Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Gm25vPnpssmef8nfJLTeZ2VRLzM.roa
File: Gm25vPnpssmef8nfJLTeZ2VRLzM.roa (raw, json)
Hash identifier: 5O7RbWw9Rp36nFwElBndPIbVKF+2Y9DspSGjoA41smI=
Subject key identifier: 1A:6D:B9:BC:F9:E9:B2:C9:9E:7F:C9:DF:24:B4:DE:67:65:51:2F:33
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187EA487F3F4A24392FC53843E0C841A748
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Gm25vPnpssmef8nfJLTeZ2VRLzM.roa
Signing time: Fri 05 May 2023 05:00:32 +0000
ROA not before: Fri 05 May 2023 05:00:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.115.146.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
89.38.136.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
62.197.128.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ea:48:7f:3f:4a:24:39:2f:c5:38:43:e0:c8:41:a7:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 5 05:00:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1a6db9bcf9e9b2c99e7fc9df24b4de6765512f33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:7c:82:91:12:6f:e1:74:d9:af:00:c8:b7:a1:
b4:86:8d:f8:d0:45:3c:1c:44:01:46:56:ee:93:35:
f6:5f:87:32:81:6a:e0:0b:40:33:85:63:80:d9:77:
9c:4c:fb:bf:da:dd:45:19:ec:cf:71:05:18:62:12:
0a:82:05:e5:64:0e:2f:0f:5e:9c:7f:fd:be:d2:0b:
c3:4f:57:48:10:50:c6:ac:53:bd:6c:45:ff:60:ab:
f4:55:fb:91:a5:29:c3:d5:22:50:a4:bc:5d:be:3f:
c0:99:4c:fa:c8:59:81:c7:25:32:1d:ce:2c:fc:5c:
77:66:36:f5:59:24:bd:4e:86:77:f9:95:f1:cc:2d:
3a:fd:1c:be:7c:f0:1b:a5:af:a7:60:ca:32:ea:a9:
b7:ce:5f:c0:65:45:9a:7e:47:b8:d0:0c:82:70:c4:
1f:9a:c9:04:2e:3b:56:e4:5a:bb:cf:de:9e:33:42:
00:82:a2:f9:91:5f:8a:e4:1a:d2:97:70:73:aa:65:
ce:dc:9a:3b:95:f4:51:2c:89:f2:8b:f9:cf:ee:63:
d3:22:d4:e8:a7:e7:b3:06:06:89:5b:6e:36:ce:bc:
38:cc:39:ec:82:67:da:3c:5d:28:11:68:7c:13:d4:
18:81:27:1a:8a:61:4d:8c:1d:e9:ed:62:49:4b:f9:
0d:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:6D:B9:BC:F9:E9:B2:C9:9E:7F:C9:DF:24:B4:DE:67:65:51:2F:33
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Gm25vPnpssmef8nfJLTeZ2VRLzM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.128.0/24
62.197.135.0/24
78.142.242.0/23
89.38.136.0/24
89.43.208.0/24
89.43.210.0/23
91.209.12.0/24
178.239.192.0/24
178.239.203.0/24
185.103.73.0/24
185.103.75.0/24
185.115.145.0-185.115.146.255
185.121.230.0/23
185.229.104.0/22
185.230.248.0/23
185.236.62.0/24
185.245.236.0-185.245.238.255
194.4.156.0/23
194.4.159.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
48:56:ce:01:e9:aa:08:8c:6d:b4:6e:fa:47:14:a1:3f:3c:45:
93:75:0c:b9:d9:46:01:98:9f:75:32:fb:59:2c:3d:d9:a5:b2:
d8:81:b0:a7:25:54:a1:5b:d6:bd:96:0d:35:d7:99:51:f0:f0:
c3:fc:cf:62:1e:0e:75:64:ee:1a:27:92:28:48:63:73:4b:37:
12:22:92:f4:c2:99:08:c5:2d:eb:fa:89:54:3b:bb:aa:07:15:
6b:2b:5e:b2:9d:95:c9:f9:76:bb:43:cb:49:9e:dc:b8:95:77:
e6:06:78:82:64:23:52:a4:f4:40:32:cc:25:b0:23:e0:d6:8b:
2c:43:dd:23:24:ba:f2:4a:07:4b:b8:2d:bd:0e:5f:63:87:3c:
83:0b:d3:26:bd:ef:ff:7e:70:24:02:2b:42:d8:08:2c:93:04:
28:3c:00:e0:be:cb:e7:da:ab:e3:39:8b:4f:fd:d6:2b:91:63:
19:99:93:34:f5:31:3b:f9:5b:be:51:a6:7a:b4:d8:99:75:d0:
fd:a5:a9:ef:6f:25:a0:f7:34:af:bd:31:6c:d5:8e:24:4d:cc:
c8:3f:6b:32:94:e8:6b:9d:23:41:26:a0:18:54:e5:53:da:42:
2f:1e:91:4f:3e:04:2f:23:80:57:fe:67:1e:d2:e4:3e:60:e7:
f7:83:a6:cf
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAYfqSH8/SiQ5L8U4Q+DIQadIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTA1MDUwMDMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTZkYjliY2Y5ZTliMmM5OWU3ZmM5ZGYyNGI0ZGU2NzY1NTEyZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXyCkRJv4XTZrwDIt6G0ho340EU8
HEQBRlbukzX2X4cygWrgC0AzhWOA2XecTPu/2t1FGezPcQUYYhIKggXlZA4vD16c
f/2+0gvDT1dIEFDGrFO9bEX/YKv0VfuRpSnD1SJQpLxdvj/AmUz6yFmBxyUyHc4s
/Fx3Zjb1WSS9ToZ3+ZXxzC06/Ry+fPAbpa+nYMoy6qm3zl/AZUWafke40AyCcMQf
mskELjtW5Fq7z96eM0IAgqL5kV+K5BrSl3BzqmXO3Jo7lfRRLInyi/nP7mPTItTo
p+ezBgaJW242zrw4zDnsgmfaPF0oEWh8E9QYgScaimFNjB3p7WJJS/kNfQIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFBptubz56bLJnn/J3yS03mdlUS8zMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvR20yNXZQbnBzc21lZjhuZkpMVGVaMlZSTHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBnQQCAAEwgZYwDAME
Ay2fmAMEAC2fmgMEAD7FgAMEAD7FhwMEAU6O8gMEAFkmiAMEAFkr0AMEAVkr0gME
AFvRDAMEALLvwAMEALLvywMEALlnSQMEALlnSzAMAwQAuXORAwQAuXOSAwQBuXnm
AwQCueVoAwQBueb4AwQAuew+MAwDBAK59ewDBAC59e4DBAHCBJwDBADCBJ8DBADV
IPkwDQYJKoZIhvcNAQELBQADggEBAEhWzgHpqgiMbbRu+kcUoT88RZN1DLnZRgGY
n3Uy+1ksPdmlstiBsKclVKFb1r2WDTXXmVHw8MP8z2IeDnVk7honkihIY3NLNxIi
kvTCmQjFLev6iVQ7u6oHFWsrXrKdlcn5drtDy0me3LiVd+YGeIJkI1Kk9EAyzCWw
I+DWiyxD3SMkuvJKB0u4Lb0OX2OHPIML0ya97/9+cCQCK0LYCCyTBCg8AOC+y+fa
q+M5i0/91iuRYxmZkzT1MTv5W75Rpnq02Jl10P2lqe9vJaD3NK+9MWzVjiRNzMg/
azKU6GudI0EmoBhU5VPaQi8ekU8+BC8jgFf+Zx7S5D5g5/eDps8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org