Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/O1N2c1fy8-5pABMOLjZRpzZfbQ4.roa
File: O1N2c1fy8-5pABMOLjZRpzZfbQ4.roa (raw, json)
Hash identifier: TZRbDKHTz80d/qUizuyrMBH4VXu/9tEhjOYZoDzntzw=
Subject key identifier: 3B:53:76:73:57:F2:F3:EE:69:00:13:0E:2E:36:51:A7:36:5F:6D:0E
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01882D3519D1AA639AFB3FF6EB7A85464913
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/O1N2c1fy8-5pABMOLjZRpzZfbQ4.roa
Signing time: Thu 18 May 2023 04:53:54 +0000
ROA not before: Thu 18 May 2023 04:53:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.115.146.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
193.42.52.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:2d:35:19:d1:aa:63:9a:fb:3f:f6:eb:7a:85:46:49:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 18 04:53:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3b53767357f2f3ee6900130e2e3651a7365f6d0e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:21:ed:ef:22:8f:df:5b:1a:74:a8:c3:ce:08:
05:b4:f2:2e:2a:ba:d2:05:a9:07:32:97:a2:3e:34:
f9:f0:8d:48:17:e3:a9:2d:ec:8f:51:4b:13:44:4b:
fc:ab:41:ba:13:a2:fe:87:eb:68:28:8f:be:ba:a9:
95:12:d2:e0:1d:70:d6:ae:94:aa:74:2e:b8:e7:b2:
a7:e9:c9:86:f9:41:fa:9c:33:ca:33:c0:62:e7:2a:
92:d0:01:3f:68:1e:bd:26:c3:d1:9f:e5:36:01:7c:
b2:72:85:12:2d:07:3e:ab:e5:32:60:62:d4:8b:8d:
90:4c:fd:e7:8c:55:55:7a:de:24:83:0c:4e:80:cb:
ea:ce:2f:78:d1:a1:72:78:49:dc:95:54:10:2c:44:
8e:3f:39:de:f8:b2:53:5f:94:be:92:3d:2d:33:3d:
fe:1b:22:8c:3c:46:e2:6d:f7:f6:aa:2e:9a:7b:37:
2c:b2:52:73:76:65:12:ce:54:59:04:4b:8c:d2:5a:
0a:2e:30:2a:b0:1f:7c:82:3b:c2:e4:2d:00:b5:96:
fa:e2:68:5c:f5:d5:d2:df:8b:30:3c:e7:4e:7c:83:
ef:66:c6:b9:39:8d:e7:a4:d3:ab:bd:28:19:f7:69:
65:1c:ac:e6:52:d6:e7:37:db:42:3e:ea:9e:da:2e:
d4:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:53:76:73:57:F2:F3:EE:69:00:13:0E:2E:36:51:A7:36:5F:6D:0E
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/O1N2c1fy8-5pABMOLjZRpzZfbQ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
77.75.60.0/24
78.142.242.0/23
89.43.208.0/24
89.43.210.0/23
103.205.25.0/24
178.239.192.0-178.239.194.255
178.239.200.0/24
178.239.203.0/24
185.103.73.0/24
185.103.75.0/24
185.115.145.0-185.115.146.255
185.121.230.0/23
185.229.104.0/22
185.230.248.0/23
185.236.62.0/23
185.245.236.0-185.245.238.255
192.166.212.0/22
193.19.106.0/24
193.42.52.0/24
194.4.156.0/23
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
