Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/I2-1qRZK8Q8BxyUp-N_tyL1O7-I.roa
File: I2-1qRZK8Q8BxyUp-N_tyL1O7-I.roa (raw, json)
Hash identifier: +65Grw1Plcfglt3vYenqaC0vp9gcMSH29OWRRngvmwU=
Subject key identifier: 23:6F:B5:A9:16:4A:F1:0F:01:C7:25:29:F8:DF:ED:C8:BD:4E:EF:E2
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01875A15AD0C3460083557646F89CD5AB301
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/I2-1qRZK8Q8BxyUp-N_tyL1O7-I.roa
Signing time: Fri 07 Apr 2023 04:59:42 +0000
ROA not before: Fri 07 Apr 2023 04:59:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 188.214.27.0/24 maxlen: 24
78.142.243.0/24 maxlen: 24
185.9.55.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
192.166.208.0/22 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:5a:15:ad:0c:34:60:08:35:57:64:6f:89:cd:5a:b3:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 7 04:59:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=236fb5a9164af10f01c72529f8dfedc8bd4eefe2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:1b:20:36:e1:a3:70:17:cd:0c:fa:03:5e:61:
a0:63:7c:16:94:4c:67:46:a1:5f:91:32:91:f3:ef:
47:76:35:7f:6e:e1:d5:9b:41:a6:dd:97:9d:38:55:
25:95:7c:8b:21:0c:42:fa:36:46:fb:83:50:a4:89:
33:3b:96:38:d9:23:21:15:1a:e6:36:0c:5d:15:5b:
7b:61:83:9b:aa:5f:5b:ea:6c:c5:0f:16:87:5c:b3:
1b:27:c6:b9:f2:5f:30:da:f4:29:0f:c2:c8:86:31:
50:db:f8:d0:bb:b2:1c:79:47:23:ad:fb:f2:90:a8:
41:f6:65:af:c0:b1:f4:2a:2d:00:46:51:ed:60:06:
b5:60:1f:6b:a0:cb:28:cd:f5:26:74:d1:19:9c:c1:
04:56:56:83:c8:5e:4b:6a:28:05:b2:15:5d:ae:0a:
16:ec:ae:9f:da:1e:90:dd:7b:9f:ec:a7:c6:dc:ce:
f4:0a:24:f6:42:1b:2a:7b:7f:00:2c:03:70:57:4f:
4c:fb:21:10:53:d0:11:ce:9e:5c:98:c1:cf:4b:60:
b9:0e:f1:a6:83:d5:8e:3d:1a:ba:3f:91:46:5b:50:
71:93:55:d0:34:ee:46:2e:c1:7d:ef:03:88:66:19:
9f:d0:d7:2a:56:ee:6a:1b:19:9c:b9:8c:24:33:27:
59:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:6F:B5:A9:16:4A:F1:0F:01:C7:25:29:F8:DF:ED:C8:BD:4E:EF:E2
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/I2-1qRZK8Q8BxyUp-N_tyL1O7-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
78.142.243.0/24
185.9.55.0/24
185.103.75.0/24
188.214.27.0/24
192.166.208.0/22
193.19.106.0/24
194.4.157.0/24
Signature Algorithm: sha256WithRSAEncryption
74:19:85:5f:4e:10:72:5e:34:be:0c:de:f5:ce:33:6e:89:f8:
d1:aa:bd:e8:a0:6c:4c:52:79:45:c4:75:da:3d:0a:f5:bd:c5:
64:dc:6b:71:2b:4a:fe:39:be:61:18:4a:66:13:7d:f8:6e:92:
93:ba:d1:26:4d:31:e1:76:e4:51:a0:13:14:cb:83:03:b4:93:
6a:fb:78:4c:8d:5a:1b:30:4d:8a:0c:33:68:fa:29:cb:ed:25:
ef:61:6f:27:c3:a2:56:95:6b:e7:35:fd:6f:34:0f:ae:75:86:
fe:59:f3:e9:42:90:e2:59:16:df:6a:93:ae:e4:19:55:9f:3a:
ef:fb:23:4a:0b:a1:63:08:67:be:36:5a:76:68:90:e8:52:da:
09:74:75:3d:1b:61:7a:07:1f:74:67:3f:66:41:cd:81:7a:44:
d8:ec:82:70:1e:ee:7a:41:d5:6d:0b:25:48:a4:d6:27:80:66:
c0:e3:ae:d7:04:2d:54:ae:b5:8c:a1:8e:d8:47:40:cb:83:34:
5a:26:5a:ee:2f:39:e1:fd:a3:e2:48:f9:6a:4b:95:fb:b9:e8:
d2:00:ad:c0:19:0c:80:a3:b7:7e:e9:38:54:3d:87:62:8f:00:
3a:b6:f6:ef:1d:12:99:93:3f:84:ba:a2:4d:08:04:42:97:f7:
95:df:c3:bb
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYdaFa0MNGAINVdkb4nNWrMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA3MDQ1OTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzZmYjVhOTE2NGFmMTBmMDFjNzI1MjlmOGRmZWRjOGJkNGVlZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBsgNuGjcBfNDPoDXmGgY3wWlExn
RqFfkTKR8+9HdjV/buHVm0Gm3ZedOFUllXyLIQxC+jZG+4NQpIkzO5Y42SMhFRrm
NgxdFVt7YYObql9b6mzFDxaHXLMbJ8a58l8w2vQpD8LIhjFQ2/jQu7IceUcjrfvy
kKhB9mWvwLH0Ki0ARlHtYAa1YB9roMsozfUmdNEZnMEEVlaDyF5LaigFshVdrgoW
7K6f2h6Q3Xuf7KfG3M70CiT2Qhsqe38ALANwV09M+yEQU9ARzp5cmMHPS2C5DvGm
g9WOPRq6P5FGW1Bxk1XQNO5GLsF97wOIZhmf0NcqVu5qGxmcuYwkMydZ0QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFCNvtakWSvEPAcclKfjf7ci9Tu/iMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSTItMXFSWks4UThCeHlVcC1OX3R5TDFPNy1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALZ+YAwQA
To7zAwQAuQk3AwQAuWdLAwQAvNYbAwQCwKbQAwQAwRNqAwQAwgSdMA0GCSqGSIb3
DQEBCwUAA4IBAQB0GYVfThByXjS+DN71zjNuifjRqr3ooGxMUnlFxHXaPQr1vcVk
3GtxK0r+Ob5hGEpmE334bpKTutEmTTHhduRRoBMUy4MDtJNq+3hMjVobME2KDDNo
+inL7SXvYW8nw6JWlWvnNf1vNA+udYb+WfPpQpDiWRbfapOu5BlVnzrv+yNKC6Fj
CGe+Nlp2aJDoUtoJdHU9G2F6Bx90Zz9mQc2BekTY7IJwHu56QdVtCyVIpNYngGbA
467XBC1UrrWMoY7YR0DLgzRaJlruLznh/aPiSPlqS5X7uejSAK3AGQyAo7d+6ThU
PYdijwA6tvbvHRKZkz+EuqJNCARCl/eV38O7
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:54 2023 by rpki-client on console-ams.rpki-client.org