Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XQZuBvk9ePdAfyLOLrMzFagzCtA.roa
File: XQZuBvk9ePdAfyLOLrMzFagzCtA.roa (raw, json)
Hash identifier: 58I6PKImI1fj/nG4vxrpI/DveBxrfpUfBhNgrnG6fj4=
Subject key identifier: 5D:06:6E:06:F9:3D:78:F7:40:7F:22:CE:2E:B3:33:15:A8:33:0A:D0
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018813775C821549098369CDABEFCBBF9A79
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XQZuBvk9ePdAfyLOLrMzFagzCtA.roa
Signing time: Sat 13 May 2023 04:56:09 +0000
ROA not before: Sat 13 May 2023 04:56:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.115.146.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
89.38.136.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
89.47.89.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.128.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:13:77:5c:82:15:49:09:83:69:cd:ab:ef:cb:bf:9a:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 13 04:56:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d066e06f93d78f7407f22ce2eb33315a8330ad0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:09:26:67:f2:75:41:1d:a7:0c:fa:e2:55:6d:
9a:2a:0a:0f:fd:81:a0:1e:b4:9f:e5:29:5f:40:5b:
99:73:b5:57:0b:f1:d5:4a:0d:01:02:de:7f:b2:5e:
10:91:96:5f:24:fe:73:28:ba:4e:34:44:e8:05:67:
22:19:af:87:a2:de:b0:04:c5:9f:22:1a:2c:66:ff:
dd:07:11:5d:7a:4c:b3:6b:9d:ae:8c:34:02:d6:14:
17:77:45:ef:41:6e:f3:8b:1a:a1:fe:e8:70:fb:6d:
93:6a:4f:0a:9b:10:44:fb:00:fc:8c:01:3e:e7:6f:
81:52:10:73:ed:86:fc:38:17:6e:53:14:a7:17:14:
02:36:b4:cb:41:64:9e:62:5a:b3:ba:88:5d:d7:8a:
6f:92:ba:52:c7:74:2a:4c:70:da:75:cc:3d:c2:e0:
a9:cc:f7:d7:c3:76:a4:b8:09:5f:aa:fa:e2:18:61:
51:20:6a:6d:cf:3a:51:b6:f9:42:bd:52:cc:ac:12:
cb:e1:ae:a8:f9:37:a8:d1:c7:50:33:be:43:84:76:
0c:fa:9d:e6:6b:d9:04:5c:fd:c1:75:95:71:2d:25:
2c:c4:a7:8e:fe:9b:a6:b5:ee:cc:6b:fd:6c:83:1d:
0f:05:d9:6e:64:ed:6d:f7:7c:62:a8:b3:3b:b8:9a:
d9:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:06:6E:06:F9:3D:78:F7:40:7F:22:CE:2E:B3:33:15:A8:33:0A:D0
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XQZuBvk9ePdAfyLOLrMzFagzCtA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.128.0/24
62.197.132.0/24
62.197.135.0/24
78.142.242.0/23
89.38.136.0/24
89.43.208.0/24
89.43.210.0/23
89.47.89.0/24
91.209.12.0/24
103.205.25.0/24
178.239.192.0-178.239.194.255
178.239.200.0/24
178.239.203.0/24
185.103.73.0/24
185.103.75.0/24
185.115.145.0-185.115.146.255
185.121.230.0/23
185.229.104.0/22
185.230.248.0/23
185.236.62.0/23
