Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_zr2uOCb6PH82lx7Jextdrwx8HA.roa
File: _zr2uOCb6PH82lx7Jextdrwx8HA.roa (raw, json)
Hash identifier: kFgWwwlpY9ouSBuJRqHCQgfiAuTGXt2ipQlzj7rMMxg=
Subject key identifier: FF:3A:F6:B8:E0:9B:E8:F1:FC:DA:5C:7B:25:EC:6D:76:BC:31:F0:70
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188A3B81CFCDD9B7B8EEAA078173A1ACFCB
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_zr2uOCb6PH82lx7Jextdrwx8HA.roa
Signing time: Sat 10 Jun 2023 05:12:12 +0000
ROA not before: Sat 10 Jun 2023 05:12:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
87.247.151.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
188.241.214.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:a3:b8:1c:fc:dd:9b:7b:8e:ea:a0:78:17:3a:1a:cf:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 10 05:12:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ff3af6b8e09be8f1fcda5c7b25ec6d76bc31f070
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:67:f6:89:43:b4:e9:9a:b8:ec:9f:8f:84:90:
a2:c1:27:6a:91:55:06:e4:26:d0:f2:42:95:83:f7:
c9:48:e9:af:b8:cd:c8:9d:b0:b4:78:ff:69:06:67:
e5:c3:1f:97:26:53:01:ee:4d:f5:c3:cd:43:c8:06:
9c:c8:b8:a6:af:cf:01:60:94:6b:a2:dd:69:e3:15:
b1:79:a9:4f:85:c3:9d:98:8d:6f:01:f1:83:46:ec:
eb:03:26:20:73:35:8e:6f:e8:f2:c9:ed:80:6e:dd:
ec:54:da:6d:ce:37:fc:aa:1a:fc:b1:b4:4a:07:a2:
dd:b7:d8:5f:49:e1:b6:2e:20:f1:dc:7c:f3:5e:51:
5e:a0:fe:8a:73:3d:94:dd:96:34:04:53:7c:b5:69:
05:a2:fa:5c:b5:34:71:27:96:5d:1e:03:3c:58:bd:
31:1e:63:b6:f7:40:f6:97:a9:bd:7e:f3:d9:3a:13:
9b:5a:bf:53:36:cf:e4:12:b3:8c:58:dd:7c:fd:5e:
d5:8d:a7:d2:f0:a4:76:6e:6b:eb:08:43:0e:fe:ba:
fa:78:1f:63:f8:52:ac:76:5a:47:df:a1:27:c2:aa:
1b:e2:9e:79:54:fe:6b:8b:38:76:1a:36:85:6c:6d:
c6:57:08:7d:3d:74:a4:03:09:93:3d:1b:cc:42:5e:
97:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:3A:F6:B8:E0:9B:E8:F1:FC:DA:5C:7B:25:EC:6D:76:BC:31:F0:70
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_zr2uOCb6PH82lx7Jextdrwx8HA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
87.247.148.0/24
87.247.150.0/23
89.33.85.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
185.103.72.0/24
185.135.143.0/24
185.238.10.0/24
185.241.209.0-185.241.211.255
185.255.169.0-185.255.170.255
188.212.132.0/23
188.212.158.0/24
188.213.203.0/24
188.240.230.0/24
188.240.232.0/24
188.241.214.0/24
Signature Algorithm: sha256WithRSAEncryption
82:e4:35:94:da:9f:c8:94:fc:0d:ee:83:02:24:34:c0:fa:0a:
8d:5f:ae:fe:30:70:16:35:be:6d:84:d8:66:d6:5d:aa:9f:31:
3a:58:8d:b8:11:4e:19:08:af:9b:77:e1:af:e7:16:3c:9d:94:
1c:b7:74:75:e2:bf:3f:fa:a8:da:d3:2e:1a:ad:a9:04:af:29:
36:3e:81:b5:33:5c:ce:2e:7a:52:c4:80:e8:a5:5c:2f:f3:a3:
24:8a:5b:6b:24:fc:51:f6:72:58:45:06:4e:1e:4f:6f:67:d3:
dc:1f:e4:ee:5d:a0:43:a8:50:e6:70:e2:f0:6e:eb:8d:19:1f:
d3:37:c6:13:f4:21:8b:4e:9a:5c:9f:d4:a6:11:f1:fc:d8:57:
bb:77:d4:29:fb:51:c2:66:9e:31:e5:85:c8:50:4e:f8:c7:4c:
7a:3e:9c:ab:4d:d2:64:3f:3d:26:aa:1e:ec:ba:4e:46:76:f9:
06:44:22:b1:5e:46:6c:4e:6c:5a:31:cd:8f:9e:73:66:7a:f4:
4f:93:06:cd:73:ce:46:2d:4e:6f:fb:29:17:e9:2a:15:1e:ff:
bf:66:67:8d:64:b5:7e:85:89:8f:39:85:3a:1b:da:b2:80:56:
40:b7:08:93:9b:65:bc:d7:f6:0d:04:6c:52:e7:a8:c0:1b:73:
9d:0e:9e:26
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYijuBz83Zt7juqgeBc6Gs/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjEwMDUxMjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjNhZjZiOGUwOWJlOGYxZmNkYTVjN2IyNWVjNmQ3NmJjMzFmMDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWf2iUO06Zq47J+PhJCiwSdqkVUG
5CbQ8kKVg/fJSOmvuM3InbC0eP9pBmflwx+XJlMB7k31w81DyAacyLimr88BYJRr
ot1p4xWxealPhcOdmI1vAfGDRuzrAyYgczWOb+jyye2Abt3sVNptzjf8qhr8sbRK
B6Ldt9hfSeG2LiDx3HzzXlFeoP6Kcz2U3ZY0BFN8tWkFovpctTRxJ5ZdHgM8WL0x
HmO290D2l6m9fvPZOhObWr9TNs/kErOMWN18/V7VjafS8KR2bmvrCEMO/rr6eB9j
+FKsdlpH36Enwqob4p55VP5rizh2GjaFbG3GVwh9PXSkAwmTPRvMQl6XuQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFP869rjgm+jx/NpceyXsbXa8MfBwMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvX3pyMnVPQ2I2UEg4Mmx4N0pleHRkcnd4OEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAC2c
nQMEAFf3lAMEAVf3lgMEAFkhVQMEAFklPwMEAFu8zAMEAV1z/gMEALlnSAMEALmH
jwMEALnuCjAMAwQAufHRAwQCufHQMAwDBAC5/6kDBAC5/6oDBAG81IQDBAC81J4D
BAC81csDBAC88OYDBAC88OgDBAC88dYwDQYJKoZIhvcNAQELBQADggEBAILkNZTa
n8iU/A3ugwIkNMD6Co1frv4wcBY1vm2E2GbWXaqfMTpYjbgRThkIr5t34a/nFjyd
lBy3dHXivz/6qNrTLhqtqQSvKTY+gbUzXM4uelLEgOilXC/zoySKW2sk/FH2clhF
Bk4eT29n09wf5O5doEOoUOZw4vBu640ZH9M3xhP0IYtOmlyf1KYR8fzYV7t31Cn7
UcJmnjHlhchQTvjHTHo+nKtN0mQ/PSaqHuy6TkZ2+QZEIrFeRmxObFoxzY+ec2Z6
9E+TBs1zzkYtTm/7KRfpKhUe/79mZ41ktX6FiY85hTob2rKAVkC3CJObZbzX9g0E
bFLnqMAbc50OniY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org