Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CEVyQeqmFTn6fp0Mwzq4YyGplcs.roa
File: CEVyQeqmFTn6fp0Mwzq4YyGplcs.roa (raw, json)
Hash identifier: bcABiJhgK4Irh+WLV3w9YjtffYEss/DYky8cri1W8xc=
Subject key identifier: 08:45:72:41:EA:A6:15:39:FA:7E:9D:0C:C3:3A:B8:63:21:A9:95:CB
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186E9635AD5C9DE253F52363E907F6E1548
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CEVyQeqmFTn6fp0Mwzq4YyGplcs.roa
Signing time: Thu 16 Mar 2023 07:47:27 +0000
ROA not before: Thu 16 Mar 2023 07:47:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
94.176.110.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e9:63:5a:d5:c9:de:25:3f:52:36:3e:90:7f:6e:15:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 16 07:47:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=08457241eaa61539fa7e9d0cc33ab86321a995cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:e3:5f:03:d1:5d:d3:43:4f:56:a3:8b:45:28:
f8:b1:bc:50:08:67:3c:69:fa:d8:80:d8:50:0f:5b:
60:6c:e7:da:83:6a:2e:52:a6:8a:12:c0:0b:7d:f5:
63:72:e0:b7:7b:c4:91:48:2b:e1:d2:24:02:c4:b7:
40:00:95:90:3b:cb:ce:75:00:bd:87:de:7f:8e:28:
0d:68:17:72:cb:38:f0:92:6c:78:0e:d1:60:7d:b2:
25:2a:0a:80:c7:c1:ac:bd:d5:d2:94:12:d4:4c:59:
c4:9e:df:63:9a:56:37:e9:0e:06:5b:9e:55:e7:a4:
ba:e9:08:99:16:45:34:fd:53:31:8f:ba:93:e0:32:
6e:f0:9d:4b:62:b7:62:40:2a:4a:3f:d7:cb:8d:36:
08:9d:31:20:a0:9d:3a:98:bb:e0:f9:da:18:b6:89:
e8:ee:48:91:29:ff:9a:bb:7f:f5:ce:a1:ad:ee:19:
bd:44:d4:cd:05:d5:d4:c0:bb:a2:cc:af:e6:53:36:
9a:4d:8a:79:a8:64:28:e8:fd:8d:e3:bc:f8:92:02:
02:fe:ae:2f:d4:59:45:91:ad:f3:44:ce:b0:dd:4e:
e1:1a:07:a5:94:85:a8:24:56:e4:2c:e5:0f:8f:7a:
0e:c2:10:e1:e1:18:89:78:1b:80:b5:1f:d6:02:67:
04:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:45:72:41:EA:A6:15:39:FA:7E:9D:0C:C3:3A:B8:63:21:A9:95:CB
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/CEVyQeqmFTn6fp0Mwzq4YyGplcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
94.176.110.0/24
185.103.72.0/24
185.238.10.0/24
185.241.209.0-185.241.211.255
185.255.169.0-185.255.171.255
188.212.132.0/23
188.240.232.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:0e:43:af:99:7e:24:f6:28:fb:c4:72:3f:0e:21:9b:7f:13:
47:e6:7f:57:ff:7f:04:7e:27:ec:dd:35:74:14:30:7c:08:02:
98:d0:76:cc:61:db:1c:13:d7:bb:96:be:ba:35:13:f2:29:cc:
25:db:eb:14:8e:82:12:78:65:ec:74:6c:7f:37:a0:7d:19:9a:
fb:e1:ef:8c:c3:02:60:89:f0:2f:34:dd:6d:ab:44:ee:df:4b:
97:0e:e7:9b:8f:5c:ce:5f:a3:5d:e1:41:b2:c4:cd:f4:b1:b9:
a8:3a:ad:cd:a9:7a:ed:1e:7c:b9:25:f3:f0:d4:ac:c6:52:88:
17:0b:b0:67:1d:09:16:9b:bc:3e:18:53:2b:6a:a6:13:52:ff:
3a:7d:ec:25:39:35:b3:12:61:e8:dd:e0:cd:eb:10:2c:8a:22:
8d:07:8b:98:97:bb:3e:68:15:72:76:48:07:bb:0a:32:0a:f0:
b7:06:c6:17:a4:d9:43:d9:2c:b7:8c:bf:96:0e:e7:bb:5d:89:
74:bc:69:66:c1:ed:05:8f:bb:a6:37:f4:75:26:ad:ca:1f:c5:
29:cd:d5:6e:2d:a0:61:d4:9d:c8:45:0c:4c:cd:01:b6:c5:27:
5d:da:2a:13:40:f2:f3:33:9a:cf:26:81:d7:31:8e:95:00:5d:
31:70:89:ba
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAYbpY1rVyd4lP1I2PpB/bhVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzE2MDc0NzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODQ1NzI0MWVhYTYxNTM5ZmE3ZTlkMGNjMzNhYjg2MzIxYTk5NWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+NfA9Fd00NPVqOLRSj4sbxQCGc8
afrYgNhQD1tgbOfag2ouUqaKEsALffVjcuC3e8SRSCvh0iQCxLdAAJWQO8vOdQC9
h95/jigNaBdyyzjwkmx4DtFgfbIlKgqAx8GsvdXSlBLUTFnEnt9jmlY36Q4GW55V
56S66QiZFkU0/VMxj7qT4DJu8J1LYrdiQCpKP9fLjTYInTEgoJ06mLvg+doYtono
7kiRKf+au3/1zqGt7hm9RNTNBdXUwLuizK/mUzaaTYp5qGQo6P2N47z4kgIC/q4v
1FlFka3zRM6w3U7hGgellIWoJFbkLOUPj3oOwhDh4RiJeBuAtR/WAmcEMQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFAhFckHqphU5+n6dDMM6uGMhqZXLMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQ0VWeVFlcW1GVG42ZnAwTXd6cTRZeUdwbGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQAV/eUAwQA
WSU/AwQAW7zMAwQBXXP+AwQAXrBuAwQAuWdIAwQAue4KMAwDBAC58dEDBAK58dAw
DAMEALn/qQMEArn/qAMEAbzUhAMEALzw6DANBgkqhkiG9w0BAQsFAAOCAQEAXQ5D
r5l+JPYo+8RyPw4hm38TR+Z/V/9/BH4n7N01dBQwfAgCmNB2zGHbHBPXu5a+ujUT
8inMJdvrFI6CEnhl7HRsfzegfRma++HvjMMCYInwLzTdbatE7t9Llw7nm49czl+j
XeFBssTN9LG5qDqtzal67R58uSXz8NSsxlKIFwuwZx0JFpu8PhhTK2qmE1L/On3s
JTk1sxJh6N3gzesQLIoijQeLmJe7PmgVcnZIB7sKMgrwtwbGF6TZQ9kst4y/lg7n
u12JdLxpZsHtBY+7pjf0dSatyh/FKc3Vbi2gYdSdyEUMTM0BtsUnXdoqE0Dy8zOa
zyaB1zGOlQBdMXCJug==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org