Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_YVzKUS-1QZ2BP6mpVsrbv8ibKY.roa
File: _YVzKUS-1QZ2BP6mpVsrbv8ibKY.roa (raw, json)
Hash identifier: A2Hq8uPUuILrAYKUTuiQIEZJ0vWQS0wkGtlTWt1AvrY=
Subject key identifier: FD:85:73:29:44:BE:D5:06:76:04:FE:A6:A5:5B:2B:6E:FF:22:6C:A6
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01889F0172E06D6FE0639412262661E60A06
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_YVzKUS-1QZ2BP6mpVsrbv8ibKY.roa
Signing time: Fri 09 Jun 2023 07:14:12 +0000
ROA not before: Fri 09 Jun 2023 07:14:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
188.241.214.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:9f:01:72:e0:6d:6f:e0:63:94:12:26:26:61:e6:0a:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 9 07:14:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fd85732944bed5067604fea6a55b2b6eff226ca6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:c6:ef:f3:07:b3:d8:60:3e:b8:46:ec:0b:16:
76:7d:20:66:28:5d:70:6f:61:30:45:c1:14:a5:64:
d5:61:c1:ac:92:69:a2:4a:8f:f5:87:28:bf:0c:8a:
c4:d7:9c:f4:60:a1:56:be:16:4b:45:f6:72:90:40:
67:e0:ff:76:17:64:2e:2b:a1:57:f0:a0:d5:b6:3a:
5b:e7:83:a3:9d:9a:f3:be:e9:de:7d:22:df:32:79:
fe:f6:9e:93:ed:23:bc:44:fa:d7:ff:22:e7:2a:29:
cf:b5:1a:4b:dc:ad:dd:32:50:f5:4d:d3:09:4d:16:
18:2c:bf:33:d3:82:de:49:52:a0:e8:34:83:34:c8:
d3:74:36:71:38:df:8f:cd:12:56:52:07:41:44:ad:
aa:69:4d:fe:6c:ec:cc:45:9c:97:67:c1:9b:82:47:
49:db:31:71:c6:d8:08:15:97:3f:9e:f5:53:cc:44:
fb:e4:62:63:8c:4a:4a:af:a5:04:9b:8c:bd:83:9b:
e1:1d:46:74:31:73:68:e7:39:7e:60:3d:32:6f:cc:
fd:53:0a:1e:8f:68:9e:f0:16:39:22:9b:2a:22:bf:
90:27:fa:25:42:d5:c8:11:f7:84:f5:57:59:d3:ba:
af:cb:bb:1c:ae:c2:c7:f9:11:14:17:d5:1d:6d:ac:
1b:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:85:73:29:44:BE:D5:06:76:04:FE:A6:A5:5B:2B:6E:FF:22:6C:A6
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_YVzKUS-1QZ2BP6mpVsrbv8ibKY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
87.247.148.0/24
87.247.150.0/24
89.33.85.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
185.103.72.0/24
185.135.143.0/24
185.238.10.0/24
185.241.209.0-185.241.211.255
185.255.169.0-185.255.170.255
188.212.132.0/23
188.212.158.0/24
188.213.203.0/24
188.240.230.0/24
188.240.232.0/24
188.241.214.0/24
Signature Algorithm: sha256WithRSAEncryption
61:3e:40:36:ef:bf:d3:e5:a5:90:c5:05:a0:2f:8b:d0:62:6a:
59:bb:66:04:1a:3a:a5:9a:8a:f3:ae:2b:da:a4:0a:14:95:ec:
73:51:3d:04:1b:0f:e0:52:0b:19:ba:5c:30:d0:36:cb:15:9f:
1d:c8:94:b6:fa:65:0c:b9:aa:1d:f7:a7:ee:30:92:bc:d4:43:
63:3b:ae:8d:5b:d3:5c:c5:cd:81:7e:b3:be:a4:10:ed:3d:24:
d0:d0:02:55:fd:2d:a9:61:32:39:e9:fb:4a:2f:81:67:f6:9b:
81:35:39:48:6d:ea:d8:40:fa:49:49:e0:09:ef:64:5e:09:26:
c9:08:53:46:18:b6:37:5c:31:4c:41:8e:76:aa:f0:d7:dd:84:
67:8c:65:01:a9:be:32:56:d5:9d:30:bb:a2:2f:ac:e4:88:34:
69:eb:c0:d8:10:3b:55:0f:43:53:dc:bc:f7:8c:79:04:52:5d:
38:d4:56:7a:64:00:e3:0d:0b:03:23:dd:58:77:c0:d4:d9:83:
b9:cc:c1:0f:96:6f:d1:3a:00:81:ab:f9:15:f7:f4:ab:6b:5c:
12:c7:e1:f9:05:0a:f3:2e:a6:3b:29:03:24:7d:e6:eb:e5:1c:
20:cc:da:09:e9:84:ec:44:16:9d:f0:65:d4:4d:72:62:ec:08:
f3:71:1e:4c
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYifAXLgbW/gY5QSJiZh5goGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjA5MDcxNDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDg1NzMyOTQ0YmVkNTA2NzYwNGZlYTZhNTViMmI2ZWZmMjI2Y2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcbv8wez2GA+uEbsCxZ2fSBmKF1w
b2EwRcEUpWTVYcGskmmiSo/1hyi/DIrE15z0YKFWvhZLRfZykEBn4P92F2QuK6FX
8KDVtjpb54OjnZrzvunefSLfMnn+9p6T7SO8RPrX/yLnKinPtRpL3K3dMlD1TdMJ
TRYYLL8z04LeSVKg6DSDNMjTdDZxON+PzRJWUgdBRK2qaU3+bOzMRZyXZ8GbgkdJ
2zFxxtgIFZc/nvVTzET75GJjjEpKr6UEm4y9g5vhHUZ0MXNo5zl+YD0yb8z9Uwoe
j2ie8BY5IpsqIr+QJ/olQtXIEfeE9VdZ07qvy7scrsLH+REUF9UdbawbqQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFP2FcylEvtUGdgT+pqVbK27/ImymMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvX1lWektVUy0xUVoyQlA2bXBWc3JidjhpYktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAC2c
nQMEAFf3lAMEAFf3lgMEAFkhVQMEAFklPwMEAFu8zAMEAV1z/gMEALlnSAMEALmH
jwMEALnuCjAMAwQAufHRAwQCufHQMAwDBAC5/6kDBAC5/6oDBAG81IQDBAC81J4D
BAC81csDBAC88OYDBAC88OgDBAC88dYwDQYJKoZIhvcNAQELBQADggEBAGE+QDbv
v9PlpZDFBaAvi9Bialm7ZgQaOqWaivOuK9qkChSV7HNRPQQbD+BSCxm6XDDQNssV
nx3IlLb6ZQy5qh33p+4wkrzUQ2M7ro1b01zFzYF+s76kEO09JNDQAlX9LalhMjnp
+0ovgWf2m4E1OUht6thA+klJ4AnvZF4JJskIU0YYtjdcMUxBjnaq8NfdhGeMZQGp
vjJW1Z0wu6IvrOSINGnrwNgQO1UPQ1PcvPeMeQRSXTjUVnpkAOMNCwMj3Vh3wNTZ
g7nMwQ+Wb9E6AIGr+RX39KtrXBLH4fkFCvMupjspAyR95uvlHCDM2gnphOxEFp3w
ZdRNcmLsCPNxHkw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org