Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bQbS9Utj02bAeozdVSTunwzCv8w.roa
File: bQbS9Utj02bAeozdVSTunwzCv8w.roa (raw, json)
Hash identifier: 9TLFAQQWRj2P1aYggpEx9SpfET8v5IootD4scKvF7Tc=
Subject key identifier: 6D:06:D2:F5:4B:63:D3:66:C0:7A:8C:DD:55:24:EE:9F:0C:C2:BF:CC
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018571031EC30E4D1E3DF8D90C0288D8A9CB
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bQbS9Utj02bAeozdVSTunwzCv8w.roa
Signing time: Mon 02 Jan 2023 05:45:07 +0000
ROA not before: Mon 02 Jan 2023 05:45:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212238
IP address blocks: 194.5.85.0/24 maxlen: 24
45.154.24.0/22 maxlen: 22
80.76.56.0/22 maxlen: 22
45.12.172.0/22 maxlen: 22
193.19.108.0/24 maxlen: 24
45.248.144.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:03:1e:c3:0e:4d:1e:3d:f8:d9:0c:02:88:d8:a9:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 2 05:45:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6d06d2f54b63d366c07a8cdd5524ee9f0cc2bfcc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:c1:1b:39:74:fd:bf:50:46:23:ea:b5:44:19:
34:97:60:b4:24:82:34:8a:5c:3e:ed:25:19:42:2e:
04:c7:a9:8f:ae:71:00:9b:bf:9b:d9:ee:8f:bf:83:
4e:1d:2b:ca:46:db:6b:4b:f4:65:9e:60:69:31:a5:
2a:98:79:1c:7d:5b:1f:db:0a:8f:01:d8:b4:3d:e1:
ef:24:c2:c9:c1:17:c8:83:f1:07:c2:2f:2f:95:69:
14:f4:ad:9d:92:77:91:fe:67:16:5c:4e:b4:9e:59:
ca:78:57:42:c5:9e:25:58:00:e5:d6:9c:0f:f0:e1:
ec:fd:88:66:78:76:e0:18:bd:c0:a7:f7:c6:97:b0:
47:4b:95:04:fa:0b:ec:4b:80:8a:ca:e1:44:d0:0a:
6b:1d:53:8b:40:e9:89:83:80:2a:7e:e5:a3:c8:3a:
d0:d3:c8:9d:8e:8b:81:53:50:c5:0b:1c:2d:a4:d5:
5d:7f:e6:51:b5:ba:23:fa:60:b4:f4:4c:82:94:95:
bd:ff:10:9d:cc:59:b0:75:47:0c:46:bc:f7:5f:5d:
32:0d:b5:87:36:59:23:5b:ef:2d:e0:68:d4:71:82:
48:04:66:c4:4a:05:4b:be:d2:ac:f1:04:7d:4d:61:
a7:00:68:04:e1:69:ab:68:e5:14:2c:71:ac:90:5c:
82:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:06:D2:F5:4B:63:D3:66:C0:7A:8C:DD:55:24:EE:9F:0C:C2:BF:CC
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bQbS9Utj02bAeozdVSTunwzCv8w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.172.0/22
45.154.24.0/22
45.248.144.0/22
80.76.56.0/22
193.19.108.0/24
194.5.85.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:29:5b:bc:95:8b:a0:c1:d0:07:3a:6e:9c:41:e1:9c:86:06:
68:5b:9a:b6:1f:41:e5:80:38:55:cc:99:57:80:94:c5:85:fe:
5c:c2:4f:86:81:ec:87:a1:9c:db:6c:fb:c0:ca:c8:f5:fb:11:
0d:c7:fb:d0:60:7e:ae:93:09:34:4a:e3:4a:72:e7:5a:46:4e:
e2:64:ad:e4:94:c5:fc:fd:5a:0c:cf:42:27:03:fa:f0:eb:60:
cf:43:fa:11:69:13:58:e8:e2:2b:a0:ee:20:3a:a3:31:00:0e:
ba:f9:2b:14:cc:70:a6:90:5f:1e:ed:1e:fe:3c:a1:a6:35:aa:
ca:01:79:dd:5c:fb:0a:3d:4e:12:08:25:db:b8:52:9c:f8:98:
b3:0b:5e:e9:0c:65:f9:95:0c:8c:11:9c:6d:cf:61:26:92:4d:
55:a4:dc:dc:7a:b8:a7:ee:78:6b:54:40:0c:62:ec:50:ef:1b:
32:4b:a1:b1:41:50:53:29:b7:b4:b7:86:6d:00:06:7a:ce:4b:
f0:85:ba:f2:2d:a3:24:0c:92:4f:70:d1:a2:40:31:fc:7f:3d:
3b:eb:dd:d5:9e:1f:9e:3e:a8:cb:14:2a:18:f9:1a:cd:e7:ae:
b5:b0:92:29:8d:37:46:e2:7e:df:7d:67:54:d9:1c:6f:54:3f:
88:ba:50:cb
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYVxAx7DDk0ePfjZDAKI2KnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTAyMDU0NTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDA2ZDJmNTRiNjNkMzY2YzA3YThjZGQ1NTI0ZWU5ZjBjYzJiZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8EbOXT9v1BGI+q1RBk0l2C0JII0
ilw+7SUZQi4Ex6mPrnEAm7+b2e6Pv4NOHSvKRttrS/RlnmBpMaUqmHkcfVsf2wqP
Adi0PeHvJMLJwRfIg/EHwi8vlWkU9K2dkneR/mcWXE60nlnKeFdCxZ4lWADl1pwP
8OHs/YhmeHbgGL3Ap/fGl7BHS5UE+gvsS4CKyuFE0AprHVOLQOmJg4AqfuWjyDrQ
08idjouBU1DFCxwtpNVdf+ZRtboj+mC09EyClJW9/xCdzFmwdUcMRrz3X10yDbWH
NlkjW+8t4GjUcYJIBGbESgVLvtKs8QR9TWGnAGgE4WmraOUULHGskFyCPwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFG0G0vVLY9NmwHqM3VUk7p8Mwr/MMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYlFiUzlVdGowMmJBZW96ZFZTVHVud3pDdjh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCLQysAwQC
LZoYAwQCLfiQAwQCUEw4AwQAwRNsAwQAwgVVMA0GCSqGSIb3DQEBCwUAA4IBAQCO
KVu8lYugwdAHOm6cQeGchgZoW5q2H0HlgDhVzJlXgJTFhf5cwk+GgeyHoZzbbPvA
ysj1+xENx/vQYH6ukwk0SuNKcudaRk7iZK3klMX8/VoMz0InA/rw62DPQ/oRaRNY
6OIroO4gOqMxAA66+SsUzHCmkF8e7R7+PKGmNarKAXndXPsKPU4SCCXbuFKc+Jiz
C17pDGX5lQyMEZxtz2Emkk1VpNzcerin7nhrVEAMYuxQ7xsyS6GxQVBTKbe0t4Zt
AAZ6zkvwhbryLaMkDJJPcNGiQDH8fz07693Vnh+ePqjLFCoY+RrN5661sJIpjTdG
4n7ffWdU2RxvVD+IulDL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org