Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/SGVsnfeMsk_CLGW2kuKyfwkbfDk.roa
File: SGVsnfeMsk_CLGW2kuKyfwkbfDk.roa (raw, json)
Hash identifier: qCfO1C805l/4D2w1z/4ptRstx6DJwGrYKRIQub+C+1M=
Subject key identifier: 48:65:6C:9D:F7:8C:B2:4F:C2:2C:65:B6:92:E2:B2:7F:09:1B:7C:39
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188C2D9AC3C4D4CD74CB5C33F08BB314C7F
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/SGVsnfeMsk_CLGW2kuKyfwkbfDk.roa
Signing time: Fri 16 Jun 2023 06:17:05 +0000
ROA not before: Fri 16 Jun 2023 06:17:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.241.210.0/23 maxlen: 24
188.241.214.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
45.156.159.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.255.170.0/24 maxlen: 24
89.35.155.0/24 maxlen: 24
188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
87.247.149.0/24 maxlen: 24
87.247.151.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
91.188.207.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:c2:d9:ac:3c:4d:4c:d7:4c:b5:c3:3f:08:bb:31:4c:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 16 06:17:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=48656c9df78cb24fc22c65b692e2b27f091b7c39
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:64:66:91:3d:38:b8:0d:b7:5e:bb:f3:09:c7:
58:b0:e7:a4:b9:9e:59:4b:ea:50:99:48:bd:25:8f:
85:60:78:5b:bc:64:3d:44:e0:37:49:6d:9f:cf:67:
40:f5:7f:9e:55:c6:18:3c:d1:96:b5:eb:c3:0b:89:
fd:78:4d:60:7f:c0:8c:2a:0f:a5:b3:08:eb:a8:05:
8f:12:0c:11:a1:26:87:29:c8:46:2b:8e:ed:f2:d4:
64:cb:da:65:50:8e:82:d7:de:84:3b:ce:f3:34:e5:
b8:5a:0e:5b:47:a4:43:0a:80:e4:f7:4e:a6:53:86:
cb:eb:b7:04:7a:99:8e:ef:29:b6:b8:e0:83:8e:a1:
bb:18:14:1e:84:e1:d2:b1:98:50:83:6d:96:c0:d5:
fc:a5:7b:7d:3e:38:40:69:3b:73:cc:36:5f:f0:a0:
c5:99:93:ed:50:79:ff:4d:06:b8:dd:59:0b:25:26:
4c:10:8c:7c:7f:21:b9:fc:d1:b4:b2:89:dc:4a:f5:
bc:1c:f3:18:65:3f:e4:5b:ee:f0:68:f7:51:9f:44:
e8:a5:95:48:db:6b:2d:ce:ff:11:89:95:df:b3:21:
09:63:64:66:fe:5c:ef:2a:1c:08:fb:c9:5f:6e:29:
34:43:d5:23:43:1f:f5:22:34:6e:2a:46:be:d3:7c:
4f:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:65:6C:9D:F7:8C:B2:4F:C2:2C:65:B6:92:E2:B2:7F:09:1B:7C:39
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/SGVsnfeMsk_CLGW2kuKyfwkbfDk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
45.156.159.0/24
87.247.148.0/22
89.33.85.0/24
89.35.155.0/24
89.37.63.0/24
91.188.204.0/24
91.188.207.0/24
93.115.254.0/23
185.103.72.0/24
185.135.143.0/24
185.238.10.0/24
185.241.210.0/23
