Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/O00A9xB7U3W4j4oEini4E9DAQdg.roa
File: O00A9xB7U3W4j4oEini4E9DAQdg.roa (raw, json)
Hash identifier: U8noGml3URxscq9QlwZL3eVgeYLuYn88F2cHGzs0qNs=
Subject key identifier: 3B:4D:00:F7:10:7B:53:75:B8:8F:8A:04:8A:78:B8:13:D0:C0:41:D8
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01873645C54A05616E9A561B3487ECEE1358
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/O00A9xB7U3W4j4oEini4E9DAQdg.roa
Signing time: Fri 31 Mar 2023 06:05:54 +0000
ROA not before: Fri 31 Mar 2023 06:05:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 185.121.230.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.159.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:36:45:c5:4a:05:61:6e:9a:56:1b:34:87:ec:ee:13:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 31 06:05:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3b4d00f7107b5375b88f8a048a78b813d0c041d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:41:b7:33:1a:b1:ad:e0:44:5d:e0:4d:28:33:
bc:6f:cb:39:91:73:8d:38:56:2d:60:42:4b:c5:83:
61:1a:4b:9c:73:40:d0:8a:55:26:9e:2d:7c:a8:18:
86:d1:9f:a1:a3:da:c0:ea:cc:79:2a:ed:da:12:a4:
98:50:7d:f5:47:ef:5b:44:d8:53:c3:34:43:a7:29:
5a:dc:50:9d:30:25:6b:a2:5e:17:c5:bd:e8:18:07:
19:d2:a0:31:e2:6c:63:12:55:5e:67:00:3d:c0:10:
6d:1b:94:7a:80:8e:3a:93:63:85:d5:32:cd:80:9a:
d0:f8:4f:78:ab:25:cf:f0:60:61:6e:b8:4d:02:8b:
47:93:c5:3b:cf:23:c2:5a:6f:48:51:c3:ed:46:18:
2a:cc:67:43:22:b5:89:65:0a:2e:87:b5:65:d6:aa:
fe:a2:4d:a0:d2:42:32:54:a8:04:ed:08:ba:4a:9a:
81:ce:09:74:ae:ea:31:31:20:d4:8f:f2:fb:cb:6e:
87:3b:a7:1c:21:23:05:4e:10:a7:7a:95:68:78:4f:
aa:da:f7:94:ab:84:16:49:bf:f9:03:c0:24:5b:d0:
04:67:15:6b:e9:e4:50:50:b2:c6:a0:7f:82:59:b0:
33:01:a4:fa:7a:5e:14:26:3c:eb:7b:af:65:40:a4:
24:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:4D:00:F7:10:7B:53:75:B8:8F:8A:04:8A:78:B8:13:D0:C0:41:D8
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/O00A9xB7U3W4j4oEini4E9DAQdg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
89.43.208.0/24
185.121.230.0/23
185.229.104.0/24
185.230.248.0/24
194.4.157.0/24
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:63:47:30:11:ab:92:83:5b:c9:ba:f4:ad:8b:7c:77:b3:e6:
29:57:c1:ab:cf:63:48:df:fd:6d:6f:d9:84:c4:77:c3:33:18:
c4:5c:dd:e6:5c:f4:16:04:a9:0c:9e:a8:f7:8a:25:00:c1:04:
e7:c9:59:15:02:7a:cd:df:67:40:a2:29:f8:74:ad:8a:1b:19:
03:f0:8a:14:15:34:aa:8d:91:29:32:45:c4:96:80:74:2f:a6:
b3:45:5f:81:97:e1:a5:7c:d5:bf:3e:12:c0:c3:17:9f:e0:a8:
5a:cd:9b:76:6c:7f:cc:60:6d:38:5c:b7:5f:12:61:d0:50:e8:
bf:61:18:2d:bb:d3:79:64:56:fe:ad:24:72:79:3f:fd:50:2a:
4a:c3:1d:a3:7e:1e:f5:01:3f:61:04:d6:cf:1c:b8:4d:56:a7:
2e:12:b5:a0:cd:2f:cc:5e:3e:1d:e9:1c:c2:6f:b9:b2:42:c1:
70:1e:c1:f4:25:dc:aa:36:0b:26:dd:e9:5c:21:0d:8c:65:9c:
bb:56:71:f1:03:65:f8:27:c1:5e:a6:b9:d4:dc:12:46:4b:df:
3f:18:fb:08:a5:b5:99:bf:0f:2b:74:46:87:89:ac:85:28:50:
e3:70:6a:6f:a1:47:b4:53:8d:56:a3:0a:0e:13:5a:02:e3:05:
ae:94:77:49
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYc2RcVKBWFumlYbNIfs7hNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzMxMDYwNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjRkMDBmNzEwN2I1Mzc1Yjg4ZjhhMDQ4YTc4YjgxM2QwYzA0MWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkG3MxqxreBEXeBNKDO8b8s5kXON
OFYtYEJLxYNhGkucc0DQilUmni18qBiG0Z+ho9rA6sx5Ku3aEqSYUH31R+9bRNhT
wzRDpyla3FCdMCVrol4Xxb3oGAcZ0qAx4mxjElVeZwA9wBBtG5R6gI46k2OF1TLN
gJrQ+E94qyXP8GBhbrhNAotHk8U7zyPCWm9IUcPtRhgqzGdDIrWJZQouh7Vl1qr+
ok2g0kIyVKgE7Qi6SpqBzgl0ruoxMSDUj/L7y26HO6ccISMFThCnepVoeE+q2veU
q4QWSb/5A8AkW9AEZxVr6eRQULLGoH+CWbAzAaT6el4UJjzre69lQKQknQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDtNAPcQe1N1uI+KBIp4uBPQwEHYMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTzAwQTl4QjdVM1c0ajRvRWluaTRFOURBUWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALZ+YAwQA
WSvQAwQBuXnmAwQAueVoAwQAueb4AwQAwgSdAwQAwgSfAwQAywAIAwQA1SD5MA0G
CSqGSIb3DQEBCwUAA4IBAQALY0cwEauSg1vJuvSti3x3s+YpV8Grz2NI3/1tb9mE
xHfDMxjEXN3mXPQWBKkMnqj3iiUAwQTnyVkVAnrN32dAoin4dK2KGxkD8IoUFTSq
jZEpMkXEloB0L6azRV+Bl+GlfNW/PhLAwxef4KhazZt2bH/MYG04XLdfEmHQUOi/
YRgtu9N5ZFb+rSRyeT/9UCpKwx2jfh71AT9hBNbPHLhNVqcuErWgzS/MXj4d6RzC
b7myQsFwHsH0JdyqNgsm3elcIQ2MZZy7VnHxA2X4J8FeprnU3BJGS98/GPsIpbWZ
vw8rdEaHiayFKFDjcGpvoUe0U41WowoOE1oC4wWulHdJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org