Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MJbqdEp6RG7A8o6YQPLc8nRI6ko.roa
File: MJbqdEp6RG7A8o6YQPLc8nRI6ko.roa (raw, json)
Hash identifier: tK7URMIcPhIsPO5FcE+BruA4435D/aJjqDBOtrvMihc=
Subject key identifier: 30:96:EA:74:4A:7A:44:6E:C0:F2:8E:98:40:F2:DC:F2:74:48:EA:4A
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188E8A011572678EBD4CB83ACFA50F84291
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MJbqdEp6RG7A8o6YQPLc8nRI6ko.roa
Signing time: Fri 23 Jun 2023 14:19:44 +0000
ROA not before: Fri 23 Jun 2023 14:19:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.255.39.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
188.241.214.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
213.232.92.0/24 maxlen: 24
45.156.159.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.255.170.0/24 maxlen: 24
89.35.154.0/24 maxlen: 24
89.35.155.0/24 maxlen: 24
188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
87.247.149.0/24 maxlen: 24
87.247.151.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
188.240.233.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
91.188.206.0/24 maxlen: 24
91.188.207.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
188.241.110.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:e8:a0:11:57:26:78:eb:d4:cb:83:ac:fa:50:f8:42:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 23 14:19:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3096ea744a7a446ec0f28e9840f2dcf27448ea4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:3f:3a:6f:60:73:a3:27:18:fb:f6:83:51:b2:
65:87:69:1c:ce:97:8b:5d:6b:e1:5f:75:c0:50:26:
29:d1:00:e2:4f:2e:b9:e6:9f:b9:a3:d6:29:b1:8e:
83:68:4c:b7:e6:70:7a:97:ee:00:a8:4b:a3:b0:94:
dc:cd:c5:78:9a:7f:3f:23:7a:61:c9:f4:99:bb:2b:
8f:d3:a5:64:79:d5:e7:e8:22:66:35:4a:cd:2a:15:
56:b3:b6:ec:2a:a0:81:b3:85:47:e6:28:6d:9f:49:
7b:4a:e0:c1:9c:33:04:96:8e:90:f9:ef:49:a7:63:
54:fc:72:29:d3:72:e2:9c:6d:34:9c:bd:ec:09:74:
8b:05:59:48:17:b8:e2:42:37:3c:5f:6b:4f:3f:44:
56:86:27:55:5b:9c:1c:76:a9:41:af:ac:de:24:3f:
4e:2b:a3:72:5e:c6:74:5c:e9:d6:c2:4e:7c:8c:d1:
8e:ca:b9:27:aa:81:34:f1:14:e2:bd:16:00:91:6b:
74:5b:bc:1f:71:a1:4c:08:fd:ec:fe:f1:84:24:8f:
7b:f6:f2:8d:dd:b1:bb:fe:53:7e:5e:d1:f2:43:d5:
47:99:ed:63:ed:23:26:f2:82:48:f3:34:51:03:dc:
1a:5b:42:97:83:2b:e7:39:39:e4:0e:48:27:66:ab:
a8:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:96:EA:74:4A:7A:44:6E:C0:F2:8E:98:40:F2:DC:F2:74:48:EA:4A
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/MJbqdEp6RG7A8o6YQPLc8nRI6ko.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
45.156.159.0/24
87.247.148.0/22
89.33.85.0/24
89.35.154.0/23
89.37.63.0/24
91.188.204.0/24
91.188.206.0/23
