Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hc4Yu2pwOgp2KdRG-bQ80eQ0Bm0.roa
File: hc4Yu2pwOgp2KdRG-bQ80eQ0Bm0.roa (raw, json)
Hash identifier: guYgK/Inu5s45RLt4Glz1p0Gqnpwr5BGoHe52RSuDbE=
Subject key identifier: 85:CE:18:BB:6A:70:3A:0A:76:29:D4:46:F9:B4:3C:D1:E4:34:06:6D
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018721EF0F76423F687C002FDFA4A9F1CE33
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hc4Yu2pwOgp2KdRG-bQ80eQ0Bm0.roa
Signing time: Mon 27 Mar 2023 07:18:47 +0000
ROA not before: Mon 27 Mar 2023 07:18:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 185.230.248.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:21:ef:0f:76:42:3f:68:7c:00:2f:df:a4:a9:f1:ce:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 27 07:18:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=85ce18bb6a703a0a7629d446f9b43cd1e434066d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:c8:00:8a:bc:a1:8c:d4:b7:09:97:58:9b:d7:
87:89:a3:fd:0d:c0:87:20:d9:d4:7d:3c:6e:15:f6:
62:45:39:8c:be:91:d0:45:10:7a:57:a7:7f:95:8a:
b9:f1:fa:f3:58:ee:58:00:40:92:cd:b3:ef:a5:b9:
b5:81:68:92:26:58:b8:a9:f0:6f:05:1b:8d:0e:7e:
7f:4b:c8:88:84:4e:30:24:6e:fd:61:1c:f8:df:38:
44:d7:70:56:c2:12:59:95:6f:d7:23:b5:c9:b8:09:
5d:02:9f:98:a9:9d:04:7c:10:3b:21:2c:ad:1a:c0:
54:57:d1:92:da:d5:43:6b:3f:b0:07:b0:22:cc:37:
c3:f6:5f:c4:15:ad:0c:71:94:26:0d:14:c7:37:27:
c4:ab:9b:31:1f:7b:e1:89:d2:d2:0d:1d:2e:ed:08:
ef:b7:13:d4:0c:91:dc:26:97:91:2b:c8:b6:20:78:
55:b7:65:30:31:b8:88:51:1a:18:ea:a2:44:f4:b8:
d0:a5:25:a2:c8:a8:d5:34:7a:a1:a6:46:53:39:77:
08:d1:7a:7a:cc:31:d7:9b:69:15:15:61:1b:0a:0f:
22:79:ac:43:3b:84:3b:3b:aa:e1:70:d0:ad:43:7c:
00:19:f7:e5:26:0a:6e:f6:9a:84:d2:29:a9:c1:e9:
42:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:CE:18:BB:6A:70:3A:0A:76:29:D4:46:F9:B4:3C:D1:E4:34:06:6D
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hc4Yu2pwOgp2KdRG-bQ80eQ0Bm0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
77.75.60.0/24
89.43.208.0/24
185.229.104.0/24
185.230.248.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:4a:c9:1e:75:61:9a:9f:24:f0:67:46:12:29:81:43:79:68:
22:1d:89:f0:23:02:d3:5d:59:bd:27:a2:7c:1b:4e:56:c4:7f:
64:b2:4f:cb:50:0a:03:dc:9e:64:23:4b:69:e4:f7:86:c6:43:
c1:b5:c0:cc:95:a6:07:b3:85:89:52:c5:b1:96:ff:59:51:ff:
14:54:d9:08:80:67:d7:13:8e:3b:fc:bf:60:2e:05:03:6d:f8:
d3:de:96:e7:83:cd:61:b1:2b:f6:d0:84:09:83:f4:cc:de:4d:
73:f7:e7:76:41:5d:21:a6:fd:70:da:b2:6a:c4:1e:39:d0:29:
8c:89:87:49:79:45:54:02:c2:85:4a:97:af:42:5c:84:38:b9:
46:f2:db:ff:2a:be:88:1c:c3:d1:49:4d:ea:ba:52:7c:37:9d:
08:17:98:e2:63:25:6d:30:5b:7e:1e:06:62:a5:69:3f:0c:f9:
11:72:c6:22:82:21:1f:9d:be:26:0a:79:0a:10:72:4b:24:60:
44:99:52:95:79:07:41:7c:13:60:05:4a:99:eb:f7:98:09:b6:
5a:77:c7:7e:65:f0:3a:8c:4a:b7:78:23:4c:16:13:32:0f:10:
62:8e:51:8a:0a:f1:34:2a:73:c3:b6:d7:c5:26:53:30:f2:d2:
b6:f8:b2:8d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYch7w92Qj9ofAAv36Sp8c4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI3MDcxODQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWNlMThiYjZhNzAzYTBhNzYyOWQ0NDZmOWI0M2NkMWU0MzQwNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMgAiryhjNS3CZdYm9eHiaP9DcCH
INnUfTxuFfZiRTmMvpHQRRB6V6d/lYq58frzWO5YAECSzbPvpbm1gWiSJli4qfBv
BRuNDn5/S8iIhE4wJG79YRz43zhE13BWwhJZlW/XI7XJuAldAp+YqZ0EfBA7ISyt
GsBUV9GS2tVDaz+wB7AizDfD9l/EFa0McZQmDRTHNyfEq5sxH3vhidLSDR0u7Qjv
txPUDJHcJpeRK8i2IHhVt2UwMbiIURoY6qJE9LjQpSWiyKjVNHqhpkZTOXcI0Xp6
zDHXm2kVFWEbCg8ieaxDO4Q7O6rhcNCtQ3wAGfflJgpu9pqE0impwelC8QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIXOGLtqcDoKdinURvm0PNHkNAZtMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaGM0WXUycHdPZ3AyS2RSRy1iUTgwZVEwQm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALZ+YAwQA
TUs8AwQAWSvQAwQAueVoAwQAueb4AwQAwgSdAwQAywAIMA0GCSqGSIb3DQEBCwUA
A4IBAQBbSskedWGanyTwZ0YSKYFDeWgiHYnwIwLTXVm9J6J8G05WxH9ksk/LUAoD
3J5kI0tp5PeGxkPBtcDMlaYHs4WJUsWxlv9ZUf8UVNkIgGfXE447/L9gLgUDbfjT
3pbng81hsSv20IQJg/TM3k1z9+d2QV0hpv1w2rJqxB450CmMiYdJeUVUAsKFSpev
QlyEOLlG8tv/Kr6IHMPRSU3qulJ8N50IF5jiYyVtMFt+HgZipWk/DPkRcsYigiEf
nb4mCnkKEHJLJGBEmVKVeQdBfBNgBUqZ6/eYCbZad8d+ZfA6jEq3eCNMFhMyDxBi
jlGKCvE0KnPDttfFJlMw8tK2+LKN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org