Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Y2NuUThQUYddgh7uh91lWaQ4j60.roa
File: Y2NuUThQUYddgh7uh91lWaQ4j60.roa (raw, json)
Hash identifier: A319Hx97OLb4pb/4zxuhj9HIu2yPD7cfMMx18GtH8+0=
Subject key identifier: 63:63:6E:51:38:50:51:87:5D:82:1E:EE:87:DD:65:59:A4:38:8F:AD
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01877E347D02B7898D3A0DD8F7BC41BDF68E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Y2NuUThQUYddgh7uh91lWaQ4j60.roa
Signing time: Fri 14 Apr 2023 05:19:41 +0000
ROA not before: Fri 14 Apr 2023 05:19:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
194.4.159.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
192.166.208.0/22 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
185.121.230.0/24 maxlen: 24
185.9.54.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7e:34:7d:02:b7:89:8d:3a:0d:d8:f7:bc:41:bd:f6:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 14 05:19:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=63636e51385051875d821eee87dd6559a4388fad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:8e:ed:21:f2:56:06:e7:98:9a:f7:ca:26:7c:
b7:6d:3f:30:ba:ff:73:54:f9:1f:9d:3a:ea:45:0f:
1f:78:1d:4d:fe:c4:d9:39:7b:88:7f:10:ef:6d:0e:
c1:59:38:f4:d3:89:45:c3:87:b0:33:73:90:4b:ce:
ad:c2:ae:84:33:ab:26:0a:07:90:d5:d2:1b:14:03:
b0:fa:76:27:1e:01:1c:14:e4:6b:9f:bc:5d:7e:8a:
28:46:18:36:e6:bd:16:7c:08:b7:97:c2:6b:3e:ca:
67:0e:3b:55:1c:62:09:85:89:6e:bd:98:90:ba:70:
c2:eb:99:85:87:58:75:de:b1:80:3f:7b:38:e0:b9:
16:c8:0f:41:d1:f8:c1:ef:5b:07:05:49:6d:90:6e:
12:15:b6:93:62:1f:f1:70:62:66:2e:a4:ae:dc:dd:
c4:e8:df:2e:59:ef:0c:8c:2b:c9:7e:82:65:3d:25:
62:3b:91:ba:be:75:5e:54:fc:77:b2:a1:e1:91:2d:
68:2c:6d:24:4e:8e:7a:10:bc:3b:e7:b4:88:4d:ec:
ad:80:78:46:3b:11:11:09:4b:a4:cf:49:7a:8e:20:
59:07:21:09:6c:cb:c8:9e:36:e1:d9:d4:ce:4d:d9:
b0:bc:c8:92:71:f6:0e:7c:e5:26:84:d8:8a:e1:aa:
47:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:63:6E:51:38:50:51:87:5D:82:1E:EE:87:DD:65:59:A4:38:8F:AD
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Y2NuUThQUYddgh7uh91lWaQ4j60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
45.159.154.0/24
62.197.135.0/24
78.142.242.0/23
89.43.208.0/24
178.239.192.0/24
178.239.203.0/24
185.9.54.0/24
185.103.75.0/24
185.121.230.0/23
185.229.104.0/24
185.229.106.0/24
185.230.248.0/23
185.245.237.0-185.245.238.255
192.166.208.0/22
193.19.106.0/24
194.4.159.0/24
Signature Algorithm: sha256WithRSAEncryption
6f:d5:29:23:f6:b9:15:05:7d:57:6d:8c:e0:7c:da:52:bb:e5:
e1:0e:70:2d:4c:38:81:a3:52:92:f7:ed:f4:22:aa:7c:5f:f2:
1d:42:14:76:13:24:9a:b7:a6:0f:52:a1:0b:28:f5:a4:56:2d:
93:c0:4c:12:d7:9c:c6:22:4a:cb:b1:1c:be:3b:74:55:09:db:
16:76:2a:8e:a9:af:27:fd:5a:c5:db:12:d0:ff:a3:6d:55:15:
35:97:36:72:4b:9e:05:20:cb:b6:87:3c:b1:dc:48:5d:be:f9:
61:16:2e:2b:d9:c1:f4:69:e6:62:2f:55:07:80:d4:ea:60:ff:
1e:05:09:d2:a2:ca:fc:ef:d6:d4:39:eb:a1:30:40:70:b6:d4:
d7:2d:5a:48:c6:f6:04:db:5b:2a:ca:5a:6b:5a:20:65:ba:71:
a0:5c:db:13:86:76:c8:34:e8:98:21:d8:14:94:f1:b7:9c:39:
d0:dc:74:9d:a6:a0:cf:c1:8c:cc:ad:cb:48:fb:a8:72:f7:35:
9d:b9:d5:65:d4:16:ba:8a:57:20:4f:4b:8f:82:00:30:ec:3c:
65:6b:2f:22:1e:07:de:b7:9c:e2:9a:74:b7:61:a7:c3:42:59:
4d:94:15:2e:6e:a4:4c:99:41:b3:9b:02:be:cb:1d:be:fe:6d:
d4:18:33:6f
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAYd+NH0Ct4mNOg3Y97xBvfaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDE0MDUxOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzYzNmU1MTM4NTA1MTg3NWQ4MjFlZWU4N2RkNjU1OWE0Mzg4ZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY7tIfJWBueYmvfKJny3bT8wuv9z
VPkfnTrqRQ8feB1N/sTZOXuIfxDvbQ7BWTj004lFw4ewM3OQS86twq6EM6smCgeQ
1dIbFAOw+nYnHgEcFORrn7xdfoooRhg25r0WfAi3l8JrPspnDjtVHGIJhYluvZiQ
unDC65mFh1h13rGAP3s44LkWyA9B0fjB71sHBUltkG4SFbaTYh/xcGJmLqSu3N3E
6N8uWe8MjCvJfoJlPSViO5G6vnVeVPx3sqHhkS1oLG0kTo56ELw757SITeytgHhG
OxERCUukz0l6jiBZByEJbMvInjbh2dTOTdmwvMiScfYOfOUmhNiK4apHwQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFGNjblE4UFGHXYIe7ofdZVmkOI+tMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWTJOdVVUaFFVWWRkZ2g3dWg5MWxXYVE0ajYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAEwbgMEAC2fmAME
AC2fmgMEAD7FhwMEAU6O8gMEAFkr0AMEALLvwAMEALLvywMEALkJNgMEALlnSwME
Abl55gMEALnlaAMEALnlagMEAbnm+DAMAwQAufXtAwQAufXuAwQCwKbQAwQAwRNq
AwQAwgSfMA0GCSqGSIb3DQEBCwUAA4IBAQBv1Skj9rkVBX1XbYzgfNpSu+XhDnAt
TDiBo1KS9+30Iqp8X/IdQhR2EySat6YPUqELKPWkVi2TwEwS15zGIkrLsRy+O3RV
CdsWdiqOqa8n/VrF2xLQ/6NtVRU1lzZyS54FIMu2hzyx3EhdvvlhFi4r2cH0aeZi
L1UHgNTqYP8eBQnSosr879bUOeuhMEBwttTXLVpIxvYE21sqylprWiBlunGgXNsT
hnbINOiYIdgUlPG3nDnQ3HSdpqDPwYzMrctI+6hy9zWdudVl1Ba6ilcgT0uPggAw
7Dxlay8iHgfet5zimnS3YafDQllNlBUubqRMmUGzmwK+yx2+/m3UGDNv
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:55 2023 by rpki-client on console-ams.rpki-client.org