Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pVTSa0_Qd3wWtxKTfNJGW9Y32mA.roa
File: pVTSa0_Qd3wWtxKTfNJGW9Y32mA.roa (raw, json)
Hash identifier: zhM6oJ4+kULafMlSwq8HgqWv/cDn/Q8Y91M91UQZP+A=
Subject key identifier: A5:54:D2:6B:4F:D0:77:7C:16:B7:12:93:7C:D2:46:5B:D6:37:DA:60
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186A6A6FF65E51D967224261666E751FAFA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pVTSa0_Qd3wWtxKTfNJGW9Y32mA.roa
Signing time: Fri 03 Mar 2023 08:46:47 +0000
ROA not before: Fri 03 Mar 2023 08:46:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 178.239.202.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
62.197.133.0/24 maxlen: 24
89.38.101.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a6:a6:ff:65:e5:1d:96:72:24:26:16:66:e7:51:fa:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 3 08:46:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a554d26b4fd0777c16b712937cd2465bd637da60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:13:ee:3f:d7:ba:03:f1:c5:09:1c:c9:05:71:
42:df:b4:8d:20:c2:48:52:6b:a9:48:38:ab:b2:ed:
75:b1:ee:4a:75:d5:bb:55:23:d8:82:27:18:d8:08:
10:b9:0c:2d:8d:f8:39:dc:c2:70:49:27:9d:74:a1:
cb:fa:62:d1:15:8c:8c:c1:58:36:0c:71:c4:e0:45:
ba:8e:fc:5c:ca:90:58:33:57:41:83:28:53:67:bf:
d5:52:86:34:31:b0:16:a2:1d:29:00:05:2f:e1:a9:
66:59:59:6a:97:b5:e5:cb:39:fb:98:04:ac:3a:10:
cf:f0:a5:ff:b7:da:32:5a:ca:bb:dc:2d:7f:bb:25:
fa:8a:91:80:03:f1:ed:4c:e5:af:57:44:83:5f:80:
2c:7d:81:95:a1:85:e6:9c:4f:ba:60:76:dd:58:f1:
f9:18:d0:42:bc:6c:99:ae:e7:ce:06:d7:6a:8f:9d:
1d:5b:8f:74:bd:3b:39:2b:5d:f1:12:b0:17:ef:1d:
a6:96:f8:91:0e:56:26:5b:4c:64:08:4f:e1:b5:e2:
37:ce:f5:d2:a4:fa:ac:a0:00:5f:81:72:6b:9b:04:
2b:06:53:f8:33:52:07:ab:83:17:ac:f1:0e:43:31:
e3:99:12:8f:51:5e:4d:2f:2f:b8:6c:32:88:2a:37:
fd:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:54:D2:6B:4F:D0:77:7C:16:B7:12:93:7C:D2:46:5B:D6:37:DA:60
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/pVTSa0_Qd3wWtxKTfNJGW9Y32mA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
62.197.133.0/24
77.75.60.0/24
77.75.62.0/24
89.38.101.0/24
89.43.208.0/24
178.239.202.0/24
185.229.104.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:67:3c:24:d6:23:be:d9:12:98:0a:73:42:17:c3:72:d7:31:
e3:8d:fb:bb:38:d7:bf:e0:ce:96:73:e6:75:b9:98:04:a7:92:
0b:a7:7b:e3:b6:ee:c3:8b:b6:9c:7f:0c:e9:d0:ba:c4:39:60:
7d:e2:99:dc:df:bf:e2:13:19:fc:96:64:db:0e:36:90:83:76:
63:d8:db:7b:02:e2:0e:d2:d9:5e:43:e0:b9:da:fe:b5:db:0e:
16:fe:0e:c2:09:7f:76:83:06:63:9c:1c:55:5b:07:5f:7a:6e:
cc:1b:cc:db:14:23:00:a9:37:97:3c:d3:45:2a:09:44:fc:67:
eb:7b:7d:31:5c:45:c2:e1:7b:b7:c0:ce:0c:2f:8c:45:73:8b:
2c:19:94:36:04:36:2c:a1:32:47:de:7b:50:96:4a:15:95:3a:
4a:7c:9c:95:b1:06:82:59:d4:63:84:6e:d8:52:4b:66:7b:97:
62:45:84:23:41:82:7c:bc:18:f0:cd:e8:94:fe:e4:a7:72:f8:
f0:81:73:32:ce:d6:98:87:75:78:e4:4e:f2:1e:ca:f1:5c:fb:
9d:39:9b:e5:75:b6:bd:ab:0d:97:45:80:3b:29:e1:4e:25:f5:
93:2c:42:68:51:fa:f3:98:5c:5a:e9:37:a8:61:e4:a7:a8:7a:
f0:d5:57:20
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYampv9l5R2WciQmFmbnUfr6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzAzMDg0NjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTU0ZDI2YjRmZDA3NzdjMTZiNzEyOTM3Y2QyNDY1YmQ2MzdkYTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshPuP9e6A/HFCRzJBXFC37SNIMJI
UmupSDirsu11se5KddW7VSPYgicY2AgQuQwtjfg53MJwSSeddKHL+mLRFYyMwVg2
DHHE4EW6jvxcypBYM1dBgyhTZ7/VUoY0MbAWoh0pAAUv4almWVlql7Xlyzn7mASs
OhDP8KX/t9oyWsq73C1/uyX6ipGAA/HtTOWvV0SDX4AsfYGVoYXmnE+6YHbdWPH5
GNBCvGyZrufOBtdqj50dW490vTs5K13xErAX7x2mlviRDlYmW0xkCE/hteI3zvXS
pPqsoABfgXJrmwQrBlP4M1IHq4MXrPEOQzHjmRKPUV5NLy+4bDKIKjf9DwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKVU0mtP0Hd8FrcSk3zSRlvWN9pgMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcFZUU2EwX1FkM3dXdHhLVGZOSkdXOVkzMm1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALZ+YAwQA
PsWFAwQATUs8AwQATUs+AwQAWSZlAwQAWSvQAwQAsu/KAwQAueVoAwQAwgSdAwQA
ywAIMA0GCSqGSIb3DQEBCwUAA4IBAQAMZzwk1iO+2RKYCnNCF8Ny1zHjjfu7ONe/
4M6Wc+Z1uZgEp5ILp3vjtu7Di7acfwzp0LrEOWB94pnc37/iExn8lmTbDjaQg3Zj
2Nt7AuIO0tleQ+C52v612w4W/g7CCX92gwZjnBxVWwdfem7MG8zbFCMAqTeXPNNF
KglE/Gfre30xXEXC4Xu3wM4ML4xFc4ssGZQ2BDYsoTJH3ntQlkoVlTpKfJyVsQaC
WdRjhG7YUktme5diRYQjQYJ8vBjwzeiU/uSncvjwgXMyztaYh3V45E7yHsrxXPud
OZvldba9qw2XRYA7KeFOJfWTLEJoUfrzmFxa6TeoYeSnqHrw1Vcg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org