Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/H4P1e8rY7-zuRI-XsIIJK3jFWIo.roa
File: H4P1e8rY7-zuRI-XsIIJK3jFWIo.roa (raw, json)
Hash identifier: iZhH2L4jJ+meRI+vuhXXihDWd38dC3Tw8WBF9iL1NWE=
Subject key identifier: 1F:83:F5:7B:CA:D8:EF:EC:EE:44:8F:97:B0:82:09:2B:78:C5:58:8A
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188FC395D19C730DECF4A288DEEE818155A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/H4P1e8rY7-zuRI-XsIIJK3jFWIo.roa
Signing time: Tue 27 Jun 2023 09:39:57 +0000
ROA not before: Tue 27 Jun 2023 09:39:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.33.14.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
103.205.26.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
188.214.27.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
193.42.52.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.9.54.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.115.146.0/24 maxlen: 24
185.115.147.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
77.75.63.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
185.115.144.0/23 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
89.43.210.0/23 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
185.245.239.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
89.47.89.0/24 maxlen: 24
185.121.229.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.228.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
178.239.192.0/23 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:fc:39:5d:19:c7:30:de:cf:4a:28:8d:ee:e8:18:15:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 27 09:39:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1f83f57bcad8efecee448f97b082092b78c5588a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:05:3e:20:ed:b5:0d:3b:be:e9:2b:72:ee:59:
b7:0f:83:5c:de:97:65:3d:52:fb:e4:99:a4:49:80:
84:04:1a:1c:48:65:f1:88:d1:a7:bb:50:92:6f:48:
c5:14:58:20:8d:41:1d:87:86:25:18:38:9e:62:c6:
7b:6f:0c:81:9e:e6:b0:64:12:15:e7:11:5b:82:7d:
26:2b:76:6a:a6:1a:95:1f:03:29:61:7d:80:3f:11:
8e:b7:ba:ea:d8:a2:8b:c1:88:ab:51:ba:7b:75:83:
43:8d:04:e7:61:b0:1f:a6:69:05:2e:70:b0:90:2c:
ca:6c:ee:4d:4d:95:17:64:00:7b:16:6d:bf:9b:f2:
fe:18:a9:c3:cf:b8:45:8b:8f:d6:f7:8f:72:3b:f9:
31:6e:a0:19:95:a2:ae:70:8b:9e:e0:d3:63:40:0c:
2c:35:6c:2a:45:49:01:56:65:93:10:a7:1a:b7:86:
b2:68:5a:b1:38:b7:ff:ee:45:3d:66:dc:01:f9:b9:
62:10:e0:95:14:98:94:84:3e:02:64:a8:0d:64:fc:
2d:3c:e1:8e:f0:8e:de:97:be:df:d7:1a:1f:9c:99:
b4:e0:fd:fd:79:dd:7e:7c:33:38:7c:b7:61:20:13:
c8:96:c9:6c:84:3e:02:98:16:30:32:e1:a3:3e:92:
36:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:83:F5:7B:CA:D8:EF:EC:EE:44:8F:97:B0:82:09:2B:78:C5:58:8A
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/H4P1e8rY7-zuRI-XsIIJK3jFWIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
77.75.60.0/24
77.75.62.0/23
78.142.242.0/23
89.33.14.0/24
89.40.160.0/24
89.43.208.0/24
89.43.210.0/23
89.47.89.0/24
