Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XGCl2kTW33JgODrK9dgAsXCwq6A.roa
File: XGCl2kTW33JgODrK9dgAsXCwq6A.roa (raw, json)
Hash identifier: D0DIA7RYyLQ9o4bLR4fjUilKAh0gBWTeE25Wj9QQv4M=
Subject key identifier: 5C:60:A5:DA:44:D6:DF:72:60:38:3A:CA:F5:D8:00:B1:70:B0:AB:A0
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0189D3A3413805F09F9D7C5FBC2C72471033
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XGCl2kTW33JgODrK9dgAsXCwq6A.roa
Signing time: Tue 08 Aug 2023 05:33:58 +0000
ROA not before: Tue 08 Aug 2023 05:33:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.33.14.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
213.32.250.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
213.32.251.0/24 maxlen: 24
103.205.24.0/24 maxlen: 24
103.205.26.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
188.214.27.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.251.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
193.42.52.0/24 maxlen: 24
193.42.53.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.9.54.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.134.0/24 maxlen: 24
62.197.133.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.115.146.0/24 maxlen: 24
185.115.147.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
77.75.63.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
185.115.144.0/23 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
78.142.241.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
45.159.155.0/24 maxlen: 24
89.38.101.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
203.0.9.0/24 maxlen: 24
89.43.210.0/23 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
89.43.209.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.212.0/22 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.239.0/24 maxlen: 24
103.212.82.0/24 maxlen: 24
89.47.89.0/24 maxlen: 24
185.121.229.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.228.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
178.239.202.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.236.60.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
185.236.61.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
178.239.192.0/23 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.195.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d3:a3:41:38:05:f0:9f:9d:7c:5f:bc:2c:72:47:10:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Aug 8 05:33:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5c60a5da44d6df7260383acaf5d800b170b0aba0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:06:fe:34:c4:55:bb:eb:0e:08:14:6d:69:c9:
ba:2d:c8:31:06:f7:b3:34:45:c0:f3:99:8a:9a:ea:
5c:92:61:9d:96:d9:a8:b7:dd:27:d8:63:7c:14:fc:
e8:71:10:36:ef:56:65:0d:1a:47:e4:0c:91:b1:ba:
68:f0:81:aa:3c:2d:5a:d1:e1:78:bf:9c:29:e7:16:
49:a2:20:a2:94:52:56:4f:fa:70:a3:0b:24:51:7c:
79:44:2c:ec:1d:d4:a1:5c:af:18:d9:8c:33:e8:47:
d5:c2:d7:7c:f4:a3:c8:78:1c:e0:e3:19:d1:1f:84:
f6:b0:00:56:ec:4e:59:72:35:a4:eb:32:12:a0:5f:
a3:09:ba:1f:f2:39:ed:bf:83:99:4c:ed:5f:7a:ae:
e4:91:bc:ca:98:c2:ec:04:c5:b5:ec:aa:61:0f:08:
a6:81:8a:d1:05:52:38:16:f3:47:dd:5b:b1:e2:2d:
4f:dd:21:b2:e1:fd:82:7b:e0:5a:df:6c:17:83:a8:
a5:6f:37:ff:6c:63:37:8d:9c:7d:c6:b7:b8:27:c7:
8d:6f:da:41:c0:a7:b0:c1:f6:10:79:56:e4:9b:b4:
