Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/A0aSznPDq6qSKB84U3LIrtAFykI.roa
File: A0aSznPDq6qSKB84U3LIrtAFykI.roa (raw, json)
Hash identifier: z/56eCcbW5Iy/3BMf8p/GH0fhiUh5H74BoMg+BPHHYo=
Subject key identifier: 03:46:92:CE:73:C3:AB:AA:92:28:1F:38:53:72:C8:AE:D0:05:CA:42
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01888F0D06D07E5B9613F9F3B258A85E4CCC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/A0aSznPDq6qSKB84U3LIrtAFykI.roa
Signing time: Tue 06 Jun 2023 04:52:55 +0000
ROA not before: Tue 06 Jun 2023 04:52:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 193.19.106.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
193.42.52.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.9.54.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
185.115.146.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
77.75.63.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
185.115.144.0/23 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.210.0/23 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.228.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
178.239.192.0/23 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:8f:0d:06:d0:7e:5b:96:13:f9:f3:b2:58:a8:5e:4c:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 6 04:52:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=034692ce73c3abaa92281f385372c8aed005ca42
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:90:29:7f:cc:5e:67:a1:d3:bc:d8:d6:f6:32:
fe:f5:8f:4b:7b:dd:b3:ab:a6:68:f9:87:aa:e0:6a:
02:73:86:22:fe:86:6a:11:dd:3d:0c:6a:c0:0f:ae:
a3:c1:da:43:5b:00:7c:16:97:ab:0d:f4:93:61:c9:
ea:43:00:33:08:e8:4f:e6:02:d6:d3:3b:ea:5b:0f:
fd:5c:23:4a:f8:67:94:5c:82:77:c0:cd:da:2d:11:
d7:04:ad:28:78:51:49:6a:0c:47:39:b2:7a:55:91:
8e:ee:3e:ea:dc:30:df:cc:88:ea:cc:48:4d:23:ed:
be:64:47:3c:bc:09:58:8e:13:0e:91:13:79:75:de:
de:cd:a9:d9:c6:5e:e6:98:13:e3:41:80:6d:17:49:
32:16:ac:88:dd:ab:91:ae:cb:00:37:91:2d:fc:e7:
f1:95:ac:79:be:0e:6f:37:af:2c:d7:03:3c:2c:95:
2d:ce:06:09:79:ea:92:e8:67:af:5b:6b:30:5d:a7:
05:c6:82:db:0e:1b:6e:c0:25:46:b6:81:dc:53:cc:
31:9b:e1:12:9e:25:5a:29:20:4c:53:70:39:89:49:
2e:1b:38:08:b2:0f:3c:48:79:48:3a:a4:5e:e7:3b:
1d:b0:8e:6e:e4:ba:52:07:d4:b8:50:61:2c:50:29:
c9:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:46:92:CE:73:C3:AB:AA:92:28:1F:38:53:72:C8:AE:D0:05:CA:42
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/A0aSznPDq6qSKB84U3LIrtAFykI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
77.75.60.0/24
77.75.62.0/23
78.142.242.0/23
89.43.208.0/24
89.43.210.0/23
103.205.25.0/24
103.205.27.0/24
178.239.192.0-178.239.194.255
178.239.200.0/24
178.239.203.0/24
185.9.54.0/24
185.103.73.0/24
185.103.75.0/24
