Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FkOeTw2IX-P1o_ynfREfQUC-wVI.roa
File: FkOeTw2IX-P1o_ynfREfQUC-wVI.roa (raw, json)
Hash identifier: DE4rdvR8HAH9qM4xwDdzBX89O141TomnG6QG7FHzUm0=
Subject key identifier: 16:43:9E:4F:0D:88:5F:E3:F5:A3:FC:A7:7D:11:1F:41:40:BE:C1:52
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188A98259E8194C3C82A3D0845B9D469050
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FkOeTw2IX-P1o_ynfREfQUC-wVI.roa
Signing time: Sun 11 Jun 2023 08:11:12 +0000
ROA not before: Sun 11 Jun 2023 08:11:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 193.19.106.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
193.42.52.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.9.54.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
185.115.146.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
77.75.63.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
185.115.144.0/23 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.210.0/23 maxlen: 24
185.245.238.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.228.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
178.239.192.0/23 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:a9:82:59:e8:19:4c:3c:82:a3:d0:84:5b:9d:46:90:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 11 08:11:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=16439e4f0d885fe3f5a3fca77d111f4140bec152
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:1e:f0:52:33:c5:68:da:73:44:c8:7b:9c:02:
c7:cc:66:0d:65:f6:31:2c:3a:bc:cf:26:f8:02:8b:
c9:bb:2e:27:49:0b:e3:ea:a4:a3:67:c6:ae:88:6a:
56:cc:58:fe:b4:c2:0a:0d:d9:fe:6f:77:61:0d:3b:
d2:97:19:a2:e0:df:f4:63:b0:0d:66:ce:92:cb:55:
be:73:35:48:d6:b4:60:17:42:ad:51:88:cb:c8:65:
83:cf:3c:c5:9c:73:fc:3f:8a:a2:84:71:c1:58:95:
84:c0:60:c9:c2:b8:11:da:65:d2:b6:4d:1c:eb:2c:
19:8b:2e:a2:4a:b7:91:f2:6a:55:3a:d4:37:d4:ca:
df:b6:ce:c0:82:dc:dc:37:7c:53:4e:5d:23:8e:ed:
51:6a:1f:35:71:2b:7b:58:45:3e:85:0f:58:e0:ca:
33:49:57:ad:33:59:c7:20:c7:56:88:ee:4a:70:09:
1f:51:f6:86:c9:d7:b7:24:65:d1:17:33:48:0b:34:
97:2a:52:c1:23:ee:36:2d:5c:a8:ea:09:4c:fd:99:
ef:ea:68:ea:c6:22:dd:a7:51:ea:e0:d1:6a:78:d5:
98:be:19:39:54:28:83:f1:0b:b9:10:9e:84:86:19:
be:d2:f3:6a:c8:6f:42:ba:07:98:a0:b4:6e:04:c2:
eb:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:43:9E:4F:0D:88:5F:E3:F5:A3:FC:A7:7D:11:1F:41:40:BE:C1:52
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/FkOeTw2IX-P1o_ynfREfQUC-wVI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
77.75.60.0/24
77.75.62.0/23
78.142.242.0/23
89.43.208.0/24
89.43.210.0/23
103.205.25.0/24
103.205.27.0/24
178.239.192.0-178.239.194.255
178.239.200.0/23
178.239.203.0/24
185.9.54.0/24
185.103.73.0/24
185.103.75.0/24