93.114.246.0/24
103.205.25.0-103.205.27.255
178.239.192.0-178.239.194.255
178.239.200.0/23
178.239.203.0/24
185.9.54.0/24
185.103.73.0/24
185.115.144.0/22
185.121.228.0/22
185.229.104.0/22
185.230.248.0-185.230.250.255
185.236.62.0/23
185.245.236.0/22
188.214.27.0/24
192.166.212.0/22
193.19.106.0/24
193.42.52.0/24
193.42.54.0/23
194.4.156.0/22
203.0.8.0/24
213.32.248.0/23
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
44:25:60:9a:a1:71:9d:a6:98:67:4f:9d:1d:9e:81:aa:d7:0c:
9c:85:45:32:f0:0d:29:16:f1:ba:7a:be:29:cd:f8:dc:3b:a8:
94:4b:be:f4:cc:32:17:1c:3a:2c:af:e5:d2:66:ef:7a:c2:2e:
c2:98:82:9a:2d:a5:c8:7d:f5:fe:c9:fe:ad:49:34:e3:0f:bd:
74:ab:e9:d8:1f:c4:14:a7:7e:77:7c:3c:c5:de:07:37:75:2f:
bc:8b:b2:d4:1b:3a:9f:3f:bd:a8:aa:8c:89:a2:18:fc:e3:3b:
c1:1a:31:ef:be:38:78:20:52:45:0e:b8:47:b6:97:be:7c:32:
37:a4:54:89:f7:4a:cf:47:fb:2f:59:14:e8:2a:57:91:7d:ba:
f0:fd:64:3b:0a:bb:e6:70:2f:dc:d2:79:cc:79:1e:0f:d6:6b:
d5:8b:53:11:3a:a7:2b:11:97:77:66:05:c9:4f:0b:07:07:ed:
c8:70:38:b1:a6:1e:7d:39:26:28:5b:95:8a:52:2d:ba:71:0c:
27:5a:59:84:6e:8e:df:8e:79:67:01:af:f4:68:ba:c7:27:55:
16:de:1a:cd:e6:a8:31:5a:4b:61:17:a8:b8:35:62:29:f0:0e:
0d:90:3f:51:84:d5:46:02:03:09:33:48:33:99:ad:a0:b2:f7:
10:40:ee:4a
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgISAYj8OV0ZxzDez0ooje7oGBVaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjI3MDkzOTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgzZjU3YmNhZDhlZmVjZWU0NDhmOTdiMDgyMDkyYjc4YzU1ODhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgU+IO21DTu+6Sty7lm3D4Nc3pdl
PVL75JmkSYCEBBocSGXxiNGnu1CSb0jFFFggjUEdh4YlGDieYsZ7bwyBnuawZBIV
5xFbgn0mK3ZqphqVHwMpYX2APxGOt7rq2KKLwYirUbp7dYNDjQTnYbAfpmkFLnCw
kCzKbO5NTZUXZAB7Fm2/m/L+GKnDz7hFi4/W949yO/kxbqAZlaKucIue4NNjQAws
NWwqRUkBVmWTEKcat4ayaFqxOLf/7kU9ZtwB+bliEOCVFJiUhD4CZKgNZPwtPOGO
8I7el77f1xofnJm04P39ed1+fDM4fLdhIBPIlslshD4CmBYwMuGjPpI2IwIDAQAB
o4IC7zCCAuswHQYDVR0OBBYEFB+D9XvK2O/s7kSPl7CCCSt4xViKMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSDRQMWU4clk3LXp1UkktWHNJSUpLM2pGV0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAwYIKwYBBQUHAQcBAf8EgfMwgfAwge0EAgABMIHmMAwD
BAMtn5gDBAAtn5oDBAA+xYQDBAA+xYcDBABNSzwDBAFNSz4DBAFOjvIDBABZIQ4D
BABZKKADBABZK9ADBAFZK9IDBABZL1kDBABdcvYwDAMEAGfNGQMEAmfNGDAMAwQG
su/AAwQAsu/CAwQBsu/IAwQAsu/LAwQAuQk2AwQAuWdJAwQCuXOQAwQCuXnkAwQC
ueVoMAwDBAO55vgDBAC55voDBAG57D4DBAK59ewDBAC81hsDBALAptQDBADBE2oD
BADBKjQDBAHBKjYDBALCBJwDBADLAAgDBAHVIPgDBADfG3AwDQYJKoZIhvcNAQEL
BQADggEBAEQlYJqhcZ2mmGdPnR2egarXDJyFRTLwDSkW8bp6vinN+Nw7qJRLvvTM
MhccOiyv5dJm73rCLsKYgpotpch99f7J/q1JNOMPvXSr6dgfxBSnfnd8PMXeBzd1
L7yLstQbOp8/vaiqjImiGPzjO8EaMe++OHggUkUOuEe2l758MjekVIn3Ss9H+y9Z
FOgqV5F9uvD9ZDsKu+ZwL9zSecx5Hg/Wa9WLUxE6pysRl3dmBclPCwcH7chwOLGm
Hn05JihblYpSLbpxDCdaWYRujt+OeWcBr/RouscnVRbeGs3mqDFaS2EXqLg1Yinw
Dg2QP1GE1UYCAwkzSDOZraCy9xBA7ko=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:09 2024 by rpki-client on console-ams.rpki-client.org