Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k3Z2tz9-ieXfl9PXoOoDp-Rk5_E.roa
File: k3Z2tz9-ieXfl9PXoOoDp-Rk5_E.roa (raw, json)
Hash identifier: XkaAREQ10yQ+7PdyP86vbG6rKwqTY78pQDq0uijmC4g=
Subject key identifier: 93:76:76:B7:3F:7E:89:E5:DF:97:D3:D7:A0:EA:03:A7:E4:64:E7:F1
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01872851E97B7BD89B1283183F460F4D3FC5
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k3Z2tz9-ieXfl9PXoOoDp-Rk5_E.roa
Signing time: Tue 28 Mar 2023 13:04:29 +0000
ROA not before: Tue 28 Mar 2023 13:04:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 185.121.230.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.159.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:28:51:e9:7b:7b:d8:9b:12:83:18:3f:46:0f:4d:3f:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 28 13:04:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=937676b73f7e89e5df97d3d7a0ea03a7e464e7f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:33:0f:25:b2:f1:4a:7b:94:c9:ec:c2:92:b6:
d2:3e:f9:84:f0:e6:53:76:89:4a:b6:aa:76:7b:5e:
2c:fa:ae:81:c1:69:23:2c:ab:47:04:b9:de:f7:ed:
28:01:d2:5f:62:28:db:49:15:8d:be:ff:78:6c:be:
3f:16:08:bf:c1:73:28:b5:d1:7b:a0:d4:c3:b5:66:
e1:64:10:c5:34:fe:d0:22:2a:45:3f:ea:7d:5b:3d:
d6:82:c8:e4:b8:bf:a4:27:7f:32:e2:02:47:63:94:
ce:ce:8b:7e:70:dd:27:53:2e:10:59:27:b6:c4:a5:
36:a1:ad:e2:5a:a1:49:ff:e3:41:23:bb:73:08:c1:
0a:1e:64:cd:ff:66:81:e5:e6:f1:07:83:03:c0:5d:
4e:7f:0c:ad:4a:fd:fa:08:d3:10:c0:30:ad:9c:3e:
69:81:fe:6d:4b:60:52:e7:03:69:b4:35:15:5e:0f:
ff:d0:59:6e:18:8d:f8:f3:d8:55:6e:df:39:54:ba:
fc:02:15:7a:19:5f:51:81:d5:17:89:ac:b6:12:5f:
56:c4:0d:e7:91:f1:bd:1d:a3:05:8e:09:36:11:95:
c6:40:f4:d9:8f:17:f4:16:d8:18:b0:6b:a7:b0:54:
96:63:2c:e4:a0:8f:f8:6f:46:6a:c0:8f:77:14:05:
14:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:76:76:B7:3F:7E:89:E5:DF:97:D3:D7:A0:EA:03:A7:E4:64:E7:F1
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k3Z2tz9-ieXfl9PXoOoDp-Rk5_E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
77.75.60.0/24
89.43.208.0/24
185.121.230.0/23
185.229.104.0/24
185.230.248.0/24
194.4.157.0/24
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
90:14:1c:c6:80:1d:a8:61:a0:55:e4:e7:26:fc:b5:fb:25:3a:
6c:0b:37:76:02:16:46:63:dd:73:62:52:20:47:26:cb:08:1c:
8c:22:14:56:12:36:9b:6d:12:f3:84:17:6d:ba:10:02:a4:28:
52:92:18:a5:bd:16:56:5b:f5:5a:c9:68:ad:3f:fa:7d:e7:ba:
3b:22:55:89:a0:22:11:03:09:3a:f4:7d:0f:89:a7:dc:a7:9a:
e5:e3:09:c8:a5:ce:61:73:d7:5d:0f:c2:f2:86:23:0e:86:b8:
31:76:be:b4:76:a3:db:38:ae:ed:34:33:87:dc:8e:3e:8b:75:
0c:b1:16:fd:e2:29:ba:9b:fe:c8:95:cb:df:fb:ba:b6:47:76:
81:c1:45:8d:8d:84:e2:22:83:9c:b2:11:2d:80:5a:4b:ec:b3:
69:ec:5b:0c:a3:f6:e2:25:d3:e6:6e:46:4c:d8:8a:88:18:c4:
68:11:89:db:fb:db:51:a8:16:27:66:29:57:05:13:de:60:c9:
ff:c5:e5:9c:59:f8:6c:70:26:4b:ab:22:b2:f7:3a:5b:88:52:
5b:c0:f0:22:79:7a:72:ef:9f:0b:36:d5:59:93:64:a4:54:0c:
dc:9c:9b:37:b0:0c:0b:11:0e:a3:d3:64:68:5a:8f:0a:2d:e6:
92:0a:64:64
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYcoUel7e9ibEoMYP0YPTT/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzI4MTMwNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzc2NzZiNzNmN2U4OWU1ZGY5N2QzZDdhMGVhMDNhN2U0NjRlN2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTMPJbLxSnuUyezCkrbSPvmE8OZT
dolKtqp2e14s+q6BwWkjLKtHBLne9+0oAdJfYijbSRWNvv94bL4/Fgi/wXMotdF7
oNTDtWbhZBDFNP7QIipFP+p9Wz3WgsjkuL+kJ38y4gJHY5TOzot+cN0nUy4QWSe2
xKU2oa3iWqFJ/+NBI7tzCMEKHmTN/2aB5ebxB4MDwF1OfwytSv36CNMQwDCtnD5p
gf5tS2BS5wNptDUVXg//0FluGI3489hVbt85VLr8AhV6GV9RgdUXiay2El9WxA3n
kfG9HaMFjgk2EZXGQPTZjxf0FtgYsGunsFSWYyzkoI/4b0ZqwI93FAUU3wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJN2drc/fonl35fT16DqA6fkZOfxMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvazNaMnR6OS1pZVhmbDlQWG9Pb0RwLVJrNV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALZ+YAwQA
TUs8AwQAWSvQAwQBuXnmAwQAueVoAwQAueb4AwQAwgSdAwQAwgSfAwQAywAIAwQA
1SD5MA0GCSqGSIb3DQEBCwUAA4IBAQCQFBzGgB2oYaBV5Ocm/LX7JTpsCzd2AhZG
Y91zYlIgRybLCByMIhRWEjabbRLzhBdtuhACpChSkhilvRZWW/VayWitP/p957o7
IlWJoCIRAwk69H0Piafcp5rl4wnIpc5hc9ddD8LyhiMOhrgxdr60dqPbOK7tNDOH
3I4+i3UMsRb94im6m/7Ilcvf+7q2R3aBwUWNjYTiIoOcshEtgFpL7LNp7FsMo/bi
JdPmbkZM2IqIGMRoEYnb+9tRqBYnZilXBRPeYMn/xeWcWfhscCZLqyKy9zpbiFJb
wPAieXpy758LNtVZk2SkVAzcnJs3sAwLEQ6j02RoWo8KLeaSCmRk
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org