Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Kh8xpX5I4Goe-sGs3wa9uD2dCC0.roa
File: Kh8xpX5I4Goe-sGs3wa9uD2dCC0.roa (raw, json)
Hash identifier: 8IK6fcy+KS8cuToMc4nAbx5tR1mEBJ7XiJWeqeRnSYc=
Subject key identifier: 2A:1F:31:A5:7E:48:E0:6A:1E:FA:C1:AC:DF:06:BD:B8:3D:9D:08:2D
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0185B396012438C85855D86520435D3D4521
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Kh8xpX5I4Goe-sGs3wa9uD2dCC0.roa
Signing time: Sun 15 Jan 2023 04:00:30 +0000
ROA not before: Sun 15 Jan 2023 04:00:30 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 89.33.14.0/24 maxlen: 24
188.241.242.0/23 maxlen: 23
188.241.248.0/24 maxlen: 24
188.241.182.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
188.214.208.0/23 maxlen: 23
213.32.248.0/22 maxlen: 22
188.241.214.0/24 maxlen: 24
92.114.84.0/23 maxlen: 23
89.40.76.0/24 maxlen: 24
213.232.92.0/22 maxlen: 22
89.43.199.0/24 maxlen: 24
103.205.24.0/22 maxlen: 22
89.33.84.0/23 maxlen: 23
185.255.168.0/22 maxlen: 22
45.123.40.0/22 maxlen: 22
188.214.27.0/24 maxlen: 24
89.35.159.0/24 maxlen: 24
89.35.154.0/23 maxlen: 23
87.247.148.0/22 maxlen: 22
188.240.224.0/22 maxlen: 22
188.240.230.0/24 maxlen: 24
188.240.232.0/23 maxlen: 23
192.166.208.0/21 maxlen: 21
193.42.52.0/22 maxlen: 22
204.75.229.0/24 maxlen: 24
185.35.136.0/22 maxlen: 22
89.36.22.0/23 maxlen: 23
188.241.159.0/24 maxlen: 24
185.255.36.0/22 maxlen: 22
62.197.128.0/24 maxlen: 24
62.197.132.0/22 maxlen: 22
185.238.8.0/22 maxlen: 22
185.103.72.0/22 maxlen: 22
188.241.110.0/24 maxlen: 24
188.240.68.0/24 maxlen: 24
89.38.70.0/24 maxlen: 24
194.4.156.0/22 maxlen: 22
93.115.109.0/24 maxlen: 24
185.115.144.0/22 maxlen: 24
89.44.207.0/24 maxlen: 24
93.115.254.0/23 maxlen: 23
78.142.242.0/23 maxlen: 23
78.142.241.0/24 maxlen: 24
89.38.136.0/24 maxlen: 24
188.213.202.0/23 maxlen: 23
45.156.156.0/22 maxlen: 22
94.176.110.0/23 maxlen: 23
89.38.101.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
93.114.192.0/23 maxlen: 23
89.40.160.0/24 maxlen: 24
93.114.195.0/24 maxlen: 24
188.212.132.0/23 maxlen: 23
188.212.155.0/24 maxlen: 24
188.212.158.0/23 maxlen: 23
185.245.236.0/22 maxlen: 22
203.0.8.0/23 maxlen: 23
89.43.208.0/21 maxlen: 21
103.212.80.0/23 maxlen: 23
103.212.82.0/24 maxlen: 24
91.188.204.0/22 maxlen: 22
89.47.89.0/24 maxlen: 24
89.37.62.0/23 maxlen: 23
178.239.204.0/23 maxlen: 23
185.121.228.0/22 maxlen: 22
178.239.200.0/22 maxlen: 22
185.135.140.0/22 maxlen: 22
89.34.126.0/23 maxlen: 23
93.114.246.0/24 maxlen: 24
223.27.112.0/23 maxlen: 23
