Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cCLncSV9mOL9RxJhD0ZF0QTmpRk.roa
File: cCLncSV9mOL9RxJhD0ZF0QTmpRk.roa (raw, json)
Hash identifier: 8PckTCjT+vBxyNAmqXvTGn8WU7eO2KQsbeMorKyPiKE=
Subject key identifier: 70:22:E7:71:25:7D:98:E2:FD:47:12:61:0F:46:45:D1:04:E6:A5:19
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0188A4A9CF95290DCCF81D86672B7C5209AB
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cCLncSV9mOL9RxJhD0ZF0QTmpRk.roa
Signing time: Sat 10 Jun 2023 09:36:12 +0000
ROA not before: Sat 10 Jun 2023 09:36:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
87.247.151.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
188.241.214.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:a4:a9:cf:95:29:0d:cc:f8:1d:86:67:2b:7c:52:09:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 10 09:36:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7022e771257d98e2fd4712610f4645d104e6a519
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:8b:d0:1d:d9:d2:7e:b6:9f:48:09:b2:3c:e2:
78:75:66:3b:bc:be:74:52:c7:d5:58:36:91:c7:cf:
48:13:2c:08:72:9a:50:b4:2d:e2:b3:1f:a0:c0:65:
b3:04:ea:63:ee:bf:b5:ba:83:95:08:06:2d:07:d7:
1c:68:34:83:87:d6:06:70:d0:04:e0:62:dd:2e:2c:
2f:dc:f7:fe:a3:8e:b1:7f:3b:41:a3:75:14:1a:c7:
f9:56:a5:c9:5f:be:16:82:40:f6:eb:b0:ff:c6:30:
03:89:21:14:59:01:62:e5:8d:2d:5b:11:d4:f0:0d:
e1:67:2e:5c:19:6d:4f:fb:b6:d8:f8:cd:39:c3:3a:
65:32:7a:ac:c5:81:cf:6f:8a:b0:2b:1d:32:fd:8b:
81:0a:8c:ce:8d:61:97:e9:87:f2:63:c4:8f:6c:74:
ca:09:f0:36:84:37:fe:66:db:8b:37:96:27:99:44:
4b:c1:53:be:d3:2a:a1:c0:f0:cb:d2:5f:df:f5:c2:
87:87:e1:a6:89:03:63:59:62:48:a5:3c:1f:f2:03:
5d:cb:57:11:3a:aa:a2:14:0d:a2:90:f6:eb:c6:db:
2f:81:a5:b9:e8:3f:92:34:39:e3:be:c5:26:e4:cc:
98:d5:9c:75:25:4b:c0:ee:ba:04:7d:42:bf:bd:c7:
8b:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:22:E7:71:25:7D:98:E2:FD:47:12:61:0F:46:45:D1:04:E6:A5:19
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cCLncSV9mOL9RxJhD0ZF0QTmpRk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
87.247.148.0/24
87.247.150.0/23
89.33.85.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
185.103.72.0/24
185.135.143.0/24
185.238.10.0/24
185.241.210.0/23
185.255.169.0-185.255.170.255
188.212.132.0/23
188.212.158.0/24
188.213.203.0/24
188.240.230.0/24
188.240.232.0/24
188.241.214.0/24
Signature Algorithm: sha256WithRSAEncryption
68:5f:33:21:83:bb:52:f0:b0:d7:af:31:3c:b1:1e:cb:f3:1b:
79:41:1c:1b:04:1b:67:15:72:fa:77:f0:e6:9f:20:36:ab:a1:
52:a6:44:83:3f:e8:4b:57:c9:8e:22:b4:e2:ab:4b:07:20:8b:
93:f2:28:42:4f:ae:18:d4:fd:7e:90:04:11:53:cb:07:ce:70:
b4:2d:73:34:15:0c:cd:57:1b:98:a5:10:e4:1f:f1:dd:df:14:
12:19:f3:18:b5:77:00:92:6c:58:47:97:82:54:be:f8:89:ba:
b6:be:c8:a4:75:45:b5:06:90:50:f0:d0:4d:a1:84:78:c4:3c:
72:51:26:8c:48:f7:05:e2:17:81:99:be:d2:b6:c5:ed:94:1f:
05:a5:79:79:82:43:c3:83:9a:8f:84:8b:15:4d:69:a4:0d:d5:
37:17:26:a4:b0:76:c5:4d:28:46:a5:dd:f4:cf:d6:17:73:e5:
79:11:be:6c:37:f7:70:39:76:c7:b3:26:86:35:6a:71:e5:3b:
53:26:b3:79:18:c1:4a:c2:15:34:5c:71:f1:40:f1:59:10:aa:
e1:c4:57:a8:87:09:b5:cc:12:07:09:74:39:0b:f5:21:5d:c2:
e8:1c:70:e1:3b:42:b6:7b:14:b0:3a:67:5a:8b:00:f2:6d:e4:
95:be:07:e8
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYikqc+VKQ3M+B2GZyt8UgmrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjEwMDkzNjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDIyZTc3MTI1N2Q5OGUyZmQ0NzEyNjEwZjQ2NDVkMTA0ZTZhNTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjovQHdnSfrafSAmyPOJ4dWY7vL50
UsfVWDaRx89IEywIcppQtC3isx+gwGWzBOpj7r+1uoOVCAYtB9ccaDSDh9YGcNAE
4GLdLiwv3Pf+o46xfztBo3UUGsf5VqXJX74WgkD267D/xjADiSEUWQFi5Y0tWxHU
8A3hZy5cGW1P+7bY+M05wzplMnqsxYHPb4qwKx0y/YuBCozOjWGX6YfyY8SPbHTK
CfA2hDf+ZtuLN5YnmURLwVO+0yqhwPDL0l/f9cKHh+GmiQNjWWJIpTwf8gNdy1cR
OqqiFA2ikPbrxtsvgaW56D+SNDnjvsUm5MyY1Zx1JUvA7roEfUK/vceLzQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFHAi53ElfZji/UcSYQ9GRdEE5qUZMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvY0NMbmNTVjltT0w5UnhKaEQwWkYwUVRtcFJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAC2cnQME
AFf3lAMEAVf3lgMEAFkhVQMEAFklPwMEAFu8zAMEAV1z/gMEALlnSAMEALmHjwME
ALnuCgMEAbnx0jAMAwQAuf+pAwQAuf+qAwQBvNSEAwQAvNSeAwQAvNXLAwQAvPDm
AwQAvPDoAwQAvPHWMA0GCSqGSIb3DQEBCwUAA4IBAQBoXzMhg7tS8LDXrzE8sR7L
8xt5QRwbBBtnFXL6d/DmnyA2q6FSpkSDP+hLV8mOIrTiq0sHIIuT8ihCT64Y1P1+
kAQRU8sHznC0LXM0FQzNVxuYpRDkH/Hd3xQSGfMYtXcAkmxYR5eCVL74ibq2vsik
dUW1BpBQ8NBNoYR4xDxyUSaMSPcF4heBmb7StsXtlB8FpXl5gkPDg5qPhIsVTWmk
DdU3FyaksHbFTShGpd30z9YXc+V5Eb5sN/dwOXbHsyaGNWpx5TtTJrN5GMFKwhU0
XHHxQPFZEKrhxFeohwm1zBIHCXQ5C/UhXcLoHHDhO0K2exSwOmdaiwDybeSVvgfo
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org