Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/4pSsktF3J1yUNsppQMHOTWMwVl0.roa
File: 4pSsktF3J1yUNsppQMHOTWMwVl0.roa (raw, json)
Hash identifier: vUEPFpZdTHokSA1I0DUwOPJqeYYbHIlGr0802ljXrZ8=
Subject key identifier: E2:94:AC:92:D1:77:27:5C:94:36:CA:69:40:C1:CE:4D:63:30:56:5D
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188B46A941C35B4B233D524D63902D75BD7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/4pSsktF3J1yUNsppQMHOTWMwVl0.roa
Signing time: Tue 13 Jun 2023 11:01:03 +0000
ROA not before: Tue 13 Jun 2023 11:01:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 193.19.106.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
193.42.52.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.9.54.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.115.146.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
77.75.63.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
185.115.144.0/23 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.210.0/23 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.228.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
178.239.192.0/23 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b4:6a:94:1c:35:b4:b2:33:d5:24:d6:39:02:d7:5b:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 13 11:01:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e294ac92d177275c9436ca6940c1ce4d6330565d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:8d:c1:64:05:3e:2a:e3:d6:39:3a:17:c4:4e:
7b:9d:48:67:05:cd:9f:41:05:a6:da:bd:e8:c9:24:
93:0b:95:46:6a:de:a6:d9:44:48:56:28:c6:ca:6f:
e6:3e:16:a3:e4:80:dc:fd:fd:84:ba:3d:57:2d:4b:
f0:e8:80:7d:08:c6:6b:48:fb:1e:0f:d0:c2:e6:67:
c1:87:2b:e8:0a:41:a1:77:b1:10:2f:51:aa:1a:06:
93:31:94:1f:3d:7d:6e:8c:ee:56:90:2f:2a:8a:c1:
d3:d5:8a:f3:e5:d9:71:ff:56:59:f4:0d:94:32:9f:
46:c9:ad:51:01:bd:26:99:f7:50:a5:04:06:90:3a:
f1:13:4b:77:b6:18:d9:d6:5b:0e:60:06:a3:c2:c2:
6b:37:8f:03:b4:c3:c4:28:4b:0f:8f:d6:8e:cd:68:
65:d3:17:de:7d:05:70:b7:dd:df:91:4b:2a:31:a1:
91:8d:cc:e9:02:b4:cc:db:cf:38:cb:be:29:0b:ca:
cc:d1:63:27:6e:38:07:52:89:95:8e:b8:d3:3e:92:
24:b9:94:07:48:e4:48:76:45:f8:e0:ba:cc:a9:16:
fe:9c:f2:07:f5:f5:4c:1e:b7:04:29:72:bb:de:f8:
f3:fc:f0:04:ce:1d:c3:22:dc:35:fb:da:02:da:e8:
72:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:94:AC:92:D1:77:27:5C:94:36:CA:69:40:C1:CE:4D:63:30:56:5D
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/4pSsktF3J1yUNsppQMHOTWMwVl0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
77.75.60.0/24
77.75.62.0/23
78.142.242.0/23
89.43.208.0/24
89.43.210.0/23
103.205.25.0/24
103.205.27.0/24
178.239.192.0-178.239.194.255
178.239.200.0/23
178.239.203.0/24
185.9.54.0/24
185.103.73.0/24
185.115.144.0-185.115.146.255
185.121.228.0/24
