Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R2hKjabRs1aBLV83pJMbwqXNT6w.roa
File: R2hKjabRs1aBLV83pJMbwqXNT6w.roa (raw, json)
Hash identifier: i2yGwtwloToFiOXzQvyuMR358XGO+k/KkzbSE6ipFoI=
Subject key identifier: 47:68:4A:8D:A6:D1:B3:56:81:2D:5F:37:A4:93:1B:C2:A5:CD:4F:AC
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187E59819A8C5A29F52A23F7DC957E9637D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R2hKjabRs1aBLV83pJMbwqXNT6w.roa
Signing time: Thu 04 May 2023 07:09:23 +0000
ROA not before: Thu 04 May 2023 07:09:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.115.146.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
89.38.136.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
62.197.128.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:e5:98:19:a8:c5:a2:9f:52:a2:3f:7d:c9:57:e9:63:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 4 07:09:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=47684a8da6d1b356812d5f37a4931bc2a5cd4fac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:d7:a3:8b:e6:df:20:50:c1:48:4c:e5:30:e8:
a6:4d:fd:bc:84:89:88:ee:c5:78:f2:1a:9f:ed:c1:
41:7b:f9:c6:56:ca:74:e5:8b:49:21:6c:00:40:60:
e4:dc:1f:fd:c5:b6:30:cd:26:4b:bd:cd:38:aa:e6:
45:32:09:b0:fe:6b:f9:ab:4c:d9:05:30:a7:40:4a:
34:e2:bc:e6:b8:01:ec:28:27:c1:bd:2b:c8:c2:f3:
be:d0:76:46:87:15:e6:5b:79:4c:fb:fd:c6:fa:04:
70:62:12:a2:7f:4e:39:bc:55:ba:b1:38:b0:6c:5c:
55:e3:53:47:99:a3:23:e1:45:35:54:e5:0e:c4:54:
cc:76:35:56:52:0e:8e:67:f0:c5:1c:d7:49:61:93:
5f:0d:ac:6e:41:f5:5f:1d:fc:d3:85:d7:d4:5b:0e:
78:e2:fd:0a:bb:bc:dd:48:44:86:b9:4d:5e:25:65:
e4:49:f6:cb:86:d8:91:e5:31:93:a6:44:8e:24:12:
b4:ea:f7:2d:f5:16:a0:94:5d:5e:fb:07:d4:ff:ee:
21:17:f3:6d:71:83:41:13:5d:97:16:ec:b1:51:e0:
48:1a:70:7c:0b:62:20:5c:9e:1f:16:ed:42:4e:4a:
f9:dc:3a:fd:81:4f:04:9a:9a:72:87:a1:3a:57:b9:
0d:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:68:4A:8D:A6:D1:B3:56:81:2D:5F:37:A4:93:1B:C2:A5:CD:4F:AC
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R2hKjabRs1aBLV83pJMbwqXNT6w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.128.0/24
62.197.135.0/24
78.142.242.0/23
89.38.136.0/24
89.43.208.0/24
89.43.210.0/23
178.239.192.0/24
178.239.203.0/24
185.103.73.0/24
185.103.75.0/24
185.115.145.0-185.115.146.255
185.121.230.0/23
185.229.104.0-185.229.106.255
185.230.248.0/23
185.236.62.0/24
185.245.236.0-185.245.238.255
194.4.156.0/23
