Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7WiMEAX6_m2M9kS8DzeuzpNa5lE.roa
File: 7WiMEAX6_m2M9kS8DzeuzpNa5lE.roa (raw, json)
Hash identifier: K9fy7vSnjbhS1jUQ8Pld64VZDBlnaallIpX8vqi5kKc=
Subject key identifier: ED:68:8C:10:05:FA:FE:6D:8C:F6:44:BC:0F:37:AE:CE:93:5A:E6:51
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187242B18B4EEBB873E178097BA4EE409E6
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7WiMEAX6_m2M9kS8DzeuzpNa5lE.roa
Signing time: Mon 27 Mar 2023 17:43:36 +0000
ROA not before: Mon 27 Mar 2023 17:43:36 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 185.121.231.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.159.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:24:2b:18:b4:ee:bb:87:3e:17:80:97:ba:4e:e4:09:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 27 17:43:36 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ed688c1005fafe6d8cf644bc0f37aece935ae651
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:8d:98:d3:ee:93:da:75:6d:de:80:65:f9:5b:
e5:6f:71:29:cf:10:d3:57:a6:d3:d6:d8:42:f7:4b:
b4:02:dd:0c:95:fe:7f:aa:cd:a7:d2:ee:db:b3:e7:
03:13:96:1a:6b:3d:97:6e:5c:46:0c:d9:fa:af:a3:
f1:69:53:de:b8:75:9c:ca:9a:c7:3c:1c:dd:99:df:
35:50:cb:e8:36:fb:c6:80:bd:9e:14:26:38:77:c1:
d9:b4:c5:be:25:9b:ca:a1:bd:52:6a:d6:a5:64:32:
01:00:36:fe:46:c1:26:3d:47:aa:00:a0:6c:fe:0d:
a5:93:8c:a1:f2:1b:34:94:bf:c1:9a:7e:34:81:77:
26:c6:75:1c:e8:14:f6:9e:8c:60:a3:73:dc:ee:17:
2f:3f:be:cc:be:02:ea:a6:f0:30:7d:4b:4e:9e:0c:
4c:12:f1:c2:d8:30:21:1d:92:02:f2:2f:2d:d4:a9:
fa:af:08:2b:9b:82:39:8c:b7:83:3b:62:b1:e3:36:
a0:2d:15:b1:07:a9:8f:d0:37:8b:5d:97:e9:e8:68:
01:54:3a:4d:f3:db:49:50:df:32:b3:46:f5:cf:ba:
f9:3f:d2:bf:4c:5f:f5:09:3d:50:b2:03:26:0c:c6:
b9:81:29:69:fc:12:e7:68:25:2b:75:bb:3f:c3:47:
93:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:68:8C:10:05:FA:FE:6D:8C:F6:44:BC:0F:37:AE:CE:93:5A:E6:51
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7WiMEAX6_m2M9kS8DzeuzpNa5lE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
77.75.60.0/24
89.43.208.0/24
185.121.231.0/24
185.229.104.0/24
185.230.248.0/24
194.4.157.0/24
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
6f:a7:e0:2c:c3:98:fa:34:72:72:b8:80:7c:f0:f8:7c:66:96:
0f:d3:12:f0:1c:c9:34:17:d5:69:a5:b1:8a:67:29:36:19:75:
66:c8:cc:43:27:97:b4:51:f2:17:b4:2c:eb:3d:af:35:af:4a:
95:42:8c:6e:40:ca:e3:16:bf:e6:8b:12:15:4f:a3:fc:41:cd:
cc:33:51:94:80:37:24:78:48:ce:45:e2:6e:2c:d1:43:54:6a:
d8:7c:a3:ad:1c:b8:34:d0:da:51:0c:06:6f:15:61:de:3d:55:
d7:ab:ce:01:2c:d4:08:e7:4d:69:8f:35:7e:d4:fd:80:de:87:
90:1e:71:10:10:f7:76:a5:6b:bc:b7:15:9c:14:7c:70:2a:a3:
72:d1:ce:12:0b:32:43:19:60:70:29:02:c8:4a:6b:e2:5d:5f:
8e:0b:3b:0b:21:fc:af:7e:a7:7e:84:e5:60:67:50:a0:b6:85:
20:a7:3f:ea:95:b3:f6:77:f8:83:b0:1e:be:07:53:10:1a:a9:
ef:7b:7a:0c:77:c2:79:3d:6f:10:f3:8a:1f:32:d8:d0:bf:8f:
0b:9d:81:11:23:a1:b2:e1:b3:7c:8d:23:08:ed:f9:4c:5b:80:
af:f8:0d:2e:f7:c5:91:eb:99:d1:9b:66:c5:e0:cd:fa:0f:0d:
60:77:fb:14
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYckKxi07ruHPheAl7pO5AnmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI3MTc0MzM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDY4OGMxMDA1ZmFmZTZkOGNmNjQ0YmMwZjM3YWVjZTkzNWFlNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho2Y0+6T2nVt3oBl+Vvlb3EpzxDT
V6bT1thC90u0At0Mlf5/qs2n0u7bs+cDE5Yaaz2XblxGDNn6r6PxaVPeuHWcyprH
PBzdmd81UMvoNvvGgL2eFCY4d8HZtMW+JZvKob1SatalZDIBADb+RsEmPUeqAKBs
/g2lk4yh8hs0lL/Bmn40gXcmxnUc6BT2noxgo3Pc7hcvP77MvgLqpvAwfUtOngxM
EvHC2DAhHZIC8i8t1Kn6rwgrm4I5jLeDO2Kx4zagLRWxB6mP0DeLXZfp6GgBVDpN
89tJUN8ys0b1z7r5P9K/TF/1CT1QsgMmDMa5gSlp/BLnaCUrdbs/w0eTJwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFO1ojBAF+v5tjPZEvA83rs6TWuZRMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvN1dpTUVBWDZfbTJNOWtTOER6ZXV6cE5hNWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALZ+YAwQA
TUs8AwQAWSvQAwQAuXnnAwQAueVoAwQAueb4AwQAwgSdAwQAwgSfAwQAywAIAwQA
1SD5MA0GCSqGSIb3DQEBCwUAA4IBAQBvp+Asw5j6NHJyuIB88Ph8ZpYP0xLwHMk0
F9VppbGKZyk2GXVmyMxDJ5e0UfIXtCzrPa81r0qVQoxuQMrjFr/mixIVT6P8Qc3M
M1GUgDckeEjOReJuLNFDVGrYfKOtHLg00NpRDAZvFWHePVXXq84BLNQI501pjzV+
1P2A3oeQHnEQEPd2pWu8txWcFHxwKqNy0c4SCzJDGWBwKQLISmviXV+OCzsLIfyv
fqd+hOVgZ1CgtoUgpz/qlbP2d/iDsB6+B1MQGqnve3oMd8J5PW8Q84ofMtjQv48L
nYERI6Gy4bN8jSMI7flMW4Cv+A0u98WR65nRm2bF4M36Dw1gd/sU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org