Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/a3bwXdEcetWa4HPM0Z-NILgyI_Q.roa
File: a3bwXdEcetWa4HPM0Z-NILgyI_Q.roa (raw, json)
Hash identifier: LVPyubvW254vo2BeDzp9SLYcvBoRg7lJubtot2YO+QE=
Subject key identifier: 6B:76:F0:5D:D1:1C:7A:D5:9A:E0:73:CC:D1:9F:8D:20:B8:32:23:F4
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188235C2ECB088E7550F31810C289AAB060
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/a3bwXdEcetWa4HPM0Z-NILgyI_Q.roa
Signing time: Tue 16 May 2023 07:00:23 +0000
ROA not before: Tue 16 May 2023 07:00:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.115.146.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:23:5c:2e:cb:08:8e:75:50:f3:18:10:c2:89:aa:b0:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 16 07:00:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6b76f05dd11c7ad59ae073ccd19f8d20b83223f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:98:bd:f3:6a:26:29:a4:a6:dd:ce:7e:a2:a4:
05:3e:d1:fb:dc:0f:eb:80:e1:3c:28:02:d4:58:73:
19:95:d9:5f:1c:e8:ef:81:f5:ce:e7:65:c4:90:b8:
c1:6c:4e:ee:9f:f8:c7:ac:95:bb:b0:e3:0f:34:b5:
69:f4:bb:39:47:3e:7c:d2:88:10:46:5e:96:e4:d0:
9f:a4:b1:04:90:20:72:02:90:69:f6:8d:18:84:d5:
bf:60:a8:a7:cf:6f:00:a3:af:38:8b:11:e5:5f:2f:
96:a9:49:6b:a2:17:eb:9c:1d:05:65:35:fb:c2:a4:
e1:42:88:c4:8b:0a:11:4a:67:89:10:ba:ff:79:a4:
04:f7:ee:e9:5e:ce:f2:ae:04:aa:e4:95:2f:f1:03:
48:b5:d1:4b:c2:01:73:5f:58:78:2d:95:43:2c:b0:
d2:da:e2:90:90:75:bb:aa:81:01:d7:d4:44:61:1e:
20:35:13:87:d7:64:e5:aa:e1:d6:f2:3d:2d:fe:f5:
c6:8d:e8:94:37:19:1f:f4:3c:1f:3f:4d:e7:52:f9:
a5:7c:a3:72:38:50:e9:39:79:bb:1d:23:4f:8d:c2:
64:fc:14:f8:09:b5:38:0e:bc:4f:9f:86:88:12:a1:
84:74:5e:36:81:e7:6b:52:f6:82:c0:9a:40:d8:d6:
78:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:76:F0:5D:D1:1C:7A:D5:9A:E0:73:CC:D1:9F:8D:20:B8:32:23:F4
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/a3bwXdEcetWa4HPM0Z-NILgyI_Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
78.142.242.0/23
89.43.208.0/24
89.43.210.0/23
103.205.25.0/24
178.239.192.0-178.239.194.255
178.239.200.0/24
178.239.203.0/24
185.103.73.0/24
185.103.75.0/24
185.115.145.0-185.115.146.255
185.121.230.0/23
185.229.104.0/22
185.230.248.0/23
185.236.62.0/23
185.245.236.0-185.245.238.255
192.166.212.0/22
193.19.106.0/24
194.4.156.0/23
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
