Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iIk_xURkmhF6M9SGk2JUaOkVL2I.roa
File: iIk_xURkmhF6M9SGk2JUaOkVL2I.roa (raw, json)
Hash identifier: Ed+n9lFLPyXec450oyXn1Ts9/V5q4HXtENP2oq36jEI=
Subject key identifier: 88:89:3F:C5:44:64:9A:11:7A:33:D4:86:93:62:54:68:E9:15:2F:62
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018820C08B730F94F46C3AE602D24CAB7C68
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iIk_xURkmhF6M9SGk2JUaOkVL2I.roa
Signing time: Mon 15 May 2023 18:51:09 +0000
ROA not before: Mon 15 May 2023 18:51:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:20:c0:8b:73:0f:94:f4:6c:3a:e6:02:d2:4c:ab:7c:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: May 15 18:51:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=88893fc544649a117a33d48693625468e9152f62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:d0:6a:a4:cb:43:e3:48:b8:5e:21:b6:5b:06:
ca:ff:dd:88:f2:ea:77:5c:00:24:b7:c9:50:b1:f9:
0e:e3:9b:ef:3d:34:7c:8c:a4:6a:9d:b2:e2:76:9a:
3e:91:ae:f1:c0:a6:75:33:bd:5a:0e:ee:39:1a:24:
bb:3a:a8:73:88:e4:29:f0:be:37:e3:cc:70:9a:53:
aa:1a:2b:c9:6b:a1:b7:12:e3:26:bf:9a:bd:a8:33:
fb:f4:97:66:02:47:42:38:c7:4b:bc:06:6c:44:98:
95:06:3a:43:7d:42:d9:43:84:bd:14:4a:43:39:45:
61:2c:51:5b:dd:fe:eb:76:69:41:9c:1d:7e:52:e9:
4c:43:5b:08:9d:9f:30:7d:e8:15:10:76:5f:0a:5e:
b5:97:2e:17:ce:3b:07:a7:28:66:de:e1:c2:63:a6:
3f:c9:db:d7:44:6e:b7:19:5d:4e:a6:cc:9b:52:02:
fe:a4:63:29:c9:34:03:82:be:2a:c6:ef:93:26:fc:
ce:6f:04:04:cb:ef:2d:41:2f:c3:db:c4:11:07:d2:
81:84:f1:ed:10:bb:47:19:3d:54:a0:ad:93:2a:91:
3c:f0:a5:5e:dc:92:b0:97:ff:70:64:0a:bf:62:3f:
ba:e8:12:de:fe:8a:62:2d:8e:5e:8b:59:bf:8e:95:
09:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:89:3F:C5:44:64:9A:11:7A:33:D4:86:93:62:54:68:E9:15:2F:62
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iIk_xURkmhF6M9SGk2JUaOkVL2I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
87.247.148.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
185.103.72.0/24
185.135.143.0/24
185.238.10.0/24
185.241.209.0-185.241.211.255
185.255.169.0-185.255.170.255
188.212.132.0/23
188.213.203.0/24
188.240.230.0/24
188.240.232.0/24
Signature Algorithm: sha256WithRSAEncryption
97:45:2b:5c:dd:7b:40:f6:03:6a:56:c4:46:f2:04:12:95:ca:
df:15:a5:46:13:9c:5d:2d:6a:46:c5:4c:ee:43:2b:a0:06:95:
a1:34:e9:bf:98:a5:53:41:e5:28:fa:96:ef:6b:e1:1d:40:83:
29:40:bf:8d:02:26:f7:ed:0a:bc:f9:79:7e:a4:55:65:b9:44:
90:57:d9:ec:a3:aa:e4:94:9a:54:b4:04:e8:fa:23:ff:3c:c7:
8b:b0:e4:00:f7:5d:7f:ef:49:50:94:9e:e1:59:5b:cb:d5:d6:
9f:68:97:d6:96:58:fa:e1:91:a6:ad:37:4a:2d:78:a3:8a:f7:
9c:52:9b:57:6d:9a:4b:db:e7:2a:e7:c0:a2:72:62:71:5f:49:
96:0a:df:19:c5:f2:ef:4f:db:01:5f:1c:75:08:1a:36:ad:ad:
f5:8d:a6:fc:36:ad:00:45:29:5a:1f:a2:0d:80:22:7b:71:0e:
07:9b:78:75:4b:d6:f4:c2:3c:e0:5f:84:3d:e6:40:e3:cb:41:
e1:7c:06:db:37:2d:0c:c0:70:57:c8:5c:7f:a1:bd:47:64:e4:
3d:23:5f:8c:00:28:ab:27:66:fe:ff:0a:41:0b:88:52:f9:d7:
a2:82:47:75:e2:04:5f:c3:e2:da:35:2f:b5:db:87:69:b7:91:
28:89:e0:3e
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYggwItzD5T0bDrmAtJMq3xoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNTE1MTg1MTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg5M2ZjNTQ0NjQ5YTExN2EzM2Q0ODY5MzYyNTQ2OGU5MTUyZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdBqpMtD40i4XiG2WwbK/92I8up3
XAAkt8lQsfkO45vvPTR8jKRqnbLidpo+ka7xwKZ1M71aDu45GiS7OqhziOQp8L43
48xwmlOqGivJa6G3EuMmv5q9qDP79JdmAkdCOMdLvAZsRJiVBjpDfULZQ4S9FEpD
OUVhLFFb3f7rdmlBnB1+UulMQ1sInZ8wfegVEHZfCl61ly4XzjsHpyhm3uHCY6Y/
ydvXRG63GV1OpsybUgL+pGMpyTQDgr4qxu+TJvzObwQEy+8tQS/D28QRB9KBhPHt
ELtHGT1UoK2TKpE88KVe3JKwl/9wZAq/Yj+66BLe/opiLY5ei1m/jpUJ/QIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFIiJP8VEZJoRejPUhpNiVGjpFS9iMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaUlrX3hVUmttaEY2TTlTR2sySlVhT2tWTDJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBqBAIAATBkAwQALZydAwQA
V/eUAwQAWSU/AwQAW7zMAwQBXXP+AwQAuWdIAwQAuYePAwQAue4KMAwDBAC58dED
BAK58dAwDAMEALn/qQMEALn/qgMEAbzUhAMEALzVywMEALzw5gMEALzw6DANBgkq
hkiG9w0BAQsFAAOCAQEAl0UrXN17QPYDalbERvIEEpXK3xWlRhOcXS1qRsVM7kMr
oAaVoTTpv5ilU0HlKPqW72vhHUCDKUC/jQIm9+0KvPl5fqRVZblEkFfZ7KOq5JSa
VLQE6Poj/zzHi7DkAPddf+9JUJSe4Vlby9XWn2iX1pZY+uGRpq03Si14o4r3nFKb
V22aS9vnKufAonJicV9JlgrfGcXy70/bAV8cdQgaNq2t9Y2m/DatAEUpWh+iDYAi
e3EOB5t4dUvW9MI84F+EPeZA48tB4XwG2zctDMBwV8hcf6G9R2TkPSNfjAAoqydm
/v8KQQuIUvnXooJHdeIEX8Pi2jUvtduHabeRKIngPg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org