0YWEyZjJjZWY2NzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnp4yrfwMRJvvZDIk3QLzxQ8DfJR
dG+I1jJxEX4/CyFBF+WIJsTGIFKosArO8tms0jGFB7A+WLSskLZdeVYxg6BnTs2n
UGHQHf2YaA7XrJVf9Y8SqdFvezn+weC4TD7mWvCoKLtfGDoc41hN/Poivgxbyemx
Mg2PTSvH6Pg53plGrfU2qFvF1Ct/P8bPAL0OV9r+/zNcrKOSQoW3KDLsbA8zfJ5i
uhdwmxKsVYi6/QFg4T24TF3a9d1YC4hAOpRiBMor8wpnd3LPISGLvzaa2fulWIO3
my3TCSmGR9SJ799cCsj7gtoGIndO2XA5t7ERTL7z+Kd///TCMCzI0VrshwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNdUvXVvku7YJs7A2nUEqi8s72efMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMTFTOWRXLVM3dGdtenNEYWRRU3FMeXp2WjU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCLQysAwQC
LZoYAwQCLfiQAwQAwRNsAwQAwgVVMA0GCSqGSIb3DQEBCwUAA4IBAQBLV1gu/OPV
MtLN9FSMlUn6xpFRCBhaooWYY7oEYiwb2qjJPZNhEzTy4UfkIvaaoc19nN57VY7O
HQbjXx58ppGy6tmhJlprSoVBKqh+fOi+GbAqK9SccfEdYNRKQME+XEQZayyCveq/
yUebZlrZRqVPKw+4zXiK3mNFnl4FAS5ljBRb6CB9SGlYugRxW3knPAvfPcjrn62e
f0oaCMlo8sN/520/PwVKt1W7agRNPShGjPXmhD+ABDjaDSErVWE1KjDftIOW0fn7
8e/hg2HsCpkqoITS/zm9+4FgyZ884GTqAkRSjbCe93R3mDdcuq/l1+jxaUVWAkeO
Ojxruc/pXZkD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org