Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8_8SkKW0_tVYZP8wNLH5we_d8mg.roa
File: 8_8SkKW0_tVYZP8wNLH5we_d8mg.roa (raw, json)
Hash identifier: XT2hBVmBZTGMevLgArj+Kf1xpDutRI+mL+VtnNBnWI8=
Subject key identifier: F3:FF:12:90:A5:B4:FE:D5:58:64:FF:30:34:B1:F9:C1:EF:DD:F2:68
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01882A2E8FB4DD6F7BACB2BC370EC714CD70
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8_8SkKW0_tVYZP8wNLH5we_d8mg.roa
Signing time: Wed 17 May 2023 14:47:54 +0000
ROA not before: Wed 17 May 2023 14:47:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.115.146.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:2a:2e:8f:b4:dd:6f:7b:ac:b2:bc:37:0e:c7:14:cd:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 17 14:47:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f3ff1290a5b4fed55864ff3034b1f9c1efddf268
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:82:88:78:69:b1:4c:dc:ca:b1:ef:03:cb:f8:
79:93:5f:c2:e9:a0:3d:d2:a4:78:96:94:4b:c8:88:
19:0e:3f:5a:45:28:de:da:0d:5f:fd:bd:8e:78:a7:
aa:4b:0b:76:42:ec:7e:03:b4:4b:5a:ac:a0:71:6e:
89:43:e9:9d:ce:2b:c1:60:4c:fb:6a:6f:f3:b3:24:
92:bb:5e:48:72:88:74:3b:b9:06:aa:c4:6f:b8:40:
23:7f:35:8f:cd:ed:0f:41:86:6b:58:89:93:be:10:
0f:7a:ac:5b:59:11:45:0a:e2:8d:9d:f8:d7:c3:93:
a5:c1:ca:5d:16:10:32:ba:d0:76:df:b2:a7:ac:24:
c5:72:79:9d:27:2c:6d:d0:dd:37:71:22:11:ee:1e:
8d:e4:11:62:7e:13:16:b9:0c:97:bf:ca:06:10:42:
ff:93:b5:da:e1:99:64:4a:c3:4f:90:e9:58:41:f7:
ae:88:83:3c:3b:00:93:99:78:43:01:64:fe:93:50:
6e:65:53:b7:e5:02:e5:e4:8c:3a:99:f2:5b:0d:fc:
58:03:76:ea:a5:77:aa:db:b2:17:65:99:2a:43:23:
7c:6a:8a:fb:7e:0a:67:4e:ba:9f:db:fa:97:be:07:
a3:a8:4d:9d:8e:29:fb:88:a1:1a:aa:00:0d:f6:f6:
1d:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:FF:12:90:A5:B4:FE:D5:58:64:FF:30:34:B1:F9:C1:EF:DD:F2:68
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8_8SkKW0_tVYZP8wNLH5we_d8mg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
77.75.60.0/24
78.142.242.0/23
89.43.208.0/24
89.43.210.0/23
103.205.25.0/24
178.239.192.0-178.239.194.255
178.239.200.0/24
178.239.203.0/24
185.103.73.0/24
185.103.75.0/24
185.115.145.0-185.115.146.255
185.121.230.0/23
185.229.104.0/22
185.230.248.0/23
185.236.62.0/23
185.245.236.0-185.245.238.255
192.166.212.0/22
193.19.106.0/24
194.4.156.0/23
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
