Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gH2YQE1UrcuscS73I7A5r9rNJRY.roa
File: gH2YQE1UrcuscS73I7A5r9rNJRY.roa (raw, json)
Hash identifier: 0Fp+8F7pkR7rraGbud6AthlNq0yfB2zLK2ZbO5WpsbY=
Subject key identifier: 80:7D:98:40:4D:54:AD:CB:AC:71:2E:F7:23:B0:39:AF:DA:CD:25:16
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186C14A0DCC65FDE840D9934DFCB3F7459D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gH2YQE1UrcuscS73I7A5r9rNJRY.roa
Signing time: Wed 08 Mar 2023 12:55:01 +0000
ROA not before: Wed 08 Mar 2023 12:55:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 178.239.202.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.38.101.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:c1:4a:0d:cc:65:fd:e8:40:d9:93:4d:fc:b3:f7:45:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 8 12:55:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=807d98404d54adcbac712ef723b039afdacd2516
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:31:8b:10:72:bd:87:96:c2:5e:da:2d:d3:6c:
a6:33:3f:02:a9:16:ec:98:73:5f:93:92:ff:fd:04:
4f:91:b9:86:c6:12:fc:a5:d5:f6:c5:15:8d:35:60:
c1:2e:67:4a:fd:9b:3f:1f:16:7f:a7:54:d0:9d:07:
7a:11:67:6d:d8:b0:2a:90:66:12:4d:ef:22:f9:ad:
5b:29:4b:23:46:35:8a:3f:e6:47:14:f4:5f:a3:0a:
62:e3:14:8f:74:18:1b:18:07:dc:37:81:a8:49:43:
cf:27:7a:80:fd:23:75:5c:ea:be:a1:10:01:c9:d5:
56:33:be:aa:1d:19:59:33:f5:c0:b1:7f:38:de:a6:
fe:f0:b7:8b:36:ff:0f:87:6b:03:e6:20:ea:aa:7c:
3d:e7:2e:a4:b5:af:c5:6c:48:db:d9:55:ca:d8:21:
8b:d0:ab:12:c8:da:0c:4b:35:ef:c2:d7:1a:64:1b:
f5:3f:fb:70:ea:1a:33:1a:07:a1:83:7f:1f:95:30:
e0:63:6a:f6:e7:e1:d2:e8:48:f7:82:6b:66:e3:72:
a9:ab:e2:73:d1:da:9d:dc:a8:7e:d6:ae:53:b8:4e:
69:ab:95:56:71:cd:0d:03:f4:f7:60:e0:22:a9:ab:
18:41:6c:3a:c9:f3:3e:b0:80:a4:58:f7:14:e1:0f:
8c:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:7D:98:40:4D:54:AD:CB:AC:71:2E:F7:23:B0:39:AF:DA:CD:25:16
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gH2YQE1UrcuscS73I7A5r9rNJRY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
77.75.60.0/24
77.75.62.0/24
89.38.101.0/24
89.43.208.0/24
178.239.202.0/24
185.229.104.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
36:57:51:55:f6:8d:b1:f6:09:b5:1c:69:a9:d2:40:82:47:fd:
6f:2a:05:01:d3:3b:f0:34:77:3b:04:89:26:7b:16:84:e4:a5:
1b:8b:8c:e8:8d:31:a5:8d:4a:5c:ac:b0:90:3f:84:5e:52:f9:
d4:fd:b0:77:47:72:b3:a9:21:1c:d4:8b:1a:8d:e6:6f:48:76:
ea:33:07:ed:9b:c0:fe:fa:26:8d:f7:8b:b5:76:60:8c:28:c5:
b2:b0:da:1d:cc:2e:35:85:07:ab:d6:71:6e:d1:c1:b1:a3:a9:
a1:d7:86:e8:fa:93:b1:2e:3a:98:b5:9f:aa:ba:c6:6b:9e:01:
34:f4:1d:29:d1:da:d5:db:54:4b:c0:60:dd:b4:82:e3:b2:7e:
4b:20:f4:f0:0d:a1:4f:f0:ec:f7:c6:fb:40:72:3a:94:84:9f:
b8:09:ec:44:5f:90:e3:87:6b:cd:a6:d4:3a:77:ad:9d:89:94:
fc:17:1f:39:4b:bf:21:52:e1:c3:0a:dd:ff:31:5a:65:0d:e1:
1d:b0:aa:64:b6:5b:3b:4f:fb:35:93:73:1f:b3:84:91:a9:ae:
c2:79:8e:bc:f2:ad:e5:27:52:49:80:1f:3b:b5:27:a9:7b:b9:
8c:5c:b2:df:f6:9f:c8:b8:22:79:1d:76:d9:b3:44:00:f6:96:
05:71:b9:f8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYbBSg3MZf3oQNmTTfyz90WdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA4MTI1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdkOTg0MDRkNTRhZGNiYWM3MTJlZjcyM2IwMzlhZmRhY2QyNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzGLEHK9h5bCXtot02ymMz8CqRbs
mHNfk5L//QRPkbmGxhL8pdX2xRWNNWDBLmdK/Zs/HxZ/p1TQnQd6EWdt2LAqkGYS
Te8i+a1bKUsjRjWKP+ZHFPRfowpi4xSPdBgbGAfcN4GoSUPPJ3qA/SN1XOq+oRAB
ydVWM76qHRlZM/XAsX843qb+8LeLNv8Ph2sD5iDqqnw95y6kta/FbEjb2VXK2CGL
0KsSyNoMSzXvwtcaZBv1P/tw6hozGgehg38flTDgY2r25+HS6Ej3gmtm43Kpq+Jz
0dqd3Kh+1q5TuE5pq5VWcc0NA/T3YOAiqasYQWw6yfM+sICkWPcU4Q+MewIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFIB9mEBNVK3LrHEu9yOwOa/azSUWMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZ0gyWVFFMVVyY3VzY1M3M0k3QTVyOXJOSlJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALZ+YAwQA
TUs8AwQATUs+AwQAWSZlAwQAWSvQAwQAsu/KAwQAueVoAwQAwgSdAwQAywAIMA0G
CSqGSIb3DQEBCwUAA4IBAQA2V1FV9o2x9gm1HGmp0kCCR/1vKgUB0zvwNHc7BIkm
exaE5KUbi4zojTGljUpcrLCQP4ReUvnU/bB3R3KzqSEc1IsajeZvSHbqMwftm8D+
+iaN94u1dmCMKMWysNodzC41hQer1nFu0cGxo6mh14bo+pOxLjqYtZ+qusZrngE0
9B0p0drV21RLwGDdtILjsn5LIPTwDaFP8Oz3xvtAcjqUhJ+4CexEX5Djh2vNptQ6
d62diZT8Fx85S78hUuHDCt3/MVplDeEdsKpktls7T/s1k3Mfs4SRqa7CeY688q3l
J1JJgB87tSepe7mMXLLf9p/IuCJ5HXbZs0QA9pYFcbn4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org