185.121.230.0/23
185.229.104.0/22
185.230.248.0-185.230.250.255
185.236.62.0/23
185.245.236.0-185.245.238.255
192.166.212.0/22
193.19.106.0/24
193.42.52.0/24
193.42.54.0/23
194.4.156.0/23
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
43:1c:a1:21:f9:d2:0a:19:ad:90:aa:25:6a:d3:19:ac:98:3c:
8a:50:e1:9b:ce:da:b4:32:28:dd:fa:fd:e4:bc:88:fb:d6:1d:
b4:2d:32:f2:99:8c:b9:77:45:ca:8b:f2:8a:92:35:a4:44:e4:
97:c9:7b:db:4c:24:94:ad:05:38:b2:cc:7e:97:d0:48:97:78:
0f:57:41:01:78:90:11:19:f7:69:63:5a:65:57:bf:6f:93:1e:
86:8d:3e:ac:e5:68:a3:d6:a1:cc:d5:37:6d:6b:7b:de:3a:4f:
3a:2e:86:68:75:e6:96:07:79:8e:9a:ed:41:41:e4:b3:22:3b:
1f:90:38:58:8f:53:ec:42:03:bd:13:36:d3:01:af:af:e9:22:
ba:e9:6a:d9:4f:10:61:b3:b5:5c:f9:1b:d6:a2:bb:f2:7c:b3:
47:9d:02:21:f3:17:3f:22:ee:83:14:cf:8b:5d:21:38:fe:22:
cd:d4:e2:a2:d8:12:4a:68:7b:25:d2:8b:69:48:25:b4:5d:61:
b3:97:da:77:00:d7:70:9c:d4:18:3c:c0:ce:78:a0:a8:00:cd:
71:04:eb:c4:db:00:03:ca:45:46:b0:13:e7:7d:20:84:fb:28:
16:83:98:a2:88:bb:47:34:e4:1e:a1:2a:d7:5f:ca:f3:3a:59:
50:77:dd:71
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAYi0apQcNbSyM9Uk1jkC11vXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjEzMTEwMTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjk0YWM5MmQxNzcyNzVjOTQzNmNhNjk0MGMxY2U0ZDYzMzA1NjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg43BZAU+KuPWOToXxE57nUhnBc2f
QQWm2r3oySSTC5VGat6m2URIVijGym/mPhaj5IDc/f2Euj1XLUvw6IB9CMZrSPse
D9DC5mfBhyvoCkGhd7EQL1GqGgaTMZQfPX1ujO5WkC8qisHT1Yrz5dlx/1ZZ9A2U
Mp9Gya1RAb0mmfdQpQQGkDrxE0t3thjZ1lsOYAajwsJrN48DtMPEKEsPj9aOzWhl
0xfefQVwt93fkUsqMaGRjczpArTM2884y74pC8rM0WMnbjgHUomVjrjTPpIkuZQH
SORIdkX44LrMqRb+nPIH9fVMHrcEKXK73vjz/PAEzh3DItw1+9oC2uhyQwIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFOKUrJLRdydclDbKaUDBzk1jMFZdMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNHBTc2t0RjNKMXlVTnNwcFFNSE9UV013VmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB6QQCAAEwgeIwDAME
Ay2fmAMEAC2fmgMEAD7FhAMEAD7FhwMEAE1LPAMEAU1LPgMEAU6O8gMEAFkr0AME
AVkr0gMEAGfNGQMEAGfNGzAMAwQGsu/AAwQAsu/CAwQBsu/IAwQAsu/LAwQAuQk2
AwQAuWdJMAwDBAS5c5ADBAC5c5IDBAC5eeQDBAG5eeYDBAK55WgwDAMEA7nm+AME
ALnm+gMEAbnsPjAMAwQCufXsAwQAufXuAwQCwKbUAwQAwRNqAwQAwSo0AwQBwSo2
AwQBwgScAwQAwgSfAwQAywAIAwQA1SD5AwQA3xtwMA0GCSqGSIb3DQEBCwUAA4IB
AQBDHKEh+dIKGa2QqiVq0xmsmDyKUOGbztq0Mijd+v3kvIj71h20LTLymYy5d0XK
i/KKkjWkROSXyXvbTCSUrQU4ssx+l9BIl3gPV0EBeJARGfdpY1plV79vkx6GjT6s
5Wij1qHM1Tdta3veOk86LoZodeaWB3mOmu1BQeSzIjsfkDhYj1PsQgO9EzbTAa+v
6SK66WrZTxBhs7Vc+RvWorvyfLNHnQIh8xc/Iu6DFM+LXSE4/iLN1OKi2BJKaHsl
0otpSCW0XWGzl9p3ANdwnNQYPMDOeKCoAM1xBOvE2wADykVGsBPnfSCE+ygWg5ii
iLtHNOQeoSrXX8rzOllQd91x
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:08 2024 by rpki-client on console-ams.rpki-client.org