185.255.169.0-185.255.171.255
188.212.132.0/23
188.212.158.0/24
188.213.203.0/24
188.240.230.0/24
188.240.232.0/24
188.241.214.0/24
Signature Algorithm: sha256WithRSAEncryption
47:c8:af:4f:5d:4d:a4:fb:2a:83:a5:f2:63:6a:40:f2:10:b8:
e5:73:c5:ba:32:ba:75:44:b0:38:15:94:5a:1c:4e:a6:7e:59:
90:e7:89:f1:38:2c:11:f8:78:a3:45:d5:b0:70:43:f1:0e:16:
88:ae:6a:d8:21:6e:b3:bc:09:41:76:34:c2:60:b1:b2:bf:33:
75:cf:d3:5e:bf:6b:3d:5a:68:36:77:75:f5:76:f1:44:00:4f:
5f:e8:63:07:98:46:d9:18:91:36:35:16:ee:26:c4:e3:de:00:
e9:d1:4e:dc:08:40:f9:90:25:85:d0:ae:8f:83:5f:55:61:44:
3b:5a:a5:30:50:fc:23:0d:28:7a:59:bd:79:cd:42:30:29:ed:
27:41:cb:0d:5f:ba:cd:92:dc:45:47:e6:ff:72:36:ea:10:7f:
5e:9d:d9:38:40:ef:3d:e5:19:8a:fc:9b:c2:91:6e:fb:17:d3:
2a:2c:5e:77:83:df:8c:3d:55:24:c7:d0:6c:ee:a5:71:e4:c1:
3e:69:cf:1b:64:a4:04:a7:92:6c:b3:5e:35:3e:d8:8d:18:bd:
73:05:5f:8f:6d:e8:6b:83:c4:56:e8:38:30:b9:e5:70:9e:8d:
92:12:f5:18:6d:b7:36:7b:89:ef:d2:90:46:40:45:e8:f9:f4:
bf:46:85:45
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAYjC2aw8TUzXTLXDPwi7MUx/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjE2MDYxNzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODY1NmM5ZGY3OGNiMjRmYzIyYzY1YjY5MmUyYjI3ZjA5MWI3YzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumRmkT04uA23XrvzCcdYsOekuZ5Z
S+pQmUi9JY+FYHhbvGQ9ROA3SW2fz2dA9X+eVcYYPNGWtevDC4n9eE1gf8CMKg+l
swjrqAWPEgwRoSaHKchGK47t8tRky9plUI6C196EO87zNOW4Wg5bR6RDCoDk906m
U4bL67cEepmO7ym2uOCDjqG7GBQehOHSsZhQg22WwNX8pXt9PjhAaTtzzDZf8KDF
mZPtUHn/TQa43VkLJSZMEIx8fyG5/NG0soncSvW8HPMYZT/kW+7waPdRn0TopZVI
22stzv8RiZXfsyEJY2Rm/lzvKhwI+8lfbik0Q9UjQx/1IjRuKka+03xPCwIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFEhlbJ33jLJPwixltpLisn8JG3w5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvU0dWc25mZU1za19DTEdXMmt1S3lmd2tiZkRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijCBhwQCAAEwgYADBAAt
nJ0DBAAtnJ8DBAJX95QDBABZIVUDBABZI5sDBABZJT8DBABbvMwDBABbvM8DBAFd
c/4DBAC5Z0gDBAC5h48DBAC57goDBAG58dIwDAMEALn/qQMEArn/qAMEAbzUhAME
ALzUngMEALzVywMEALzw5gMEALzw6AMEALzx1jANBgkqhkiG9w0BAQsFAAOCAQEA
R8ivT11NpPsqg6XyY2pA8hC45XPFujK6dUSwOBWUWhxOpn5ZkOeJ8TgsEfh4o0XV
sHBD8Q4WiK5q2CFus7wJQXY0wmCxsr8zdc/TXr9rPVpoNnd19XbxRABPX+hjB5hG
2RiRNjUW7ibE494A6dFO3AhA+ZAlhdCuj4NfVWFEO1qlMFD8Iw0oelm9ec1CMCnt
J0HLDV+6zZLcRUfm/3I26hB/Xp3ZOEDvPeUZivybwpFu+xfTKixed4PfjD1VJMfQ
bO6lceTBPmnPG2SkBKeSbLNeNT7YjRi9cwVfj23oa4PEVug4MLnlcJ6NkhL1GG23
NnuJ79KQRkBF6Pn0v0aFRQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:11 2024 by rpki-client on console-ams.rpki-client.org