24:39:a3:ac:03:32:a9:05:01:68:bb:40:1a:1a:f4:9d:19:c5:
63:6c:5f:5d:83:fb:fc:e7:ca:cc:8a:84:2f:0a:1a:b9:15:cd:
a2:23:6e:66:1d:db:27:9b:6e:10:29:64:9f:1a:98:05:6f:8c:
59:aa:ae:af:25:9d:93:5c:77:b5:e3:61:d3:36:fe:8e:48:8e:
bc:8b:cf:b1:f2:88:a8:ab:b5:07:3c:e5:c5:53:76:b4:1a:fa:
62:1b:f5:29:01:6e:d7:aa:48:5c:da:40:03:ac:e4:9c:02:da:
31:0b:56:56:fb:2b:67:fb:8f:f6:76:ff:89:94:08:69:60:1e:
4a:17:32:a2:94:97:99:f2:c1:4c:b9:71:19:7c:99:81:e1:f7:
94:3d:b3:29:af:87:59:46:5a:80:ef:67:c0:66:f5:3a:ba:4e:
98:17:ed:d1:bd:45:ba:44:46:49:4c:92:58:c0:71:45:30:91:
9b:ff:ed:0a:a9:e7:ae:1e:5f:6a:82:0b:c7:49:15:36:2f:12:
a3:f0:1f:e5:28:80:38:43:f7:12:14:d4:3b:e5:f5:78:d3:ed:
b4:72:83:c4:53:7d:30:40:41:38:71:8d:bc:e4:90:69:60:22:
55:90:71:04:7a:e6:8d:46:ce:c3:e9:83:14:9e:60:c9:5d:8d:
d7:05:06:65
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISAYgtNRnRqmOa+z/263qFRkkTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTE4MDQ1MzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjUzNzY3MzU3ZjJmM2VlNjkwMDEzMGUyZTM2NTFhNzM2NWY2ZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyHt7yKP31sadKjDzggFtPIuKrrS
BakHMpeiPjT58I1IF+OpLeyPUUsTREv8q0G6E6L+h+toKI++uqmVEtLgHXDWrpSq
dC6457Kn6cmG+UH6nDPKM8Bi5yqS0AE/aB69JsPRn+U2AXyycoUSLQc+q+UyYGLU
i42QTP3njFVVet4kgwxOgMvqzi940aFyeEnclVQQLESOPzne+LJTX5S+kj0tMz3+
GyKMPEbibff2qi6aezcsslJzdmUSzlRZBEuM0loKLjAqsB98gjvC5C0AtZb64mhc
9dXS34swPOdOfIPvZsa5OY3npNOrvSgZ92llHKzmUtbnN9tCPuqe2i7U4QIDAQAB
o4ICxDCCAsAwHQYDVR0OBBYEFDtTdnNX8vPuaQATDi42Uac2X20OMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTzFOMmMxZnk4LTVwQUJNT0xqWlJwelpmYlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHZBggrBgEFBQcBBwEB/wSByTCBxjCBwwQCAAEwgbwwDAME
Ay2fmAMEAC2fmgMEAD7FhAMEAD7FhwMEAE1LPAMEAU6O8gMEAFkr0AMEAVkr0gME
AGfNGTAMAwQGsu/AAwQAsu/CAwQAsu/IAwQAsu/LAwQAuWdJAwQAuWdLMAwDBAC5
c5EDBAC5c5IDBAG5eeYDBAK55WgDBAG55vgDBAG57D4wDAMEArn17AMEALn17gME
AsCm1AMEAMETagMEAMEqNAMEAcIEnAMEAMIEnwMEAMsACAMEANUg+TANBgkqhkiG
9w0BAQsFAAOCAQEAJDmjrAMyqQUBaLtAGhr0nRnFY2xfXYP7/OfKzIqELwoauRXN
oiNuZh3bJ5tuEClknxqYBW+MWaquryWdk1x3teNh0zb+jkiOvIvPsfKIqKu1Bzzl
xVN2tBr6Yhv1KQFu16pIXNpAA6zknALaMQtWVvsrZ/uP9nb/iZQIaWAeShcyopSX
mfLBTLlxGXyZgeH3lD2zKa+HWUZagO9nwGb1OrpOmBft0b1FukRGSUySWMBxRTCR
m//tCqnnrh5faoILx0kVNi8So/Af5SiAOEP3EhTUO+X1eNPttHKDxFN9MEBBOHGN
vOSQaWAiVZBxBHrmjUbOw+mDFJ5gyV2N1wUGZQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:45 2024 by rpki-client on console-fra.rpki-client.org