Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/As9o6Eqh_x1zPO2qoDtgQvZT01E.roa
File: As9o6Eqh_x1zPO2qoDtgQvZT01E.roa (raw, json)
Hash identifier: PNifjvW15FZsCyH1J8U8KGQykLIFU6ENhCu7hXD85bg=
Subject key identifier: 02:CF:68:E8:4A:A1:FF:1D:73:3C:ED:AA:A0:3B:60:42:F6:53:D3:51
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186B6690330BA24A40A9082C9235167E40A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/As9o6Eqh_x1zPO2qoDtgQvZT01E.roa
Signing time: Mon 06 Mar 2023 10:13:00 +0000
ROA not before: Mon 06 Mar 2023 10:13:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200482
IP address blocks: 178.239.200.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.128.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
89.43.209.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
223.27.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b6:69:03:30:ba:24:a4:0a:90:82:c9:23:51:67:e4:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 6 10:13:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=02cf68e84aa1ff1d733cedaaa03b6042f653d351
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:c4:03:54:c5:ff:b4:1a:74:23:5f:d8:e2:e4:
ab:2d:72:73:f1:72:29:ec:88:a4:ce:c8:d6:1f:25:
c6:4b:f8:73:a3:be:98:5a:e0:de:b9:db:b1:63:be:
4b:6a:00:90:28:a4:44:87:96:c9:04:69:38:82:d6:
80:d9:54:22:17:89:52:50:f9:1a:fc:ee:a2:56:3b:
c6:77:c1:e4:f2:9a:72:2b:a2:75:1f:74:dd:10:ef:
ec:fd:87:9d:b6:06:ac:c0:30:30:f9:41:58:f0:ee:
27:f1:35:9f:0e:62:d8:f5:49:46:4b:ac:a1:23:46:
6f:06:3e:63:36:7e:a2:c9:60:99:e4:32:8b:83:ba:
8c:08:dd:6d:94:d7:e1:ea:ec:50:9b:ff:9b:a5:20:
8c:3a:47:ec:4b:57:b2:2e:72:ec:b4:17:57:ea:71:
f4:2d:cf:27:b5:de:31:03:fc:41:c9:59:26:c3:64:
3e:8c:8a:a0:68:d5:8b:63:bf:97:87:b2:be:2a:68:
d0:d0:ad:1a:77:4a:1d:ef:ed:dd:a3:4b:1b:18:22:
32:bf:54:5e:09:6d:26:b3:1f:5b:35:f6:fa:06:c4:
61:79:d8:59:90:c0:81:77:fb:50:47:57:3e:9a:ea:
9a:da:3d:37:e2:86:8c:8c:db:aa:86:d4:78:fc:ed:
10:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:CF:68:E8:4A:A1:FF:1D:73:3C:ED:AA:A0:3B:60:42:F6:53:D3:51
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/As9o6Eqh_x1zPO2qoDtgQvZT01E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.153.0/24
62.197.128.0/24
62.197.132.0/24
89.43.209.0/24
89.43.211.0/24
91.209.12.0/24
103.205.25.0/24
103.205.27.0/24
178.239.200.0/24
185.229.105.0/24
185.245.236.0/24
223.27.114.0/24
Signature Algorithm: sha256WithRSAEncryption
18:15:93:37:5c:4a:ed:b0:2b:39:e9:08:ea:9c:40:3d:6c:d7:
5f:39:95:73:45:ab:17:38:b6:76:96:d3:b1:98:30:63:64:09:
6e:b0:3e:49:63:14:02:7f:57:2c:35:22:20:a0:0c:83:bf:c3:
dc:45:39:0b:55:94:bc:47:27:dd:3f:8a:f3:f2:16:bd:38:bc:
21:7f:57:93:67:d9:7f:20:09:1f:b2:50:99:7d:75:f7:00:5d:
0a:5e:8f:61:db:46:6d:de:88:05:46:34:70:6f:7b:8c:37:6e:
da:4d:be:05:84:4a:e4:79:ae:12:43:d4:cb:39:c3:47:a5:d3:
43:ec:d1:7a:17:33:c5:ef:44:9a:b8:6a:77:61:ea:c9:98:d2:
6b:14:33:06:83:fe:b5:5d:31:0b:3d:19:58:34:f9:d4:7b:e4:
97:1e:93:9f:3a:3e:f0:92:f5:a4:de:09:13:39:8f:da:05:72:
28:2c:c2:d3:b0:67:8f:3f:c8:71:58:f8:4d:74:bc:17:da:34:
7c:89:e3:ce:e1:d4:7b:c3:80:46:24:5a:0b:cd:b2:83:ba:93:
b7:a0:94:97:22:14:a7:32:3c:5f:85:fd:20:9b:bc:a4:99:d3:
8b:87:c8:1f:71:b4:70:79:66:7d:18:5f:a1:52:de:cf:72:bf:
8c:ef:c3:68
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYa2aQMwuiSkCpCCySNRZ+QKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA2MTAxMzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmNmNjhlODRhYTFmZjFkNzMzY2VkYWFhMDNiNjA0MmY2NTNkMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcQDVMX/tBp0I1/Y4uSrLXJz8XIp
7IikzsjWHyXGS/hzo76YWuDeuduxY75LagCQKKREh5bJBGk4gtaA2VQiF4lSUPka
/O6iVjvGd8Hk8ppyK6J1H3TdEO/s/YedtgaswDAw+UFY8O4n8TWfDmLY9UlGS6yh
I0ZvBj5jNn6iyWCZ5DKLg7qMCN1tlNfh6uxQm/+bpSCMOkfsS1eyLnLstBdX6nH0
Lc8ntd4xA/xByVkmw2Q+jIqgaNWLY7+Xh7K+KmjQ0K0ad0od7+3do0sbGCIyv1Re
CW0msx9bNfb6BsRhedhZkMCBd/tQR1c+muqa2j034oaMjNuqhtR4/O0QZQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFALPaOhKof8dczztqqA7YEL2U9NRMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQXM5bzZFcWhfeDF6UE8ycW9EdGdRdlpUMDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALZ+ZAwQA
PsWAAwQAPsWEAwQAWSvRAwQAWSvTAwQAW9EMAwQAZ80ZAwQAZ80bAwQAsu/IAwQA
ueVpAwQAufXsAwQA3xtyMA0GCSqGSIb3DQEBCwUAA4IBAQAYFZM3XErtsCs56Qjq
nEA9bNdfOZVzRasXOLZ2ltOxmDBjZAlusD5JYxQCf1csNSIgoAyDv8PcRTkLVZS8
RyfdP4rz8ha9OLwhf1eTZ9l/IAkfslCZfXX3AF0KXo9h20Zt3ogFRjRwb3uMN27a
Tb4FhErkea4SQ9TLOcNHpdND7NF6FzPF70SauGp3YerJmNJrFDMGg/61XTELPRlY
NPnUe+SXHpOfOj7wkvWk3gkTOY/aBXIoLMLTsGePP8hxWPhNdLwX2jR8iePO4dR7
w4BGJFoLzbKDupO3oJSXIhSnMjxfhf0gm7ykmdOLh8gfcbRweWZ9GF+hUt7Pcr+M
78No
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org