185.115.144.0-185.115.146.255
185.121.228.0/24
185.121.230.0/23
185.229.104.0/22
185.230.248.0-185.230.250.255
185.236.62.0/23
185.245.236.0-185.245.238.255
192.166.212.0/22
193.19.106.0/24
193.42.52.0/24
193.42.54.0/23
194.4.156.0/23
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
13:88:15:0e:b1:52:de:7b:55:97:67:3a:09:58:d4:69:d2:e7:
65:a5:bb:c6:a2:d6:69:07:7d:7e:ce:4e:83:76:0c:d2:f1:14:
9d:3b:1e:a1:08:f7:d1:ea:bb:fc:7d:7b:d6:c5:86:fc:a6:27:
32:7b:53:f7:ee:20:85:19:36:96:ca:c2:76:47:66:39:c1:16:
fa:84:57:ad:f2:0f:9f:c8:22:17:81:43:7b:8e:2b:62:d0:5c:
e7:9d:06:a7:67:0f:38:35:a8:fe:d1:72:eb:10:32:ba:21:bf:
9e:28:26:b9:03:53:39:f4:0e:27:04:e1:0d:8b:54:dc:bb:14:
64:c0:85:d8:ff:7f:25:81:54:45:1e:7e:91:07:2b:9f:d9:af:
df:ab:85:3a:bf:41:2f:6d:e7:06:c3:1b:19:d6:3f:a5:d6:8c:
02:88:4a:71:7a:d7:b4:66:45:8b:cd:78:47:6c:82:69:b4:d5:
c5:a4:c6:6a:c7:8c:1d:04:d3:ec:56:ed:bb:4e:b1:f2:f8:70:
5b:b7:a0:37:11:7e:c5:20:7b:d2:45:aa:b1:6e:c0:4a:d3:f4:
af:8d:54:b9:5e:e0:a2:6e:75:77:2d:ea:81:60:9c:26:1a:fe:
c0:57:2d:d2:b1:b6:6b:72:5c:9c:41:8f:a2:6e:bb:05:b2:fd:
9f:7d:77:d1
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgISAYipglnoGUw8gqPQhFudRpBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjExMDgxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjQzOWU0ZjBkODg1ZmUzZjVhM2ZjYTc3ZDExMWY0MTQwYmVjMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB7wUjPFaNpzRMh7nALHzGYNZfYx
LDq8zyb4AovJuy4nSQvj6qSjZ8auiGpWzFj+tMIKDdn+b3dhDTvSlxmi4N/0Y7AN
Zs6Sy1W+czVI1rRgF0KtUYjLyGWDzzzFnHP8P4qihHHBWJWEwGDJwrgR2mXStk0c
6ywZiy6iSreR8mpVOtQ31Mrfts7AgtzcN3xTTl0jju1Rah81cSt7WEU+hQ9Y4Moz
SVetM1nHIMdWiO5KcAkfUfaGyde3JGXRFzNICzSXKlLBI+42LVyo6glM/Znv6mjq
xiLdp1Hq4NFqeNWYvhk5VCiD8Qu5EJ6Ehhm+0vNqyG9CugeYoLRuBMLr7QIDAQAB
o4IC8TCCAu0wHQYDVR0OBBYEFBZDnk8NiF/j9aP8p30RH0FAvsFSMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRmtPZVR3MklYLVAxb195bmZSRWZRVUMtd1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBQYIKwYBBQUHAQcBAf8EgfUwgfIwge8EAgABMIHoMAwD
BAMtn5gDBAAtn5oDBAA+xYQDBAA+xYcDBABNSzwDBAFNSz4DBAFOjvIDBABZK9AD
BAFZK9IDBABnzRkDBABnzRswDAMEBrLvwAMEALLvwgMEAbLvyAMEALLvywMEALkJ
NgMEALlnSQMEALlnSzAMAwQEuXOQAwQAuXOSAwQAuXnkAwQBuXnmAwQCueVoMAwD
BAO55vgDBAC55voDBAG57D4wDAMEArn17AMEALn17gMEAsCm1AMEAMETagMEAMEq
NAMEAcEqNgMEAcIEnAMEAMIEnwMEAMsACAMEANUg+QMEAN8bcDANBgkqhkiG9w0B
AQsFAAOCAQEAE4gVDrFS3ntVl2c6CVjUadLnZaW7xqLWaQd9fs5Og3YM0vEUnTse
oQj30eq7/H171sWG/KYnMntT9+4ghRk2lsrCdkdmOcEW+oRXrfIPn8giF4FDe44r
YtBc550Gp2cPODWo/tFy6xAyuiG/nigmuQNTOfQOJwThDYtU3LsUZMCF2P9/JYFU
RR5+kQcrn9mv36uFOr9BL23nBsMbGdY/pdaMAohKcXrXtGZFi814R2yCabTVxaTG
aseMHQTT7Fbtu06x8vhwW7egNxF+xSB70kWqsW7AStP0r41UuV7gom51dy3qgWCc
Jhr+wFct0rG2a3JcnEGPom67BbL9n3130Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org