93.115.254.0/23
185.103.72.0/24
185.135.143.0/24
185.238.10.0/24
185.241.210.0/23
185.255.39.0/24
185.255.169.0-185.255.171.255
188.212.132.0/23
188.212.158.0/24
188.213.203.0/24
188.240.230.0/24
188.240.232.0/23
188.241.110.0/24
188.241.214.0/24
213.232.92.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:b2:75:6c:ea:1b:37:29:82:d4:d3:cb:bc:b5:aa:57:d5:04:
00:33:7e:a3:d8:9e:58:b8:f0:ec:1a:dd:db:3a:82:50:26:f3:
d7:07:90:b0:7f:c7:b3:47:78:a9:79:70:88:dc:a0:dc:73:d1:
89:72:79:e8:50:8a:5a:06:06:f3:44:69:e8:a1:04:9c:d3:4c:
92:1b:8d:44:2b:9f:1c:4e:c7:e9:42:b2:98:26:95:14:75:9b:
51:66:74:c0:c9:ae:61:af:95:03:1c:5f:9b:27:ee:e8:89:52:
72:89:48:3c:30:e8:b5:d1:2d:c3:f4:69:18:be:bc:6f:a6:8d:
46:04:2e:6e:72:69:e1:3b:b4:d5:ad:74:a7:ed:73:55:25:ad:
17:87:37:1b:ef:2d:8e:09:d7:fc:4f:9b:53:de:7c:0f:69:e6:
e9:bd:96:b9:83:0e:2a:55:7b:88:16:e7:e3:f7:24:d9:cd:96:
84:89:3e:e8:90:7b:11:79:04:09:73:d0:9f:68:06:0f:11:8f:
3c:94:f7:fc:68:30:fa:a7:19:18:e3:53:bc:78:b3:05:b7:8f:
ac:c0:df:17:37:5b:99:0d:bf:da:c1:f6:35:87:aa:ea:a0:88:
b9:96:cd:d5:88:fa:6b:73:98:a2:7e:d5:e7:35:6e:09:00:be:
a2:99:eb:cd
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYjooBFXJnjr1MuDrPpQ+EKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjIzMTQxOTQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDk2ZWE3NDRhN2E0NDZlYzBmMjhlOTg0MGYyZGNmMjc0NDhlYTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjT86b2BzoycY+/aDUbJlh2kczpeL
XWvhX3XAUCYp0QDiTy655p+5o9YpsY6DaEy35nB6l+4AqEujsJTczcV4mn8/I3ph
yfSZuyuP06VkedXn6CJmNUrNKhVWs7bsKqCBs4VH5ihtn0l7SuDBnDMElo6Q+e9J
p2NU/HIp03LinG00nL3sCXSLBVlIF7jiQjc8X2tPP0RWhidVW5wcdqlBr6zeJD9O
K6NyXsZ0XOnWwk58jNGOyrknqoE08RTivRYAkWt0W7wfcaFMCP3s/vGEJI979vKN
3bG7/lN+XtHyQ9VHme1j7SMm8oJI8zRRA9waW0KXgyvnOTnkDkgnZquosQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFDCW6nRKekRuwPKOmEDy3PJ0SOpKMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTUpicWRFcDZSRzdBOG82WVFQTGM4blJJNmtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDCBmQQCAAEwgZIDBAAt
nJ0DBAAtnJ8DBAJX95QDBABZIVUDBAFZI5oDBABZJT8DBABbvMwDBAFbvM4DBAFd
c/4DBAC5Z0gDBAC5h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQMEArn/qAME
AbzUhAMEALzUngMEALzVywMEALzw5gMEAbzw6AMEALzxbgMEALzx1gMEANXoXDAN
BgkqhkiG9w0BAQsFAAOCAQEAW7J1bOobNymC1NPLvLWqV9UEADN+o9ieWLjw7Brd
2zqCUCbz1weQsH/Hs0d4qXlwiNyg3HPRiXJ56FCKWgYG80Rp6KEEnNNMkhuNRCuf
HE7H6UKymCaVFHWbUWZ0wMmuYa+VAxxfmyfu6IlScolIPDDotdEtw/RpGL68b6aN
RgQubnJp4Tu01a10p+1zVSWtF4c3G+8tjgnX/E+bU958D2nm6b2WuYMOKlV7iBbn
4/ck2c2WhIk+6JB7EXkECXPQn2gGDxGPPJT3/Ggw+qcZGONTvHizBbePrMDfFzdb
mQ2/2sH2NYeq6qCIuZbN1Yj6a3OYon7V5zVuCQC+opnrzQ==
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:01:13 2025 by rpki-client