185.115.144.0-185.115.146.255
185.121.228.0/24
185.121.230.0/23
185.229.104.0/22
185.230.248.0-185.230.250.255
185.236.62.0/23
185.245.236.0-185.245.238.255
192.166.212.0/22
193.19.106.0/24
193.42.52.0/24
193.42.54.0/23
194.4.156.0/23
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
50:ce:71:af:af:8a:5d:50:0a:78:ac:c8:4b:dc:f3:71:8e:72:
42:c4:39:a7:7c:f9:dc:fb:bb:0e:a8:0f:dc:6d:e4:86:65:c1:
79:46:a6:b9:12:91:66:7c:71:d0:86:af:95:ea:af:ed:36:31:
b9:ec:dc:28:a0:8d:eb:94:30:fd:ba:fc:26:9c:99:1c:ba:f9:
f1:2f:0b:ab:2e:3a:7f:80:c7:e6:aa:c3:c4:9d:11:f0:fe:71:
75:d1:6a:69:84:59:b7:b7:47:ab:40:58:aa:51:14:00:5a:c0:
27:63:ab:2f:8b:16:df:76:14:9f:20:0e:1a:a5:c6:46:fd:21:
8c:7e:0c:90:d4:53:1d:ac:b0:80:e7:62:48:5f:51:32:bc:10:
3e:74:b9:34:2c:15:30:64:f6:a4:97:71:ae:52:b3:80:f5:03:
6f:3c:fd:da:94:b9:ed:ea:0f:6e:db:ad:02:46:69:11:50:17:
f1:69:26:6d:52:0c:db:d5:80:9e:0b:ba:ef:cb:6d:37:35:a4:
e3:93:77:4d:7e:9f:bf:41:4a:ea:04:e9:49:05:43:d3:95:3e:
64:49:c5:95:e0:d6:33:bd:0a:85:30:29:a6:21:65:f8:1e:af:
a6:a8:55:35:f0:86:80:19:85:2b:e1:d9:a5:9d:ac:3d:b0:06:
86:b6:67:6d
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgISAYiPDQbQfluWE/nzslioXkzMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjA2MDQ1MjU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQ2OTJjZTczYzNhYmFhOTIyODFmMzg1MzcyYzhhZWQwMDVjYTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZApf8xeZ6HTvNjW9jL+9Y9Le92z
q6Zo+Yeq4GoCc4Yi/oZqEd09DGrAD66jwdpDWwB8FperDfSTYcnqQwAzCOhP5gLW
0zvqWw/9XCNK+GeUXIJ3wM3aLRHXBK0oeFFJagxHObJ6VZGO7j7q3DDfzIjqzEhN
I+2+ZEc8vAlYjhMOkRN5dd7ezanZxl7mmBPjQYBtF0kyFqyI3auRrssAN5Et/Ofx
lax5vg5vN68s1wM8LJUtzgYJeeqS6GevW2swXacFxoLbDhtuwCVGtoHcU8wxm+ES
niVaKSBMU3A5iUkuGzgIsg88SHlIOqRe5zsdsI5u5LpSB9S4UGEsUCnJ+QIDAQAB
o4IC8TCCAu0wHQYDVR0OBBYEFANGks5zw6uqkigfOFNyyK7QBcpCMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQTBhU3puUERxNnFTS0I4NFUzTElydEFGeWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBQYIKwYBBQUHAQcBAf8EgfUwgfIwge8EAgABMIHoMAwD
BAMtn5gDBAAtn5oDBAA+xYQDBAA+xYcDBABNSzwDBAFNSz4DBAFOjvIDBABZK9AD
BAFZK9IDBABnzRkDBABnzRswDAMEBrLvwAMEALLvwgMEALLvyAMEALLvywMEALkJ
NgMEALlnSQMEALlnSzAMAwQEuXOQAwQAuXOSAwQAuXnkAwQBuXnmAwQCueVoMAwD
BAO55vgDBAC55voDBAG57D4wDAMEArn17AMEALn17gMEAsCm1AMEAMETagMEAMEq
NAMEAcEqNgMEAcIEnAMEAMIEnwMEAMsACAMEANUg+QMEAN8bcDANBgkqhkiG9w0B
AQsFAAOCAQEAUM5xr6+KXVAKeKzIS9zzcY5yQsQ5p3z53Pu7DqgP3G3khmXBeUam
uRKRZnxx0Iavleqv7TYxuezcKKCN65Qw/br8JpyZHLr58S8Lqy46f4DH5qrDxJ0R
8P5xddFqaYRZt7dHq0BYqlEUAFrAJ2OrL4sW33YUnyAOGqXGRv0hjH4MkNRTHayw
gOdiSF9RMrwQPnS5NCwVMGT2pJdxrlKzgPUDbzz92pS57eoPbtutAkZpEVAX8Wkm
bVIM29WAngu678ttNzWk45N3TX6fv0FK6gTpSQVD05U+ZEnFleDWM70KhTAppiFl
+B6vpqhVNfCGgBmFK+HZpZ2sPbAGhrZnbQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org