223.27.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:b3:96:01:24:38:c8:58:55:d8:65:20:43:5d:3d:45:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 15 04:00:30 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a1f31a57e48e06a1efac1acdf06bdb83d9d082d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:40:35:e4:8f:c4:57:4d:5c:0d:81:be:e7:00:
2c:c4:20:82:5d:02:91:8a:b3:0d:cc:24:c1:a4:d5:
db:a9:07:88:a3:39:4f:f0:d5:28:4c:d6:d3:f5:5b:
82:52:85:51:0c:74:7b:29:96:72:4d:b6:6c:a7:8e:
44:94:31:3d:bf:6c:dc:94:2d:b6:bb:b2:74:5d:59:
27:e1:51:dd:27:bf:4d:c2:0f:99:c4:28:93:4e:9e:
ca:e5:08:98:de:c9:c3:eb:35:4f:ea:cc:b0:9d:e9:
1c:af:46:2c:1c:4c:59:ab:e8:fd:ba:14:a2:62:82:
82:1d:7c:14:79:9c:9c:f3:23:0c:c3:78:10:99:08:
69:66:85:b1:94:40:2d:4d:5d:a9:9a:e7:e2:0a:67:
51:7a:29:d7:04:7a:f0:7a:bb:5f:13:47:71:de:c5:
c1:65:f0:25:b7:48:8d:1e:ec:58:e6:82:df:4f:3b:
a1:5e:02:82:c8:c2:32:a1:fd:ea:00:29:1d:eb:f1:
88:fc:c2:67:7a:63:e9:72:cb:42:44:92:89:13:1c:
49:15:64:3c:d8:19:cb:af:35:3a:bc:5b:71:f4:0d:
d9:63:b8:9d:96:96:fd:d6:25:d6:77:06:94:49:56:
1f:a8:94:c5:ed:60:b4:22:8f:9e:9d:80:81:f5:c5:
01:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:1F:31:A5:7E:48:E0:6A:1E:FA:C1:AC:DF:06:BD:B8:3D:9D:08:2D
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Kh8xpX5I4Goe-sGs3wa9uD2dCC0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.123.40.0/22
45.156.156.0/22
62.197.128.0/24
62.197.132.0/22
78.142.241.0-78.142.243.255
87.247.148.0/22
89.33.14.0/24
89.33.84.0/23
89.34.126.0/23
89.35.154.0/23
89.35.159.0/24
89.36.22.0/23
89.37.62.0/23
89.38.70.0/24
89.38.101.0/24
89.38.136.0/24
89.40.76.0/24
89.40.160.0/24
89.43.199.0/24
89.43.208.0/21
89.44.207.0/24
89.46.92.0/24
89.47.89.0/24
91.188.204.0/22
91.209.12.0/24
92.114.84.0/23
93.114.192.0/23
93.114.195.0/24
93.114.246.0/24
93.115.109.0/24
93.115.254.0/23
94.176.110.0/23
103.205.24.0/22
103.212.80.0-103.212.82.255
178.239.200.0-178.239.205.255
185.35.136.0/22
185.103.72.0/22
185.115.144.0/22
185.121.228.0/22
185.135.140.0/22
185.238.8.0/22
185.245.236.0/22
185.255.36.0/22
185.255.168.0/22
188.212.132.0/23
188.212.155.0/24
188.212.158.0/23
188.213.202.0/23
188.214.27.0/24
188.214.208.0/23
188.240.68.0/24
188.240.224.0/22
188.240.230.0/24
188.240.232.0/23
188.241.110.0/24
188.241.159.0/24
188.241.182.0/24
188.241.214.0/24
188.241.242.0/23
188.241.248.0/24
192.166.208.0/21
193.19.106.0/24
193.42.52.0/22
194.4.156.0/22
203.0.8.0/23
204.75.229.0/24
213.32.248.0/22
213.232.92.0/22
223.27.112.0-223.27.114.255
Signature Algorithm: sha256WithRSAEncryption
13:ba:37:58:f9:82:59:ba:a3:50:e3:32:03:5c:f2:3a:d3:be:
f5:be:6b:20:5a:f4:50:1e:af:80:8c:ea:3c:f9:86:b7:d1:7c:
0c:39:d2:14:32:5b:36:83:47:73:80:3f:ba:87:61:43:24:16:
8a:99:01:4e:b4:07:da:fb:ca:25:1f:6f:4c:43:2f:ad:dc:e2:
75:e3:c1:c7:5c:59:cd:7f:2d:eb:ff:1b:f2:d9:06:c6:4a:2f:
d6:65:a7:e7:8c:8a:24:6b:af:8a:60:ab:cd:48:b6:20:cb:33:
43:6c:6d:88:1e:53:33:4e:61:17:cf:6c:9c:26:e2:a3:c9:e4:
70:6d:d4:a7:ae:bb:c9:64:5a:a9:33:f9:98:18:33:8a:a1:b0:
f5:af:3b:4f:9c:78:fa:bf:95:09:e9:72:72:dd:35:eb:63:0f:
69:19:0f:66:60:38:55:75:99:55:0f:25:42:92:91:f9:02:0a:
2b:b3:dd:b2:ac:ec:74:68:e9:1c:55:c1:40:db:6e:32:ca:83:
d4:1d:2b:2b:4d:74:2e:51:eb:3f:7d:b8:79:19:e3:b3:88:a8:
21:71:f5:e6:8e:5e:90:cf:a4:16:dd:cd:3b:6f:5a:cc:13:24:
7c:c4:11:3a:f1:5f:89:72:01:b6:fa:3c:73:e2:78:f3:34:10:
2e:d8:59:0d
-----BEGIN CERTIFICATE-----
MIIGvzCCBaegAwIBAgISAYWzlgEkOMhYVdhlIENdPUUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTE1MDQwMDMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTFmMzFhNTdlNDhlMDZhMWVmYWMxYWNkZjA2YmRiODNkOWQwODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUA15I/EV01cDYG+5wAsxCCCXQKR
irMNzCTBpNXbqQeIozlP8NUoTNbT9VuCUoVRDHR7KZZyTbZsp45ElDE9v2zclC22
u7J0XVkn4VHdJ79Nwg+ZxCiTTp7K5QiY3snD6zVP6sywnekcr0YsHExZq+j9uhSi
YoKCHXwUeZyc8yMMw3gQmQhpZoWxlEAtTV2pmufiCmdReinXBHrwertfE0dx3sXB
ZfAlt0iNHuxY5oLfTzuhXgKCyMIyof3qACkd6/GI/MJnemPpcstCRJKJExxJFWQ8
2BnLrzU6vFtx9A3ZY7idlpb91iXWdwaUSVYfqJTF7WC0Io+enYCB9cUBlQIDAQAB
o4IDyzCCA8cwHQYDVR0OBBYEFCofMaV+SOBqHvrBrN8Gvbg9nQgtMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS2g4eHBYNUk0R29lLXNHczN3YTl1RDJkQ0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB3wYIKwYBBQUHAQcBAf8EggHOMIIByjCCAcYEAgABMIIB
vgMEAi17KAMEAi2cnAMEAD7FgAMEAj7FhDAMAwQATo7xAwQCTo7wAwQCV/eUAwQA
WSEOAwQBWSFUAwQBWSJ+AwQBWSOaAwQAWSOfAwQBWSQWAwQBWSU+AwQAWSZGAwQA
WSZlAwQAWSaIAwQAWShMAwQAWSigAwQAWSvHAwQDWSvQAwQAWSzPAwQAWS5cAwQA
WS9ZAwQCW7zMAwQAW9EMAwQBXHJUAwQBXXLAAwQAXXLDAwQAXXL2AwQAXXNtAwQB
XXP+AwQBXrBuAwQCZ80YMAwDBARn1FADBABn1FIwDAMEA7LvyAMEAbLvzAMEArkj
iAMEArlnSAMEArlzkAMEArl55AMEArmHjAMEArnuCAMEArn17AMEArn/JAMEArn/
qAMEAbzUhAMEALzUmwMEAbzUngMEAbzVygMEALzWGwMEAbzW0AMEALzwRAMEArzw
4AMEALzw5gMEAbzw6AMEALzxbgMEALzxnwMEALzxtgMEALzx1gMEAbzx8gMEALzx
+AMEA8Cm0AMEAMETagMEAsEqNAMEAsIEnAMEAcsACAMEAMxL5QMEAtUg+AMEAtXo
XDAMAwQE3xtwAwQA3xtyMA0GCSqGSIb3DQEBCwUAA4IBAQATujdY+YJZuqNQ4zID
XPI60771vmsgWvRQHq+AjOo8+Ya30XwMOdIUMls2g0dzgD+6h2FDJBaKmQFOtAfa
+8olH29MQy+t3OJ148HHXFnNfy3r/xvy2QbGSi/WZafnjIoka6+KYKvNSLYgyzND
bG2IHlMzTmEXz2ycJuKjyeRwbdSnrrvJZFqpM/mYGDOKobD1rztPnHj6v5UJ6XJy
3TXrYw9pGQ9mYDhVdZlVDyVCkpH5Agors92yrOx0aOkcVcFA224yyoPUHSsrTXQu
Ues/fbh5GeOziKghcfXmjl6Qz6QW3c07b1rMEyR8xBE68V+JcgG2+jxz4njzNBAu
2FkN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org