Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/WFpp8qrZKrm4igOs1XCyxUw9Uis.roa
File: WFpp8qrZKrm4igOs1XCyxUw9Uis.roa (raw, json)
Hash identifier: S4DFOTamvycL7g3KwwNdTAL5B4N3p/qAHHXj7yNRN/I=
Subject key identifier: 58:5A:69:F2:AA:D9:2A:B9:B8:8A:03:AC:D5:70:B2:C5:4C:3D:52:2B
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018755944C0E7EFFBD013FE8E79669E79E31
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/WFpp8qrZKrm4igOs1XCyxUw9Uis.roa
Signing time: Thu 06 Apr 2023 07:59:54 +0000
ROA not before: Thu 06 Apr 2023 07:59:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 78.142.242.0/24 maxlen: 24
188.214.27.0/24 maxlen: 24
78.142.243.0/24 maxlen: 24
185.9.55.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:55:94:4c:0e:7e:ff:bd:01:3f:e8:e7:96:69:e7:9e:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 6 07:59:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=585a69f2aad92ab9b88a03acd570b2c54c3d522b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:16:e2:71:ec:71:a0:a7:10:2f:9c:ae:1b:f7:
3c:fd:f7:4d:21:12:77:0f:1b:26:f9:c3:d5:e8:c0:
e4:80:ef:45:3c:cd:e0:6f:45:79:63:74:9b:1e:07:
a7:69:b7:8c:b0:f6:a8:94:31:96:01:ad:62:46:b3:
72:dd:41:e8:6e:e9:2d:d5:b4:bf:30:bc:74:d7:ab:
c8:68:36:1b:aa:3d:3b:96:6e:f0:ad:26:d5:1d:25:
56:d9:c8:bb:88:ca:83:b7:7d:67:95:ab:d6:59:09:
5e:f0:3b:47:06:54:ab:cb:69:b5:81:b7:44:26:55:
45:40:30:4c:b1:b2:8d:d8:b9:79:19:c3:2f:a1:7c:
73:9a:4c:98:c2:40:d7:36:21:61:e3:10:c0:ee:32:
41:bd:2e:75:13:2a:92:1f:c2:5f:1e:c2:ee:c2:24:
ae:82:9e:32:b0:b6:5e:0d:68:b5:4b:5c:7f:b2:b0:
12:45:15:0e:8d:68:81:55:9b:5a:ea:c5:7a:ff:59:
58:e8:65:5f:dd:80:ec:39:b6:30:54:1d:7a:56:da:
ff:5a:ab:92:28:ce:d0:9e:58:fa:68:22:9e:1c:b3:
53:7f:a6:fd:91:04:2c:03:4f:d2:76:a9:b5:7d:c3:
b3:4d:85:4a:21:02:03:65:f2:ed:a5:47:be:b4:36:
53:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:5A:69:F2:AA:D9:2A:B9:B8:8A:03:AC:D5:70:B2:C5:4C:3D:52:2B
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/WFpp8qrZKrm4igOs1XCyxUw9Uis.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
78.142.242.0/23
103.205.27.0/24
185.9.55.0/24
185.103.75.0/24
188.214.27.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
07:a3:90:20:6b:32:12:75:6b:85:e5:9d:5f:d8:d1:36:e6:57:
a0:dd:e2:87:d4:97:97:f3:28:b9:67:75:ce:fa:5f:43:38:25:
f3:0e:db:a0:1b:5f:fd:bf:ea:41:f6:aa:08:2c:79:79:72:a4:
f8:b7:32:b8:e7:8b:25:16:d8:41:f7:d3:75:2c:8b:d4:54:04:
99:39:d0:20:b5:a3:8d:d9:0f:50:40:34:54:0d:e7:71:75:82:
04:ee:14:33:7a:70:3d:5d:0c:11:0a:db:c2:dc:53:8f:4f:49:
82:46:68:bd:e4:e3:f0:ea:76:8d:79:bc:8b:32:1f:a6:f4:6c:
4f:32:23:d9:b9:d1:54:bf:20:bb:24:02:4f:65:0c:eb:3c:5c:
1f:be:7d:3a:f1:fc:05:1c:10:b6:4b:5f:56:08:99:da:99:8c:
11:15:e8:f8:43:e1:b8:f7:bc:41:e2:9e:95:33:a4:b0:c9:05:
76:d7:00:54:ee:23:a8:81:7f:01:2a:8e:da:b3:d6:52:63:ec:
ad:6e:75:7a:f9:5c:00:e9:c0:38:1f:04:99:76:6e:d3:9e:a7:
49:d5:78:30:3c:a0:e5:38:da:bb:c2:db:68:b4:f3:fd:f3:a7:
83:fc:c2:96:2c:04:e1:b2:4a:30:21:66:62:96:f6:27:2b:54:
8e:c6:80:50
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYdVlEwOfv+9AT/o55Zp554xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA2MDc1OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODVhNjlmMmFhZDkyYWI5Yjg4YTAzYWNkNTcwYjJjNTRjM2Q1MjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhxbicexxoKcQL5yuG/c8/fdNIRJ3
Dxsm+cPV6MDkgO9FPM3gb0V5Y3SbHgenabeMsPaolDGWAa1iRrNy3UHobukt1bS/
MLx016vIaDYbqj07lm7wrSbVHSVW2ci7iMqDt31nlavWWQle8DtHBlSry2m1gbdE
JlVFQDBMsbKN2Ll5GcMvoXxzmkyYwkDXNiFh4xDA7jJBvS51EyqSH8JfHsLuwiSu
gp4ysLZeDWi1S1x/srASRRUOjWiBVZta6sV6/1lY6GVf3YDsObYwVB16Vtr/WquS
KM7Qnlj6aCKeHLNTf6b9kQQsA0/Sdqm1fcOzTYVKIQIDZfLtpUe+tDZTAQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFhaafKq2Sq5uIoDrNVwssVMPVIrMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvV0ZwcDhxclpLcm00aWdPczFYQ3l4VXc5VWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALZ+YAwQB
To7yAwQAZ80bAwQAuQk3AwQAuWdLAwQAvNYbAwQAwgSdAwQAywAIMA0GCSqGSIb3
DQEBCwUAA4IBAQAHo5AgazISdWuF5Z1f2NE25leg3eKH1JeX8yi5Z3XO+l9DOCXz
DtugG1/9v+pB9qoILHl5cqT4tzK454slFthB99N1LIvUVASZOdAgtaON2Q9QQDRU
DedxdYIE7hQzenA9XQwRCtvC3FOPT0mCRmi95OPw6naNebyLMh+m9GxPMiPZudFU
vyC7JAJPZQzrPFwfvn068fwFHBC2S19WCJnamYwRFej4Q+G497xB4p6VM6SwyQV2
1wBU7iOogX8BKo7as9ZSY+ytbnV6+VwA6cA4HwSZdm7TnqdJ1XgwPKDlONq7wtto
tPP986eD/MKWLAThskowIWZilvYnK1SOxoBQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org