Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YkyzAgx8GEE0oUg-P__R5DEjX-s.roa
File: YkyzAgx8GEE0oUg-P__R5DEjX-s.roa (raw, json)
Hash identifier: oV95o1vEvLymWjXf3yHG8gv3h5R9V6DDO9n6O5IGjjU=
Subject key identifier: 62:4C:B3:02:0C:7C:18:41:34:A1:48:3E:3F:FF:D1:E4:31:23:5F:EB
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186B63B3DAF270885A711F7BECC3BC92F56
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YkyzAgx8GEE0oUg-P__R5DEjX-s.roa
Signing time: Mon 06 Mar 2023 09:23:01 +0000
ROA not before: Mon 06 Mar 2023 09:23:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200482
IP address blocks: 178.239.200.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.128.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
89.43.209.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
223.27.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b6:3b:3d:af:27:08:85:a7:11:f7:be:cc:3b:c9:2f:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 6 09:23:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=624cb3020c7c184134a1483e3fffd1e431235feb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:4d:f3:0e:27:62:29:7a:c5:66:4a:79:fc:25:
f6:78:db:54:73:09:00:32:a3:aa:7b:42:de:28:51:
01:15:97:f0:63:17:51:85:6f:6a:28:88:42:d0:f9:
52:6d:0d:a8:ae:66:36:26:e7:fd:32:d5:3a:18:96:
ba:2c:a7:7d:4e:57:c2:29:c6:11:c3:56:28:bd:d7:
e7:20:28:a3:a1:40:09:72:51:ff:09:f2:c7:12:f2:
7f:83:b1:a8:d4:9c:ca:5d:ef:bf:49:7b:c4:a5:ee:
b0:69:cd:45:12:ab:f9:1b:0d:d3:3e:8d:82:76:55:
4d:35:2d:34:22:97:57:b4:50:71:80:f6:db:e1:65:
f3:a2:04:ff:fb:61:b7:e5:5d:44:01:37:c3:b7:cc:
f2:ea:64:be:39:4e:a1:c1:0e:1a:9a:28:5c:e5:87:
bf:0c:f3:b7:7b:68:87:14:e2:6f:47:95:0e:d8:09:
f6:53:0f:88:b2:38:7b:79:94:05:fa:2e:79:43:e5:
96:0a:4a:6b:af:36:6c:70:f7:60:7d:f7:77:43:43:
2e:08:dc:17:be:d1:40:86:72:31:bf:31:38:9f:fe:
41:86:67:df:90:15:07:43:8e:fd:fa:bd:8a:04:05:
3c:b8:18:4b:ec:b8:7a:88:bf:a4:82:ae:f3:d8:ea:
f7:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:4C:B3:02:0C:7C:18:41:34:A1:48:3E:3F:FF:D1:E4:31:23:5F:EB
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/YkyzAgx8GEE0oUg-P__R5DEjX-s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.153.0/24
62.197.128.0/24
62.197.132.0/24
89.43.209.0/24
89.43.211.0/24
91.209.12.0/24
103.205.27.0/24
178.239.200.0/24
185.229.105.0/24
185.245.236.0/24
223.27.114.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:b6:bd:1b:9b:e2:ff:a0:ff:94:21:17:b1:1b:18:fe:74:99:
04:8c:76:25:2e:39:7c:d1:2e:25:8b:29:f3:99:a4:b4:ca:ad:
67:b4:f4:e4:51:b8:43:27:4d:31:b6:4a:d1:b8:92:c3:02:0a:
6d:2c:64:85:2b:1b:dd:b3:49:b3:ba:61:24:d4:13:e2:71:bf:
ae:9a:e8:0b:42:8b:21:28:5b:fc:26:87:6e:e9:70:5e:31:4f:
e3:8d:9a:32:98:ee:64:95:79:ea:b6:93:75:df:ce:56:37:6f:
fb:cb:25:6c:7c:c9:5e:96:47:1b:74:5b:84:cb:9e:5e:d0:59:
c7:0f:e5:da:e1:59:2f:50:fe:68:ad:08:fe:b5:d2:70:c9:f2:
92:a1:4c:f2:e6:70:84:bb:a6:9e:b8:4e:1a:f4:e5:10:1c:24:
ed:1c:9e:8a:5b:ea:da:89:c8:2d:d4:ca:96:6c:45:a5:74:bd:
13:6e:c6:4d:50:7c:4c:69:e1:3a:62:7c:ba:71:e1:13:3e:6a:
1e:56:e3:a5:40:ba:f9:77:81:b9:d6:cf:af:c5:d9:6e:93:3b:
ef:9d:7c:98:28:ac:22:d6:cd:d4:b3:4f:47:af:c5:4b:a2:44:
89:28:f0:b1:2c:4c:78:23:e1:71:5e:0c:b8:ea:1c:0a:e0:fe:
af:a4:e5:93
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYa2Oz2vJwiFpxH3vsw7yS9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA2MDkyMzAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjRjYjMwMjBjN2MxODQxMzRhMTQ4M2UzZmZmZDFlNDMxMjM1ZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt03zDidiKXrFZkp5/CX2eNtUcwkA
MqOqe0LeKFEBFZfwYxdRhW9qKIhC0PlSbQ2ormY2Juf9MtU6GJa6LKd9TlfCKcYR
w1YovdfnICijoUAJclH/CfLHEvJ/g7Go1JzKXe+/SXvEpe6wac1FEqv5Gw3TPo2C
dlVNNS00IpdXtFBxgPbb4WXzogT/+2G35V1EATfDt8zy6mS+OU6hwQ4amihc5Ye/
DPO3e2iHFOJvR5UO2An2Uw+Isjh7eZQF+i55Q+WWCkprrzZscPdgffd3Q0MuCNwX
vtFAhnIxvzE4n/5BhmffkBUHQ479+r2KBAU8uBhL7Lh6iL+kgq7z2Or33wIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFGJMswIMfBhBNKFIPj//0eQxI1/rMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWWt5ekFneDhHRUUwb1VnLVBfX1I1REVqWC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALZ+ZAwQA
PsWAAwQAPsWEAwQAWSvRAwQAWSvTAwQAW9EMAwQAZ80bAwQAsu/IAwQAueVpAwQA
ufXsAwQA3xtyMA0GCSqGSIb3DQEBCwUAA4IBAQActr0bm+L/oP+UIRexGxj+dJkE
jHYlLjl80S4liynzmaS0yq1ntPTkUbhDJ00xtkrRuJLDAgptLGSFKxvds0mzumEk
1BPicb+umugLQoshKFv8Jodu6XBeMU/jjZoymO5klXnqtpN1385WN2/7yyVsfMle
lkcbdFuEy55e0FnHD+Xa4VkvUP5orQj+tdJwyfKSoUzy5nCEu6aeuE4a9OUQHCTt
HJ6KW+raicgt1MqWbEWldL0TbsZNUHxMaeE6Yny6ceETPmoeVuOlQLr5d4G51s+v
xdlukzvvnXyYKKwi1s3Us09Hr8VLokSJKPCxLEx4I+FxXgy46hwK4P6vpOWT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:11 2024 by rpki-client on console-ams.rpki-client.org