Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/RZPwVtlLiMTMbbldyXF9280ZaB0.roa
File: RZPwVtlLiMTMbbldyXF9280ZaB0.roa (raw, json)
Hash identifier: JhTb4FpMhQ4EddetBYpikwxNVXjIpxHC1S/wmkxTx/E=
Subject key identifier: 45:93:F0:56:D9:4B:88:C4:CC:6D:B9:5D:C9:71:7D:DB:CD:19:68:1D
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018773DF54C98990D13CDCEF5F9E8955C31E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/RZPwVtlLiMTMbbldyXF9280ZaB0.roa
Signing time: Wed 12 Apr 2023 05:10:28 +0000
ROA not before: Wed 12 Apr 2023 05:10:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 178.239.203.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.9.55.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
192.166.208.0/22 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:73:df:54:c9:89:90:d1:3c:dc:ef:5f:9e:89:55:c3:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 12 05:10:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4593f056d94b88c4cc6db95dc9717ddbcd19681d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:8b:7c:80:9f:75:cf:59:a6:e0:26:84:05:9b:
11:ae:59:a7:2e:4a:1f:5b:f5:cc:02:bd:3f:7a:d4:
7c:14:74:d7:c2:89:b6:ce:c6:18:24:b1:c8:09:47:
a5:e8:3b:04:a5:46:28:a9:59:c5:90:4b:61:91:54:
fd:09:d3:b6:1a:45:0a:8c:d9:df:8d:ab:c5:47:f5:
25:38:85:29:cb:f8:54:55:95:0a:25:8f:e7:5e:26:
f8:51:69:9b:ee:85:aa:ba:40:21:f4:57:a7:7f:91:
c9:6e:4e:5f:67:7a:53:0b:bd:d4:0a:8f:51:91:2f:
2d:f8:1d:fe:b4:54:c8:74:8d:dd:ea:41:57:b4:e8:
d8:52:a4:fe:b2:d2:06:5e:2a:3f:5e:81:d6:f4:57:
dd:cc:c2:36:46:4f:8f:b8:00:85:76:5a:12:26:d0:
85:40:42:6a:66:de:dd:25:7d:ea:3b:90:ad:29:25:
4a:75:d2:1f:5a:95:5a:0c:d6:f8:a9:75:5a:d4:2d:
d1:be:b4:93:01:d8:47:74:1d:87:61:23:fd:be:07:
a1:04:f1:94:d5:b1:15:90:7c:59:7f:70:89:07:08:
4b:f0:dd:57:67:36:6f:6d:4f:ff:1a:20:1e:ff:29:
79:8d:ef:0d:87:3b:90:72:ec:1f:eb:fc:3b:5f:de:
61:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:93:F0:56:D9:4B:88:C4:CC:6D:B9:5D:C9:71:7D:DB:CD:19:68:1D
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/RZPwVtlLiMTMbbldyXF9280ZaB0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
45.159.154.0/24
178.239.203.0/24
185.9.55.0/24
185.103.75.0/24
185.229.106.0/24
185.245.237.0/24
192.166.208.0/22
193.19.106.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:d0:a4:c8:09:0e:2c:69:f1:86:16:41:a8:7e:75:ca:f6:98:
a8:7b:e5:b6:75:89:9f:6f:8b:4b:1f:b5:cf:c9:af:90:4b:ec:
17:3c:f6:b1:d5:8a:b1:3a:62:5b:e6:09:f4:8e:7e:e7:71:53:
a8:ac:3b:b5:01:c6:58:77:ea:62:6c:6b:c8:7e:ce:b9:66:2c:
15:4e:11:21:f7:8a:c5:0a:ab:e9:19:8b:00:d8:5e:72:d0:de:
23:e9:41:f6:42:24:67:15:95:ff:e8:a0:d1:96:bf:c4:f3:28:
ca:59:ba:8e:29:a4:ba:9c:08:5f:30:0a:77:10:d2:b6:37:b5:
3b:43:a0:66:8b:32:10:ce:55:87:37:16:0b:b6:e1:b6:38:78:
97:5c:7e:bf:bf:83:c1:f4:3a:34:05:ad:14:0c:ad:cf:85:fe:
74:34:16:cd:7b:36:a2:3d:0b:ba:57:64:c9:14:5d:e0:77:eb:
b4:8a:3e:8f:22:16:3c:23:79:e5:41:08:86:7a:99:23:5b:24:
17:b9:fd:b8:0f:ac:b7:02:a3:d7:6f:5b:f1:c1:e1:17:62:08:
f6:c5:1a:7d:20:c9:66:15:d2:70:77:b8:17:3e:7a:86:63:2a:
de:67:32:a4:40:68:20:65:1d:18:39:22:73:39:f9:84:8e:dd:
44:ca:08:e1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYdz31TJiZDRPNzvX56JVcMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEyMDUxMDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTkzZjA1NmQ5NGI4OGM0Y2M2ZGI5NWRjOTcxN2RkYmNkMTk2ODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYt8gJ91z1mm4CaEBZsRrlmnLkof
W/XMAr0/etR8FHTXwom2zsYYJLHICUel6DsEpUYoqVnFkEthkVT9CdO2GkUKjNnf
javFR/UlOIUpy/hUVZUKJY/nXib4UWmb7oWqukAh9Fenf5HJbk5fZ3pTC73UCo9R
kS8t+B3+tFTIdI3d6kFXtOjYUqT+stIGXio/XoHW9FfdzMI2Rk+PuACFdloSJtCF
QEJqZt7dJX3qO5CtKSVKddIfWpVaDNb4qXVa1C3RvrSTAdhHdB2HYSP9vgehBPGU
1bEVkHxZf3CJBwhL8N1XZzZvbU//GiAe/yl5je8NhzuQcuwf6/w7X95hYQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEWT8FbZS4jEzG25XclxfdvNGWgdMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUlpQd1Z0bExpTVRNYmJsZHlYRjkyODBaYUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALZ+YAwQA
LZ+aAwQAsu/LAwQAuQk3AwQAuWdLAwQAueVqAwQAufXtAwQCwKbQAwQAwRNqMA0G
CSqGSIb3DQEBCwUAA4IBAQBK0KTICQ4safGGFkGofnXK9pioe+W2dYmfb4tLH7XP
ya+QS+wXPPax1YqxOmJb5gn0jn7ncVOorDu1AcZYd+pibGvIfs65ZiwVThEh94rF
CqvpGYsA2F5y0N4j6UH2QiRnFZX/6KDRlr/E8yjKWbqOKaS6nAhfMAp3ENK2N7U7
Q6BmizIQzlWHNxYLtuG2OHiXXH6/v4PB9Do0Ba0UDK3Phf50NBbNezaiPQu6V2TJ
FF3gd+u0ij6PIhY8I3nlQQiGepkjWyQXuf24D6y3AqPXb1vxweEXYgj2xRp9IMlm
FdJwd7gXPnqGYyreZzKkQGggZR0YOSJzOfmEjt1Eygjh
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:11 2024 by rpki-client on console-ams.rpki-client.org