Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gzTug5tm4HhRYWV93vL-5aHOybw.roa
File: gzTug5tm4HhRYWV93vL-5aHOybw.roa (raw, json)
Hash identifier: yDAJmwx0CJ76lMAlXj4f7nUrrihVyIDgcdID72jV6y8=
Subject key identifier: 83:34:EE:83:9B:66:E0:78:51:61:65:7D:DE:F2:FE:E5:A1:CE:C9:BC
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0187BA0A2D190A27E68CB61AC9F989A80D81
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gzTug5tm4HhRYWV93vL-5aHOybw.roa
Signing time: Tue 25 Apr 2023 20:10:41 +0000
ROA not before: Tue 25 Apr 2023 20:10:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.115.146.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
185.245.238.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
185.121.230.0/24 maxlen: 24
185.9.54.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
178.239.192.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ba:0a:2d:19:0a:27:e6:8c:b6:1a:c9:f9:89:a8:0d:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 25 20:10:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8334ee839b66e0785161657ddef2fee5a1cec9bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:bc:24:46:b4:83:33:c9:ab:b1:10:37:f8:07:
55:de:f5:68:f2:a9:4c:cd:31:32:05:fb:e2:99:89:
b1:fd:34:18:b9:97:82:ed:37:fa:b4:03:11:39:58:
69:ad:bc:02:b0:7f:67:f7:f8:a1:75:65:e1:aa:bd:
ad:31:69:34:bb:46:53:df:24:4c:46:1e:a4:4e:6b:
6a:0c:06:8f:6b:92:1d:e0:02:b9:48:a7:4e:21:49:
29:2f:88:bf:2a:a0:b1:7f:fc:7a:30:63:9c:68:66:
d6:31:80:58:4c:80:48:78:4c:35:3a:4c:64:b5:6d:
f9:29:b7:4f:8f:e2:10:3f:ca:47:e1:c9:3d:8e:21:
84:c3:b9:0d:5a:3b:26:6f:48:8e:46:97:de:44:e3:
69:6f:42:21:74:40:0e:29:47:36:28:22:06:34:34:
09:28:ab:1d:ef:6a:82:ff:67:5c:a2:7c:1f:4f:26:
f9:24:a9:45:a5:e0:28:96:32:d5:a4:a1:6e:c9:d6:
b1:e9:97:40:1c:b7:2b:e0:6e:7e:50:fb:03:0f:cc:
56:2a:cb:c5:3b:73:6b:33:09:26:b3:2b:c4:08:78:
7d:b6:e6:5e:0d:a8:93:0f:aa:64:3b:ef:37:52:a4:
c7:ef:58:7c:d8:45:a8:39:71:75:46:de:7f:fc:65:
25:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:34:EE:83:9B:66:E0:78:51:61:65:7D:DE:F2:FE:E5:A1:CE:C9:BC
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/gzTug5tm4HhRYWV93vL-5aHOybw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.135.0/24
78.142.242.0/23
89.43.208.0/24
178.239.192.0/24
178.239.203.0/24
185.9.54.0/24
185.103.75.0/24
185.115.146.0/24
185.121.230.0/23
185.229.104.0/24
185.229.106.0/24
185.230.248.0/23
185.245.237.0-185.245.238.255
194.4.156.0/23
194.4.159.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
47:4b:78:f0:ed:da:8f:05:c4:44:2e:ce:80:45:6b:2a:4d:25:
cb:de:8d:22:85:ad:ab:9c:4e:fe:24:07:53:b3:7c:b1:ca:33:
c5:6f:c7:4d:da:33:73:ba:ab:ad:85:cc:b2:c3:61:1b:35:c6:
bc:a6:97:0f:d3:e4:11:e5:8f:f8:3c:93:af:78:1e:f2:c8:1a:
f0:68:a7:a7:6a:52:aa:3b:b4:39:20:96:0e:8d:44:c4:72:67:
bd:ad:e9:67:f5:81:f0:fb:74:1b:f1:12:57:11:0b:4a:b5:1b:
32:17:db:49:a2:3d:e8:36:77:9d:5a:66:bc:08:07:fd:aa:fc:
a5:c5:4d:80:65:4a:11:f8:70:00:b7:17:58:0d:50:75:7d:4c:
ee:df:c0:a7:9b:3d:66:0c:f3:dd:a4:1a:1f:46:e2:0c:a1:e8:
06:e1:69:10:5f:5d:9a:fb:65:78:e5:3b:ab:5c:21:ff:8f:dd:
4d:fb:1d:09:47:6b:fa:4c:79:b7:2c:f5:7e:6e:c6:75:11:c8:
48:49:c4:22:b7:35:85:a0:59:43:d2:aa:b5:21:5c:57:90:53:
dc:c1:48:f0:b2:81:c5:92:3e:d5:aa:a4:40:b2:b3:d4:11:3d:
79:1a:97:5a:47:7b:1a:7d:c6:36:08:45:96:fc:92:5d:65:39:
40:43:1d:89
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYe6Ci0ZCifmjLYayfmJqA2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDI1MjAxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzM0ZWU4MzliNjZlMDc4NTE2MTY1N2RkZWYyZmVlNWExY2VjOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLwkRrSDM8mrsRA3+AdV3vVo8qlM
zTEyBfvimYmx/TQYuZeC7Tf6tAMROVhprbwCsH9n9/ihdWXhqr2tMWk0u0ZT3yRM
Rh6kTmtqDAaPa5Id4AK5SKdOIUkpL4i/KqCxf/x6MGOcaGbWMYBYTIBIeEw1Okxk
tW35KbdPj+IQP8pH4ck9jiGEw7kNWjsmb0iORpfeRONpb0IhdEAOKUc2KCIGNDQJ
KKsd72qC/2dconwfTyb5JKlFpeAoljLVpKFuydax6ZdAHLcr4G5+UPsDD8xWKsvF
O3NrMwkmsyvECHh9tuZeDaiTD6pkO+83UqTH71h82EWoOXF1Rt5//GUlwwIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFIM07oObZuB4UWFlfd7y/uWhzsm8MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZ3pUdWc1dG00SGhSWVdWOTN2TC01YUhPeWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYwDAMEAy2f
mAMEAC2fmgMEAD7FhwMEAU6O8gMEAFkr0AMEALLvwAMEALLvywMEALkJNgMEALln
SwMEALlzkgMEAbl55gMEALnlaAMEALnlagMEAbnm+DAMAwQAufXtAwQAufXuAwQB
wgScAwQAwgSfAwQA1SD5MA0GCSqGSIb3DQEBCwUAA4IBAQBHS3jw7dqPBcRELs6A
RWsqTSXL3o0iha2rnE7+JAdTs3yxyjPFb8dN2jNzuquthcyyw2EbNca8ppcP0+QR
5Y/4PJOveB7yyBrwaKenalKqO7Q5IJYOjUTEcme9reln9YHw+3Qb8RJXEQtKtRsy
F9tJoj3oNnedWma8CAf9qvylxU2AZUoR+HAAtxdYDVB1fUzu38Cnmz1mDPPdpBof
RuIMoegG4WkQX12a+2V45TurXCH/j91N+x0JR2v6THm3LPV+bsZ1EchIScQitzWF
oFlD0qq1IVxXkFPcwUjwsoHFkj7VqqRAsrPUET15GpdaR3safcY2CEWW/JJdZTlA
Qx2J
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org