Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JJ3jlbKodYHLk2B5chypzjKcWZc.roa
File: JJ3jlbKodYHLk2B5chypzjKcWZc.roa (raw, json)
Hash identifier: P4mwneqLXHLsbjaMKoPh+fv+/qkzeY0CxA3T0FPcSDk=
Subject key identifier: 24:9D:E3:95:B2:A8:75:81:CB:93:60:79:72:1C:A9:CE:32:9C:59:97
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018779E8F08CE2FA91DDCDC2FF73378D8759
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JJ3jlbKodYHLk2B5chypzjKcWZc.roa
Signing time: Thu 13 Apr 2023 09:18:41 +0000
ROA not before: Thu 13 Apr 2023 09:18:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.230.248.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
194.4.159.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
192.166.208.0/22 maxlen: 24
89.47.89.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
185.121.230.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:79:e8:f0:8c:e2:fa:91:dd:cd:c2:ff:73:37:8d:87:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 13 09:18:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=249de395b2a87581cb936079721ca9ce329c5997
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:ff:c0:8f:79:77:0b:96:e6:3e:34:f7:64:f9:
cc:da:8c:2b:1a:96:38:53:b4:c1:32:3f:8d:df:00:
15:cf:77:d7:de:55:45:41:a5:6e:11:98:27:09:7f:
5e:8d:40:91:09:ca:b7:1f:e3:47:06:39:7a:b7:3f:
a9:4c:12:42:99:f3:ee:3b:45:1d:22:e3:38:1e:e4:
13:da:a5:70:02:32:78:74:39:73:2f:44:9d:54:bd:
14:33:8a:74:67:f4:d5:5e:67:4e:5a:d2:43:0b:57:
e0:92:ec:7f:c5:d3:fa:2a:2d:2f:b8:ff:f3:06:9d:
75:97:62:e3:7a:f9:a9:84:ea:4c:93:9b:fd:b9:be:
8a:8b:f5:0b:f3:10:fe:73:f8:1a:ce:a3:ac:52:72:
56:82:c9:3e:d5:f8:ce:3f:5b:a2:4e:7e:61:6e:c9:
a5:d9:64:57:1f:28:f4:40:ee:82:b5:31:78:4b:fc:
a4:d3:c9:f1:df:6f:0b:44:dc:8a:e3:e3:54:af:b2:
e6:a8:bf:af:bf:3f:45:5c:73:b8:8d:08:e3:8c:a2:
78:0f:c4:2f:7a:73:1a:46:67:a2:58:06:d6:73:5e:
8f:9d:c4:1d:51:cf:50:d3:c7:3e:74:59:58:8a:9c:
e5:d3:8d:fc:7d:23:e9:2a:e8:0e:b9:f5:6c:4c:25:
d6:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:9D:E3:95:B2:A8:75:81:CB:93:60:79:72:1C:A9:CE:32:9C:59:97
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/JJ3jlbKodYHLk2B5chypzjKcWZc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
45.159.154.0/24
62.197.135.0/24
78.142.242.0/23
89.43.208.0/24
89.47.89.0/24
178.239.203.0/24
185.103.75.0/24
185.121.230.0/23
185.229.104.0/24
185.229.106.0/24
185.230.248.0/24
185.245.237.0/24
192.166.208.0/22
193.19.106.0/24
194.4.159.0/24
Signature Algorithm: sha256WithRSAEncryption
76:a1:b7:02:90:8a:8a:c5:89:bc:24:70:b8:e6:db:98:5f:cc:
9c:fc:a1:a1:8e:3f:b0:83:9c:5a:c7:e4:ed:d2:7c:02:5a:5c:
b0:cd:df:bf:a5:01:a6:6c:49:f9:8a:a1:bd:37:71:0c:8f:97:
ce:a9:10:20:7b:a5:fe:68:c1:7b:90:14:6b:78:0e:12:45:f0:
ba:fc:66:19:5f:c8:58:0e:ca:16:6d:c8:87:4c:06:99:91:df:
a8:dc:b0:e4:83:34:d2:f9:64:37:78:bf:7d:ae:07:3c:41:6f:
b3:2c:14:07:a2:e0:4f:25:71:2d:fb:7d:e2:99:a1:b3:dc:10:
09:76:ab:b5:a3:71:71:cd:ae:f3:9a:94:c4:60:72:22:99:4a:
b9:51:b1:2c:40:c7:a2:d4:90:3a:b0:21:97:a2:27:4f:0e:a8:
00:10:6b:20:ea:f9:b3:14:50:04:4c:cd:66:0b:4a:db:dd:d7:
41:33:45:28:6f:50:4e:00:6c:4c:42:e8:74:32:33:75:7f:4e:
71:c3:10:13:16:7b:86:f5:c6:de:5c:7e:7d:26:0a:b8:79:43:
26:a3:d7:f1:12:44:21:67:41:4d:bd:e6:ab:b8:59:d7:fc:de:
56:aa:11:86:d3:f0:0f:56:f7:5a:1d:ad:3e:b0:26:eb:5b:1e:
7a:1e:1c:99
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYd56PCM4vqR3c3C/3M3jYdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEzMDkxODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDlkZTM5NWIyYTg3NTgxY2I5MzYwNzk3MjFjYTljZTMyOWM1OTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAof/Aj3l3C5bmPjT3ZPnM2owrGpY4
U7TBMj+N3wAVz3fX3lVFQaVuEZgnCX9ejUCRCcq3H+NHBjl6tz+pTBJCmfPuO0Ud
IuM4HuQT2qVwAjJ4dDlzL0SdVL0UM4p0Z/TVXmdOWtJDC1fgkux/xdP6Ki0vuP/z
Bp11l2LjevmphOpMk5v9ub6Ki/UL8xD+c/gazqOsUnJWgsk+1fjOP1uiTn5hbsml
2WRXHyj0QO6CtTF4S/yk08nx328LRNyK4+NUr7LmqL+vvz9FXHO4jQjjjKJ4D8Qv
enMaRmeiWAbWc16PncQdUc9Q08c+dFlYipzl0438fSPpKugOufVsTCXW7QIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFCSd45WyqHWBy5NgeXIcqc4ynFmXMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSkozamxiS29kWUhMazJCNWNoeXB6aktjV1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQALZ+YAwQA
LZ+aAwQAPsWHAwQBTo7yAwQAWSvQAwQAWS9ZAwQAsu/LAwQAuWdLAwQBuXnmAwQA
ueVoAwQAueVqAwQAueb4AwQAufXtAwQCwKbQAwQAwRNqAwQAwgSfMA0GCSqGSIb3
DQEBCwUAA4IBAQB2obcCkIqKxYm8JHC45tuYX8yc/KGhjj+wg5xax+Tt0nwCWlyw
zd+/pQGmbEn5iqG9N3EMj5fOqRAge6X+aMF7kBRreA4SRfC6/GYZX8hYDsoWbciH
TAaZkd+o3LDkgzTS+WQ3eL99rgc8QW+zLBQHouBPJXEt+33imaGz3BAJdqu1o3Fx
za7zmpTEYHIimUq5UbEsQMei1JA6sCGXoidPDqgAEGsg6vmzFFAETM1mC0rb3ddB
M0Uob1BOAGxMQuh0MjN1f05xwxATFnuG9cbeXH59Jgq4eUMmo9fxEkQhZ0FNvear
uFnX/N5WqhGG0/APVvdaHa0+sCbrWx56HhyZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org