Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VK81cK6O5X9FaBayeFqPhDlV1YQ.roa
File: VK81cK6O5X9FaBayeFqPhDlV1YQ.roa (raw, json)
Hash identifier: H3S6tc69piKWK07ga61pLRS0OJIISAWdnKfweH3kMtc=
Subject key identifier: 54:AF:35:70:AE:8E:E5:7F:45:68:16:B2:78:5A:8F:84:39:55:D5:84
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188F27EC4356A85A6AB4D7ED67C0780C2B2
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VK81cK6O5X9FaBayeFqPhDlV1YQ.roa
Signing time: Sun 25 Jun 2023 12:19:33 +0000
ROA not before: Sun 25 Jun 2023 12:19:33 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.33.14.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
103.205.26.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
188.214.27.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
193.42.52.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.9.54.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.115.146.0/24 maxlen: 24
185.115.147.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
77.75.63.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
185.115.144.0/23 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
89.43.210.0/23 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
185.245.239.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
89.47.89.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.228.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
178.239.192.0/23 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:f2:7e:c4:35:6a:85:a6:ab:4d:7e:d6:7c:07:80:c2:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 25 12:19:33 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=54af3570ae8ee57f456816b2785a8f843955d584
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:2e:9f:a6:d6:c2:13:c3:1c:81:18:89:2f:32:
82:da:0c:91:ab:0c:19:ce:47:d8:55:d9:8d:0b:ff:
2b:5e:fa:46:db:fd:66:90:ef:70:5e:3b:c5:50:c3:
ea:1d:72:72:7c:4e:2c:e9:cb:31:98:f8:d1:84:92:
fd:e9:35:93:3f:2b:be:a4:b7:a9:a7:b3:14:cc:0d:
84:92:34:29:09:eb:d3:90:30:25:fc:97:f8:7b:54:
c2:32:8f:ce:b9:5e:60:7e:c7:dd:48:1c:73:fa:c2:
7f:2d:29:95:17:df:ce:6f:45:66:6a:e8:d9:46:df:
d9:b9:fc:67:f4:4e:4e:d8:f1:d9:dd:7d:d5:27:49:
d1:9d:37:42:9c:7b:66:01:c3:2d:c2:28:2f:1a:e5:
38:4b:99:f5:25:e2:c4:3e:d5:7a:52:dd:30:68:86:
65:62:19:0a:1d:5b:be:7d:f3:88:0b:a9:c4:c4:d6:
31:21:89:7c:35:7e:6b:0a:b6:fa:89:6e:c4:27:03:
41:bf:39:c7:ba:12:ac:c6:7c:9e:33:da:5e:49:02:
1d:e9:0e:38:65:3d:4e:92:a1:97:48:4a:c4:fd:fb:
dd:5e:dc:b5:56:5f:29:ae:f3:4c:aa:d9:8e:f8:4c:
a5:0b:04:cb:23:b7:94:d9:fe:7d:4d:44:dc:ae:a2:
37:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:AF:35:70:AE:8E:E5:7F:45:68:16:B2:78:5A:8F:84:39:55:D5:84
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VK81cK6O5X9FaBayeFqPhDlV1YQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
77.75.60.0/24
77.75.62.0/23
78.142.242.0/23
89.33.14.0/24
89.40.160.0/24
89.43.208.0/24
89.43.210.0/23
89.47.89.0/24