39:ae:22:4d:f2:90:24:a8:39:2d:70:d2:26:f3:8f:3e:c4:13:
d9:72:47:7a:3b:e9:c8:90:ae:bf:de:f5:e5:a0:f7:4f:70:7a:
d8:cb:cd:bf:94:32:29:a7:1c:94:36:b0:27:07:9a:25:4e:e9:
24:8c:27:4a:0a:9d:86:b1:e3:23:9c:16:21:fc:14:4c:e4:66:
4b:6a:29:1e:9c:f6:01:2b:e6:cb:c9:0f:b9:ae:1b:9e:7b:22:
91:06:b9:b9:a0:d9:f7:15:3e:1c:42:df:c6:7d:68:8a:54:55:
f0:6c:fe:cf:02:0c:eb:d1:59:90:c0:85:78:fc:bc:96:8c:a6:
e2:a5:06:f2:6d:ed:1e:48:b7:04:9b:e1:38:cb:59:79:dc:ff:
08:70:b6:a5:6d:fd:58:89:70:f7:bf:6f:89:6c:a5:45:16:ab:
7f:97:17:45:05:0d:67:0a:d5:b8:f5:e9:f7:88:59:89:04:e8:
c9:a9:3b:67:4e:4b:b4:e0:87:60:9d:d5:34:5a:a7:d7:64:6c:
04:df:93:74:d7:35:46:93:d6:54:a8:21:cc:a9:14:64:96:04:
8b:69:7e:d7:0e:a9:49:5b:4c:3b:a2:8f:ce:6f:88:43:bd:7e:
b2:60:45:eb:3e:54:34:fa:a2:1c:87:08:fc:df:82:ea:12:59:
96:3c:db:6f
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAYgqLo+03W97rLK8Nw7HFM1wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTE3MTQ0NzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2ZmMTI5MGE1YjRmZWQ1NTg2NGZmMzAzNGIxZjljMWVmZGRmMjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIKIeGmxTNzKse8Dy/h5k1/C6aA9
0qR4lpRLyIgZDj9aRSje2g1f/b2OeKeqSwt2Qux+A7RLWqygcW6JQ+mdzivBYEz7
am/zsySSu15Icoh0O7kGqsRvuEAjfzWPze0PQYZrWImTvhAPeqxbWRFFCuKNnfjX
w5OlwcpdFhAyutB237KnrCTFcnmdJyxt0N03cSIR7h6N5BFifhMWuQyXv8oGEEL/
k7Xa4ZlkSsNPkOlYQfeuiIM8OwCTmXhDAWT+k1BuZVO35QLl5Iw6mfJbDfxYA3bq
pXeq27IXZZkqQyN8aor7fgpnTrqf2/qXvgejqE2djin7iKEaqgAN9vYd1wIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFPP/EpCltP7VWGT/MDSx+cHv3fJoMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvOF84U2tLVzBfdFZZWlA4d05MSDV3ZV9kOG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHTBggrBgEFBQcBBwEB/wSBwzCBwDCBvQQCAAEwgbYwDAME
Ay2fmAMEAC2fmgMEAD7FhAMEAD7FhwMEAE1LPAMEAU6O8gMEAFkr0AMEAVkr0gME
AGfNGTAMAwQGsu/AAwQAsu/CAwQAsu/IAwQAsu/LAwQAuWdJAwQAuWdLMAwDBAC5
c5EDBAC5c5IDBAG5eeYDBAK55WgDBAG55vgDBAG57D4wDAMEArn17AMEALn17gME
AsCm1AMEAMETagMEAcIEnAMEAMIEnwMEAMsACAMEANUg+TANBgkqhkiG9w0BAQsF
AAOCAQEAOa4iTfKQJKg5LXDSJvOPPsQT2XJHejvpyJCuv9715aD3T3B62MvNv5Qy
KacclDawJweaJU7pJIwnSgqdhrHjI5wWIfwUTORmS2opHpz2ASvmy8kPua4bnnsi
kQa5uaDZ9xU+HELfxn1oilRV8Gz+zwIM69FZkMCFePy8loym4qUG8m3tHki3BJvh
OMtZedz/CHC2pW39WIlw979viWylRRarf5cXRQUNZwrVuPXp94hZiQToyak7Z05L
tOCHYJ3VNFqn12RsBN+TdNc1RpPWVKghzKkUZJYEi2l+1w6pSVtMO6KPzm+IQ71+
smBF6z5UNPqiHIcI/N+C6hJZljzbbw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org