194.4.159.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:eb:6b:0f:7f:3a:b3:bb:17:9d:fe:46:d0:6a:c0:85:c5:5a:
67:10:b9:e5:79:be:3f:de:ec:d9:ca:2f:28:75:ec:bb:17:47:
fb:d6:0d:20:89:67:f4:95:2f:e9:7a:c5:83:3d:79:83:f7:c9:
02:6d:37:e2:7a:a0:a3:b3:66:12:10:a9:22:10:48:3c:e4:8a:
1e:c5:dd:7f:27:d3:bb:80:fa:92:33:6e:cd:94:90:82:b2:23:
c6:7f:3e:f4:79:15:8a:cc:a4:fa:f1:0a:84:2a:70:bd:7e:53:
c8:ea:71:6c:e0:c9:ce:b1:f3:dc:01:3b:8d:68:57:7d:2a:71:
69:a3:aa:de:af:d2:c5:bc:b3:d7:bd:5f:7b:dc:e5:80:5a:3b:
f7:fd:fd:39:d6:eb:14:a6:32:db:76:34:77:b1:4a:49:82:89:
2e:75:c5:be:98:52:2d:aa:04:c9:da:fe:11:b0:e0:aa:77:db:
58:91:a9:53:85:9e:88:a2:2d:d6:72:61:10:93:96:6c:58:65:
5c:23:a3:50:bc:53:3d:b2:6d:8a:28:b6:d6:86:09:b1:fa:9e:
db:a6:77:1d:1c:50:35:10:cb:20:f7:fd:4a:75:90:99:08:8a:
85:b4:26:a6:7c:03:6e:56:08:8f:a5:b3:1c:3c:75:dd:ce:f7:
5e:40:18:42
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYflmBmoxaKfUqI/fclX6WN9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTA0MDcwOTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzY4NGE4ZGE2ZDFiMzU2ODEyZDVmMzdhNDkzMWJjMmE1Y2Q0ZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNeji+bfIFDBSEzlMOimTf28hImI
7sV48hqf7cFBe/nGVsp05YtJIWwAQGDk3B/9xbYwzSZLvc04quZFMgmw/mv5q0zZ
BTCnQEo04rzmuAHsKCfBvSvIwvO+0HZGhxXmW3lM+/3G+gRwYhKif045vFW6sTiw
bFxV41NHmaMj4UU1VOUOxFTMdjVWUg6OZ/DFHNdJYZNfDaxuQfVfHfzThdfUWw54
4v0Ku7zdSESGuU1eJWXkSfbLhtiR5TGTpkSOJBK06vct9RaglF1e+wfU/+4hF/Nt
cYNBE12XFuyxUeBIGnB8C2IgXJ4fFu1CTkr53Dr9gU8Emppyh6E6V7kNCQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEdoSo2m0bNWgS1fN6STG8KlzU+sMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUjJoS2phYlJzMWFCTFY4M3BKTWJ3cVhOVDZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG1BggrBgEFBQcBBwEB/wSBpTCBojCBnwQCAAEwgZgwDAME
Ay2fmAMEAC2fmgMEAD7FgAMEAD7FhwMEAU6O8gMEAFkmiAMEAFkr0AMEAVkr0gME
ALLvwAMEALLvywMEALlnSQMEALlnSzAMAwQAuXORAwQAuXOSAwQBuXnmMAwDBAO5
5WgDBAC55WoDBAG55vgDBAC57D4wDAMEArn17AMEALn17gMEAcIEnAMEAMIEnwME
ANUg+TANBgkqhkiG9w0BAQsFAAOCAQEADOtrD386s7sXnf5G0GrAhcVaZxC55Xm+
P97s2covKHXsuxdH+9YNIIln9JUv6XrFgz15g/fJAm034nqgo7NmEhCpIhBIPOSK
HsXdfyfTu4D6kjNuzZSQgrIjxn8+9HkVisyk+vEKhCpwvX5TyOpxbODJzrHz3AE7
jWhXfSpxaaOq3q/Sxbyz171fe9zlgFo79/39OdbrFKYy23Y0d7FKSYKJLnXFvphS
LaoEydr+EbDgqnfbWJGpU4WeiKIt1nJhEJOWbFhlXCOjULxTPbJtiii21oYJsfqe
26Z3HRxQNRDLIPf9SnWQmQiKhbQmpnwDblYIj6WzHDx13c73XkAYQg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:10 2024 by rpki-client on console-ams.rpki-client.org