Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nXibYtmON9tIF2AwTIiM2-nqIuM.roa
File: nXibYtmON9tIF2AwTIiM2-nqIuM.roa (raw, json)
Hash identifier: kkgo3wvpWOOlhS9YWwEWBUKvLqxzf+mKAV4D4fm9XTE=
Subject key identifier: 9D:78:9B:62:D9:8E:37:DB:48:17:60:30:4C:88:8C:DB:E9:EA:22:E3
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186E3D009575BB3882F6519E2971986D065
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nXibYtmON9tIF2AwTIiM2-nqIuM.roa
Signing time: Wed 15 Mar 2023 05:48:27 +0000
ROA not before: Wed 15 Mar 2023 05:48:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 185.230.248.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e3:d0:09:57:5b:b3:88:2f:65:19:e2:97:19:86:d0:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 15 05:48:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9d789b62d98e37db481760304c888cdbe9ea22e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:4b:cf:51:c0:98:2c:e7:cc:de:9a:44:5d:3e:
2c:56:79:35:c0:1e:0f:db:b0:9c:28:39:14:3d:c2:
b3:ad:4b:bb:27:54:be:fc:6a:15:7e:40:58:5d:a8:
05:02:3e:6e:fd:f3:2d:42:37:83:5c:c5:6f:01:96:
12:e1:d0:08:24:d7:62:45:cd:62:ac:a4:45:6b:41:
42:29:3d:ea:01:f8:1e:ad:d0:40:c1:bc:52:f1:8e:
cb:00:63:de:f0:a3:25:38:d8:43:b4:93:e4:e0:9b:
cf:bb:63:a6:6b:c3:4b:7d:48:61:a4:bd:03:b5:57:
bd:9c:99:ef:1c:0f:f6:c6:fe:46:3f:89:f1:07:d8:
d1:4a:ef:cb:cb:30:5e:89:4a:ea:d3:ee:17:72:cb:
26:f6:e4:b8:15:2e:ee:0e:de:10:d3:58:f4:8c:db:
70:64:ff:7f:2e:f2:7d:ed:d0:ed:77:1f:f4:1d:05:
8f:47:ba:0c:7d:c1:92:d8:60:dd:82:92:fa:e2:fc:
38:14:5b:46:d1:f8:5b:8d:98:6a:87:f1:0b:6c:89:
32:0c:b3:48:53:f3:1b:40:60:16:4c:31:a0:24:33:
d7:09:4b:bd:7a:0f:eb:df:1e:3e:7b:94:32:3c:3d:
b7:f8:f5:f1:73:e3:46:4a:f7:27:f6:e1:ec:76:4d:
86:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:78:9B:62:D9:8E:37:DB:48:17:60:30:4C:88:8C:DB:E9:EA:22:E3
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nXibYtmON9tIF2AwTIiM2-nqIuM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
77.75.60.0/24
77.75.62.0/24
89.43.208.0/24
185.229.104.0/24
185.230.248.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
10:75:8e:51:42:92:a9:06:c2:8c:98:4e:64:9a:ac:8a:80:e5:
54:64:bb:2b:9b:c5:df:19:a4:cb:89:e7:7b:8b:c3:6d:7d:99:
60:05:29:c4:3b:cf:2e:a7:be:4c:44:0e:e4:80:30:fd:88:4d:
6f:22:95:4a:0d:a7:c5:b3:3a:dd:3f:fc:a5:e0:21:e5:59:52:
27:73:2e:7f:7c:f5:9a:f8:7f:b4:e6:ad:3b:b6:01:6b:89:67:
c5:10:e3:0a:5a:24:a9:67:20:fe:ea:6c:f3:8f:c0:77:b3:fa:
3f:ca:6a:e2:a8:f7:a8:4f:ed:43:b8:2a:bc:ca:80:2b:9c:ec:
d3:43:9e:e2:d9:ed:32:ac:60:65:4f:a3:ec:0e:20:e9:82:17:
23:8b:0f:96:db:37:fb:aa:5a:6b:2b:14:fd:e5:1f:8a:0c:e4:
d4:cb:7c:36:4b:72:70:2c:d3:72:47:a7:67:0c:7b:eb:09:ef:
bf:b3:86:a0:d5:a8:ef:bf:2c:b4:22:38:9e:70:90:9d:18:f5:
63:a6:ff:f5:70:77:07:30:ea:1b:21:a9:87:87:7b:aa:6b:3e:
22:22:7d:4b:7e:32:97:3b:23:80:15:4d:f9:a7:3a:99:2b:e1:
2a:a6:43:fd:8a:7f:3e:9b:b5:9f:61:ae:b3:c7:e3:34:26:2b:
50:4a:17:47
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYbj0AlXW7OIL2UZ4pcZhtBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzE1MDU0ODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDc4OWI2MmQ5OGUzN2RiNDgxNzYwMzA0Yzg4OGNkYmU5ZWEyMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEvPUcCYLOfM3ppEXT4sVnk1wB4P
27CcKDkUPcKzrUu7J1S+/GoVfkBYXagFAj5u/fMtQjeDXMVvAZYS4dAIJNdiRc1i
rKRFa0FCKT3qAfgerdBAwbxS8Y7LAGPe8KMlONhDtJPk4JvPu2Oma8NLfUhhpL0D
tVe9nJnvHA/2xv5GP4nxB9jRSu/LyzBeiUrq0+4Xcssm9uS4FS7uDt4Q01j0jNtw
ZP9/LvJ97dDtdx/0HQWPR7oMfcGS2GDdgpL64vw4FFtG0fhbjZhqh/ELbIkyDLNI
U/MbQGAWTDGgJDPXCUu9eg/r3x4+e5QyPD23+PXxc+NGSvcn9uHsdk2GKQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJ14m2LZjjfbSBdgMEyIjNvp6iLjMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvblhpYll0bU9OOXRJRjJBd1RJaU0yLW5xSXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALZ+YAwQA
TUs8AwQATUs+AwQAWSvQAwQAueVoAwQAueb4AwQAwgSdAwQAywAIMA0GCSqGSIb3
DQEBCwUAA4IBAQAQdY5RQpKpBsKMmE5kmqyKgOVUZLsrm8XfGaTLied7i8NtfZlg
BSnEO88up75MRA7kgDD9iE1vIpVKDafFszrdP/yl4CHlWVIncy5/fPWa+H+05q07
tgFriWfFEOMKWiSpZyD+6mzzj8B3s/o/ymriqPeoT+1DuCq8yoArnOzTQ57i2e0y
rGBlT6PsDiDpghcjiw+W2zf7qlprKxT95R+KDOTUy3w2S3JwLNNyR6dnDHvrCe+/
s4ag1ajvvyy0IjiecJCdGPVjpv/1cHcHMOobIamHh3uqaz4iIn1LfjKXOyOAFU35
pzqZK+EqpkP9in8+m7WfYa6zx+M0JitQShdH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org