Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/35AVpzC94U8_V94ZCC3Y4urS7jQ.roa
File: 35AVpzC94U8_V94ZCC3Y4urS7jQ.roa (raw, json)
Hash identifier: 7A0cFc8V88wnwufzIbos/jPHZxKo878b4dUJK77YgVY=
Subject key identifier: DF:90:15:A7:30:BD:E1:4F:3F:57:DE:19:08:2D:D8:E2:EA:D2:EE:34
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01876BE32C47B87151751C2127768D2428D0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/35AVpzC94U8_V94ZCC3Y4urS7jQ.roa
Signing time: Mon 10 Apr 2023 15:57:42 +0000
ROA not before: Mon 10 Apr 2023 15:57:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 78.142.242.0/24 maxlen: 24
78.142.243.0/24 maxlen: 24
185.9.55.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
192.166.208.0/22 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:6b:e3:2c:47:b8:71:51:75:1c:21:27:76:8d:24:28:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 10 15:57:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=df9015a730bde14f3f57de19082dd8e2ead2ee34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:5f:57:59:bd:57:ef:32:8a:dd:25:8b:48:1d:
b3:90:c7:0a:50:c1:64:f8:d3:c9:86:d1:e2:7c:b5:
54:07:99:8d:83:0f:37:a5:19:7f:9a:ea:ce:d5:28:
9c:6b:58:de:2f:62:3b:bf:95:b6:f5:49:bf:44:f9:
bf:b7:04:22:cf:1d:73:3d:d0:18:ce:84:5a:73:27:
d3:bb:6f:a3:bb:b1:d3:f7:eb:d6:1b:73:74:25:bc:
5f:de:8f:80:81:e1:22:a9:95:ca:ee:d6:89:85:ae:
10:5a:33:82:95:e7:46:11:6b:8e:13:43:c6:79:f9:
e2:a3:27:05:9c:30:d9:68:ca:9c:19:d3:24:8c:a8:
60:be:8c:83:81:19:02:24:e3:73:d3:fa:2f:29:05:
8f:b2:c1:d9:4d:85:ca:94:7f:47:7a:9e:89:23:30:
d8:cc:ae:ec:4e:0f:f4:11:08:ea:dd:53:cb:58:46:
49:a4:29:ec:44:26:e2:45:df:ec:ef:71:11:6a:88:
f9:74:25:c1:90:64:0f:16:98:e1:d4:6b:8a:19:39:
1b:46:b5:5b:6a:07:b9:39:2d:9d:cd:54:fb:36:54:
a8:6f:94:62:10:57:4d:fa:25:d3:97:3b:ae:41:09:
1d:34:ab:23:ba:44:ff:a2:50:34:b1:fa:24:01:1a:
6a:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:90:15:A7:30:BD:E1:4F:3F:57:DE:19:08:2D:D8:E2:EA:D2:EE:34
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/35AVpzC94U8_V94ZCC3Y4urS7jQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
78.142.242.0/23
185.9.55.0/24
185.103.75.0/24
192.166.208.0/22
193.19.106.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:dc:ef:90:43:f3:66:d2:b3:68:32:80:8b:73:46:bd:f8:53:
4e:0e:8b:b9:9c:93:88:81:1a:33:0f:2e:92:40:a9:d2:3c:9f:
f5:a9:93:79:c8:c9:f3:4b:dd:73:c2:5c:fe:71:3f:df:03:3d:
45:8c:d4:06:be:ba:7f:c7:da:bb:7d:9f:ed:3f:48:46:2a:0f:
52:ce:59:29:9e:20:e7:61:ea:c5:07:ac:70:96:1a:79:1d:be:
a3:15:a9:54:89:aa:7d:73:0f:c3:4d:9c:f8:9c:5b:67:ac:6b:
97:63:57:7d:81:29:4e:be:56:f0:da:72:a2:2e:1c:05:b4:4d:
32:cd:2d:4a:59:33:3c:19:e4:fe:5e:05:96:39:6a:c1:7e:e6:
7e:6e:be:e9:1f:4c:5e:8e:08:68:1f:a2:a4:b4:f5:b1:30:9d:
58:78:be:59:69:fb:d5:e2:bb:f9:4b:93:f6:4b:ea:a2:bb:0f:
32:4b:6b:40:8f:b0:d7:99:74:f1:fc:e6:04:ff:cc:80:91:20:
88:fe:87:04:13:42:99:47:ac:ad:83:89:d6:29:d0:1e:78:fa:
f3:de:6c:45:db:af:53:68:31:bf:45:57:57:71:e5:98:a9:0e:
ba:7d:f0:4b:f7:ba:32:bb:1d:57:51:23:a4:4a:72:07:0d:64:
b2:d9:fa:1d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYdr4yxHuHFRdRwhJ3aNJCjQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEwMTU1NzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjkwMTVhNzMwYmRlMTRmM2Y1N2RlMTkwODJkZDhlMmVhZDJlZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgl9XWb1X7zKK3SWLSB2zkMcKUMFk
+NPJhtHifLVUB5mNgw83pRl/murO1Sica1jeL2I7v5W29Um/RPm/twQizx1zPdAY
zoRacyfTu2+ju7HT9+vWG3N0Jbxf3o+AgeEiqZXK7taJha4QWjOCledGEWuOE0PG
efnioycFnDDZaMqcGdMkjKhgvoyDgRkCJONz0/ovKQWPssHZTYXKlH9Hep6JIzDY
zK7sTg/0EQjq3VPLWEZJpCnsRCbiRd/s73ERaoj5dCXBkGQPFpjh1GuKGTkbRrVb
age5OS2dzVT7NlSob5RiEFdN+iXTlzuuQQkdNKsjukT/olA0sfokARpqfQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFN+QFacwveFPP1feGQgt2OLq0u40MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMzVBVnB6Qzk0VThfVjk0WkNDM1k0dXJTN2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALZ+YAwQB
To7yAwQAuQk3AwQAuWdLAwQCwKbQAwQAwRNqMA0GCSqGSIb3DQEBCwUAA4IBAQCP
3O+QQ/Nm0rNoMoCLc0a9+FNODou5nJOIgRozDy6SQKnSPJ/1qZN5yMnzS91zwlz+
cT/fAz1FjNQGvrp/x9q7fZ/tP0hGKg9SzlkpniDnYerFB6xwlhp5Hb6jFalUiap9
cw/DTZz4nFtnrGuXY1d9gSlOvlbw2nKiLhwFtE0yzS1KWTM8GeT+XgWWOWrBfuZ+
br7pH0xejghoH6KktPWxMJ1YeL5ZafvV4rv5S5P2S+qiuw8yS2tAj7DXmXTx/OYE
/8yAkSCI/ocEE0KZR6ytg4nWKdAeePrz3mxF269TaDG/RVdXceWYqQ66ffBL97oy
ux1XUSOkSnIHDWSy2fod
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:53 2023 by rpki-client on console-ams.rpki-client.org