185.245.236.0-185.245.238.255
192.166.212.0/22
194.4.156.0/23
194.4.159.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
57:6a:b1:9b:27:68:82:e8:d4:a7:d0:08:48:54:4f:cf:ed:e9:
eb:89:51:fd:72:f2:43:2a:bb:fd:ac:54:d1:52:2e:55:da:6d:
23:b5:c3:83:44:39:7b:00:f6:87:29:dd:f0:bf:1a:5b:36:dd:
51:01:2c:bf:20:b0:6b:9f:fe:ad:6c:87:c8:33:82:55:ee:6e:
30:33:45:65:4f:e1:06:1b:13:d8:c8:81:d9:98:bc:24:7c:52:
ad:7d:2f:8a:fc:60:9b:2b:72:72:29:46:39:d5:ff:7c:91:39:
0b:c8:54:2b:ee:81:0d:9c:3b:01:c4:3c:89:1c:cf:ed:94:42:
21:51:46:f2:11:69:b5:45:7c:94:a5:7e:2a:75:f5:90:6f:ea:
6e:06:85:ef:0a:81:da:12:0f:c9:a2:f4:7f:c5:e5:9b:bf:83:
5e:f2:a1:ef:8a:be:aa:92:e5:91:82:5b:ac:89:76:0c:7b:19:
2d:28:67:65:7f:53:ab:29:c3:cf:65:20:1a:f3:fb:29:1e:94:
30:f5:65:d9:af:ad:b5:2d:46:ab:5f:7b:da:33:03:f3:73:37:
cc:fa:54:b6:a0:8d:48:1b:30:bb:4a:6c:e7:21:f6:9b:d6:51:
80:4a:11:97:17:3e:79:ae:92:27:e8:24:9e:6d:dc:87:09:88:
b7:1a:44:c2
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISAYgTd1yCFUkJg2nNq+/Lv5p5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTEzMDQ1NjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDA2NmUwNmY5M2Q3OGY3NDA3ZjIyY2UyZWIzMzMxNWE4MzMwYWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAkmZ/J1QR2nDPriVW2aKgoP/YGg
HrSf5SlfQFuZc7VXC/HVSg0BAt5/sl4QkZZfJP5zKLpONEToBWciGa+Hot6wBMWf
IhosZv/dBxFdekyza52ujDQC1hQXd0XvQW7zixqh/uhw+22Tak8KmxBE+wD8jAE+
52+BUhBz7Yb8OBduUxSnFxQCNrTLQWSeYlqzuohd14pvkrpSx3QqTHDadcw9wuCp
zPfXw3akuAlfqvriGGFRIGptzzpRtvlCvVLMrBLL4a6o+Teo0cdQM75DhHYM+p3m
a9kEXP3BdZVxLSUsxKeO/pumte7Ma/1sgx0PBdluZO1t93xiqLM7uJrZxQIDAQAB
o4ICxDCCAsAwHQYDVR0OBBYEFF0Gbgb5PXj3QH8izi6zMxWoMwrQMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWFFadUJ2azllUGRBZnlMT0xyTXpGYWd6Q3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHZBggrBgEFBQcBBwEB/wSByTCBxjCBwwQCAAEwgbwwDAME
Ay2fmAMEAC2fmgMEAD7FgAMEAD7FhAMEAD7FhwMEAU6O8gMEAFkmiAMEAFkr0AME
AVkr0gMEAFkvWQMEAFvRDAMEAGfNGTAMAwQGsu/AAwQAsu/CAwQAsu/IAwQAsu/L
AwQAuWdJAwQAuWdLMAwDBAC5c5EDBAC5c5IDBAG5eeYDBAK55WgDBAG55vgDBAG5
7D4wDAMEArn17AMEALn17gMEAsCm1AMEAcIEnAMEAMIEnwMEANUg+TANBgkqhkiG
9w0BAQsFAAOCAQEAV2qxmydogujUp9AISFRPz+3p64lR/XLyQyq7/axU0VIuVdpt
I7XDg0Q5ewD2hynd8L8aWzbdUQEsvyCwa5/+rWyHyDOCVe5uMDNFZU/hBhsT2MiB
2Zi8JHxSrX0vivxgmytycilGOdX/fJE5C8hUK+6BDZw7AcQ8iRzP7ZRCIVFG8hFp
tUV8lKV+KnX1kG/qbgaF7wqB2hIPyaL0f8Xlm7+DXvKh74q+qpLlkYJbrIl2DHsZ
LShnZX9TqynDz2UgGvP7KR6UMPVl2a+ttS1Gq1972jMD83M3zPpUtqCNSBswu0ps
5yH2m9ZRgEoRlxc+ea6SJ+gknm3chwmItxpEwg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org