6a:c1:ac:f5:3b:f2:4d:64:48:76:4d:d7:2c:e9:1f:
8e:f4:4a:8d:f1:c8:a0:fd:ca:1a:b9:a3:9e:b2:53:
7e:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:60:A5:DA:44:D6:DF:72:60:38:3A:CA:F5:D8:00:B1:70:B0:AB:A0
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XGCl2kTW33JgODrK9dgAsXCwq6A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/22
62.197.132.0/22
77.75.60.0/24
77.75.62.0/23
78.142.241.0-78.142.243.255
89.33.14.0/24
89.38.101.0/24
89.40.160.0/24
89.43.208.0/21
89.47.89.0/24
93.114.246.0/24
103.205.24.0/22
103.212.82.0/24
178.239.192.0/22
178.239.200.0/22
185.9.54.0/24
185.103.72.0-185.103.74.255
185.115.144.0/22
185.121.228.0/22
185.229.104.0/22
185.230.248.0/22
185.236.60.0/22
185.245.236.0/22
188.214.27.0/24
192.166.212.0/22
193.19.106.0/24
193.42.52.0/22
194.4.156.0/22
203.0.8.0/23
213.32.248.0/22
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
01:6d:9e:72:23:ed:d3:25:15:4f:45:50:c6:80:fb:55:0f:80:
d3:25:4c:c5:4a:9f:53:eb:15:4e:0e:45:eb:40:4a:41:5d:88:
91:52:0a:8f:b8:c5:fa:55:b9:43:f0:d0:8b:34:6e:fb:86:be:
ed:3e:26:c9:99:e0:71:bd:e5:f7:d5:28:3c:5b:9b:d4:a7:b0:
40:4c:10:26:eb:d4:2c:fb:f6:15:47:eb:48:05:ee:cf:75:03:
43:03:99:b5:dc:94:dd:ee:9a:34:b7:b3:01:3a:85:67:a6:bc:
aa:4a:60:a0:0c:dc:40:99:90:fa:06:e9:84:39:ad:d1:f5:26:
00:68:a5:93:6b:3d:a3:38:b1:c7:f3:97:4f:b9:17:76:ca:46:
1f:cd:ee:a6:15:44:46:71:b8:ad:50:f7:f4:e3:8a:e1:17:c5:
3e:68:a1:75:f6:92:32:8f:04:41:1d:61:91:0d:c5:10:d7:28:
17:ea:f0:fe:9c:dc:f6:43:28:1a:6e:8a:4f:bb:69:9c:84:ce:
90:64:ce:5f:00:2f:c3:2b:91:bf:10:d2:54:45:ee:ca:6c:74:
53:f3:ae:37:21:02:88:ea:ae:a7:f7:a8:ef:cb:9b:25:f5:3f:
c4:6b:d6:d6:4e:b3:6c:5b:11:6d:ec:a2:22:11:fd:9b:48:6d:
91:19:1d:b6
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAYnTo0E4BfCfnXxfvCxyRxAzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwODA4MDUzMzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzYwYTVkYTQ0ZDZkZjcyNjAzODNhY2FmNWQ4MDBiMTcwYjBhYmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQb+NMRVu+sOCBRtacm6LcgxBvez
NEXA85mKmupckmGdltmot90n2GN8FPzocRA271ZlDRpH5AyRsbpo8IGqPC1a0eF4
v5wp5xZJoiCilFJWT/pwowskUXx5RCzsHdShXK8Y2Ywz6EfVwtd89KPIeBzg4xnR
H4T2sABW7E5ZcjWk6zISoF+jCbof8jntv4OZTO1feq7kkbzKmMLsBMW17KphDwim
gYrRBVI4FvNH3Vux4i1P3SGy4f2Ce+Ba32wXg6ilbzf/bGM3jZx9xre4J8eNb9pB
wKewwfYQeVbkm7Rqwaz1O/JNZEh2Tdcs6R+O9EqN8cig/coauaOeslN+fwIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFFxgpdpE1t9yYDg6yvXYALFwsKugMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWEdDbDJrVFczM0pnT0RySzlkZ0FzWEN3cTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCB0QQCAAEwgcoDBAIt
n5gDBAI+xYQDBABNSzwDBAFNSz4wDAMEAE6O8QMEAk6O8AMEAFkhDgMEAFkmZQME
AFkooAMEA1kr0AMEAFkvWQMEAF1y9gMEAmfNGAMEAGfUUgMEArLvwAMEArLvyAME
ALkJNjAMAwQDuWdIAwQAuWdKAwQCuXOQAwQCuXnkAwQCueVoAwQCueb4AwQCuew8
AwQCufXsAwQAvNYbAwQCwKbUAwQAwRNqAwQCwSo0AwQCwgScAwQBywAIAwQC1SD4
AwQA3xtwMA0GCSqGSIb3DQEBCwUAA4IBAQABbZ5yI+3TJRVPRVDGgPtVD4DTJUzF
Sp9T6xVODkXrQEpBXYiRUgqPuMX6VblD8NCLNG77hr7tPibJmeBxveX31Sg8W5vU
p7BATBAm69Qs+/YVR+tIBe7PdQNDA5m13JTd7po0t7MBOoVnpryqSmCgDNxAmZD6
BumEOa3R9SYAaKWTaz2jOLHH85dPuRd2ykYfze6mFURGcbitUPf044rhF8U+aKF1
9pIyjwRBHWGRDcUQ1ygX6vD+nNz2QygabopPu2mchM6QZM5fAC/DK5G/ENJURe7K
bHRT8643IQKI6q6n96jvy5sl9T/Ea9bWTrNsWxFt7KIiEf2bSG2RGR22
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:11 2024 by rpki-client on console-ams.rpki-client.org