93.114.246.0/24
103.205.25.0-103.205.27.255
178.239.192.0-178.239.194.255
178.239.200.0/23
178.239.203.0/24
185.9.54.0/24
185.103.73.0/24
185.115.144.0/22
185.121.228.0/24
185.121.230.0/23
185.229.104.0/22
185.230.248.0-185.230.250.255
185.236.62.0/23
185.245.236.0/22
188.214.27.0/24
192.166.212.0/22
193.19.106.0/24
193.42.52.0/24
193.42.54.0/23
194.4.156.0/23
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
7c:89:ae:cf:eb:22:9a:7a:78:d3:62:c6:79:f1:3c:26:96:4f:
c4:52:13:42:e6:91:9d:66:ba:b9:57:2c:5f:73:34:48:15:f2:
0f:2b:9b:f3:42:af:f3:56:2d:9c:06:a3:27:86:01:30:36:36:
5f:cd:d0:ad:6c:c0:9a:00:60:cb:79:9c:04:9b:e9:f5:ab:76:
5a:aa:e8:f7:30:fb:ef:33:1f:a9:c4:91:18:74:c1:2f:e1:41:
74:28:21:0c:27:c5:b2:ad:8a:07:fc:a7:fa:24:86:4d:23:7f:
96:33:ff:dd:87:a2:e7:32:d2:3f:c3:ae:34:0a:04:86:1e:f7:
8d:8c:7d:eb:ed:af:49:17:3e:28:bc:53:75:e8:93:4d:5d:4a:
6a:2b:b1:7a:92:b9:73:38:9e:81:83:a0:5f:4a:f6:9a:9c:9f:
69:d6:d2:61:79:10:e8:d6:62:5c:54:fb:3d:72:c0:5d:0c:cc:
ed:84:9b:a3:dd:69:c9:d8:71:2c:1a:28:b7:52:c4:eb:73:07:
88:02:b9:bb:11:f9:64:e2:2e:ef:2a:af:b6:6a:c9:56:4e:99:
b0:ea:0c:39:0f:4a:af:ff:b0:41:f1:72:35:f7:c6:f1:24:b6:
3d:f9:d2:80:03:26:ee:1b:72:4d:0c:88:49:6d:7b:2c:06:8e:
95:9a:59:97
-----BEGIN CERTIFICATE-----
MIIF7zCCBNegAwIBAgISAYjyfsQ1aoWmq01+1nwHgMKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjI1MTIxOTMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGFmMzU3MGFlOGVlNTdmNDU2ODE2YjI3ODVhOGY4NDM5NTVkNTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsS6fptbCE8McgRiJLzKC2gyRqwwZ
zkfYVdmNC/8rXvpG2/1mkO9wXjvFUMPqHXJyfE4s6csxmPjRhJL96TWTPyu+pLep
p7MUzA2EkjQpCevTkDAl/Jf4e1TCMo/OuV5gfsfdSBxz+sJ/LSmVF9/Ob0VmaujZ
Rt/Zufxn9E5O2PHZ3X3VJ0nRnTdCnHtmAcMtwigvGuU4S5n1JeLEPtV6Ut0waIZl
YhkKHVu+ffOIC6nExNYxIYl8NX5rCrb6iW7EJwNBvznHuhKsxnyeM9peSQId6Q44
ZT1OkqGXSErE/fvdXty1Vl8prvNMqtmO+EylCwTLI7eU2f59TUTcrqI3JwIDAQAB
o4IC+zCCAvcwHQYDVR0OBBYEFFSvNXCujuV/RWgWsnhaj4Q5VdWEMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVks4MWNLNk81WDlGYUJheWVGcVBoRGxWMVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBDwYIKwYBBQUHAQcBAf8Egf8wgfwwgfkEAgABMIHyMAwD
BAMtn5gDBAAtn5oDBAA+xYQDBAA+xYcDBABNSzwDBAFNSz4DBAFOjvIDBABZIQ4D
BABZKKADBABZK9ADBAFZK9IDBABZL1kDBABdcvYwDAMEAGfNGQMEAmfNGDAMAwQG
su/AAwQAsu/CAwQBsu/IAwQAsu/LAwQAuQk2AwQAuWdJAwQCuXOQAwQAuXnkAwQB
uXnmAwQCueVoMAwDBAO55vgDBAC55voDBAG57D4DBAK59ewDBAC81hsDBALAptQD
BADBE2oDBADBKjQDBAHBKjYDBAHCBJwDBADCBJ8DBADLAAgDBADVIPkDBADfG3Aw
DQYJKoZIhvcNAQELBQADggEBAHyJrs/rIpp6eNNixnnxPCaWT8RSE0LmkZ1murlX
LF9zNEgV8g8rm/NCr/NWLZwGoyeGATA2Nl/N0K1swJoAYMt5nASb6fWrdlqq6Pcw
++8zH6nEkRh0wS/hQXQoIQwnxbKtigf8p/okhk0jf5Yz/92Houcy0j/DrjQKBIYe
942Mfevtr0kXPii8U3Xok01dSmorsXqSuXM4noGDoF9K9pqcn2nW0mF5EOjWYlxU
+z1ywF0MzO2Em6PdacnYcSwaKLdSxOtzB4gCubsR+WTiLu8qr7ZqyVZOmbDqDDkP
Sq//sEHxcjX3xvEktj350oADJu4bck0MiElteywGjpWaWZc=
-----END CERTIFICATE-----
Generated at Fri Apr 18 01:04:45 2025 by rpki-client