97:d9:04:68:ca:fa:88:6b:d1:de:5f:9b:75:ce:38:f9:12:31:
f0:a9:ff:ea:c0:f2:ae:5c:4e:25:8b:1d:00:78:5f:3d:f7:55:
8f:3f:16:43:e3:9f:bc:fb:6a:cf:b2:a1:4f:7c:c2:47:29:12:
95:5a:36:a5:0d:e6:ed:80:f6:39:22:c6:4e:8f:1a:21:4d:7b:
96:31:dd:cd:d8:3d:51:76:b6:07:fa:af:1a:7e:ee:67:8d:cd:
ca:21:34:36:19:8b:be:de:94:13:33:51:6d:48:42:9c:e8:71:
3f:86:28:44:d6:38:a5:39:4e:5f:fd:91:e0:00:ad:1a:3f:15:
62:ea:3e:4f:5b:6f:2f:58:1d:01:bb:61:df:69:a7:79:dc:65:
a1:4a:cb:4b:86:f5:d3:a7:c6:d8:5e:f7:6f:b5:e6:73:4b:a4:
c9:06:14:b9:6c:8e:77:6b:b6:42:1d:ee:e3:db:27:8a:5f:b4:
1e:94:a4:5a:d7:80:34:ea:bf:e4:f6:fb:bc:e9:6d:04:f8:96:
8a:b2:ef:89:26:07:4e:15:2e:a5:9f:15:a9:c6:2b:58:ff:ea:
d7:ae:d6:58:5c:c3:9b:4c:bd:38:22:6c:39:75:1a:c1:2b:a0:
de:eb:fd:3c:b2:aa:b3:e0:d8:f1:86:ed:54:e2:79:bd:0d:5c:
5d:57:6f:68
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYgjXC7LCI51UPMYEMKJqrBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTE2MDcwMDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjc2ZjA1ZGQxMWM3YWQ1OWFlMDczY2NkMTlmOGQyMGI4MzIyM2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJi982omKaSm3c5+oqQFPtH73A/r
gOE8KALUWHMZldlfHOjvgfXO52XEkLjBbE7un/jHrJW7sOMPNLVp9Ls5Rz580ogQ
Rl6W5NCfpLEEkCByApBp9o0YhNW/YKinz28Ao684ixHlXy+WqUlrohfrnB0FZTX7
wqThQojEiwoRSmeJELr/eaQE9+7pXs7yrgSq5JUv8QNItdFLwgFzX1h4LZVDLLDS
2uKQkHW7qoEB19REYR4gNROH12TlquHW8j0t/vXGjeiUNxkf9DwfP03nUvmlfKNy
OFDpOXm7HSNPjcJk/BT4CbU4DrxPn4aIEqGEdF42gedrUvaCwJpA2NZ4FQIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFGt28F3RHHrVmuBzzNGfjSC4MiP0MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYTNid1hkRWNldFdhNEhQTTBaLU5JTGd5SV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbAwDAME
Ay2fmAMEAC2fmgMEAD7FhAMEAD7FhwMEAU6O8gMEAFkr0AMEAVkr0gMEAGfNGTAM
AwQGsu/AAwQAsu/CAwQAsu/IAwQAsu/LAwQAuWdJAwQAuWdLMAwDBAC5c5EDBAC5
c5IDBAG5eeYDBAK55WgDBAG55vgDBAG57D4wDAMEArn17AMEALn17gMEAsCm1AME
AMETagMEAcIEnAMEAMIEnwMEAMsACAMEANUg+TANBgkqhkiG9w0BAQsFAAOCAQEA
l9kEaMr6iGvR3l+bdc44+RIx8Kn/6sDyrlxOJYsdAHhfPfdVjz8WQ+OfvPtqz7Kh
T3zCRykSlVo2pQ3m7YD2OSLGTo8aIU17ljHdzdg9UXa2B/qvGn7uZ43NyiE0NhmL
vt6UEzNRbUhCnOhxP4YoRNY4pTlOX/2R4ACtGj8VYuo+T1tvL1gdAbth32mnedxl
oUrLS4b106fG2F73b7Xmc0ukyQYUuWyOd2u2Qh3u49snil+0HpSkWteANOq/5Pb7
vOltBPiWirLviSYHThUupZ8VqcYrWP/q167WWFzDm0y9OCJsOXUawSug3uv9PLKq
s+DY8YbtVOJ5vQ1cXVdvaA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org