Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sLgz1QvEY2F_Fv_5aMKXfYOolQY.roa
File: sLgz1QvEY2F_Fv_5aMKXfYOolQY.roa (raw, json)
Hash identifier: Lq4lk57l69ZDd+IzEr49S6d1xPnbyl4PjU+1fSSZuqI=
Subject key identifier: B0:B8:33:D5:0B:C4:63:61:7F:16:FF:F9:68:C2:97:7D:83:A8:95:06
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186C4EC6A844DC7CEC6766932807DD460B5
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sLgz1QvEY2F_Fv_5aMKXfYOolQY.roa
Signing time: Thu 09 Mar 2023 05:51:13 +0000
ROA not before: Thu 09 Mar 2023 05:51:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
89.38.101.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:c4:ec:6a:84:4d:c7:ce:c6:76:69:32:80:7d:d4:60:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 9 05:51:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b0b833d50bc463617f16fff968c2977d83a89506
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:c1:53:74:96:c4:e0:78:18:c5:d4:51:c7:1a:
e6:75:98:92:56:cb:3c:ed:65:d4:d4:be:81:f2:42:
53:05:43:36:fc:f4:ad:c8:0e:9f:5a:83:49:77:51:
39:bf:9a:ee:33:fa:c5:71:eb:14:55:f5:ea:4b:f7:
5a:eb:b3:c3:3d:1d:b7:80:fa:18:68:18:b3:e5:71:
ef:b1:59:29:fc:35:d1:0d:14:2a:b4:30:9c:15:79:
38:67:4e:ab:e1:ae:26:4c:e2:b0:1a:5a:e3:28:71:
ac:13:37:e4:e7:c4:89:d4:bf:bb:7d:d0:75:b5:98:
c2:43:6b:53:07:f8:57:3e:d1:8d:53:a0:38:6a:69:
7f:58:7c:56:04:a5:06:83:69:1b:b5:0d:b3:1b:7a:
1b:02:fd:1f:1c:6f:dd:41:f2:e3:19:91:4d:57:fb:
b1:39:11:48:d8:f2:22:fa:ec:d6:97:f6:07:2d:74:
d1:35:04:14:ac:a3:ed:52:19:12:5e:fa:9a:63:b2:
f6:24:f2:64:d5:c8:56:7e:f8:4a:4d:7f:3c:a5:0a:
68:7a:b1:2d:85:a7:8b:0d:95:b4:8a:3a:66:c2:dd:
a0:9f:27:ee:74:2e:f6:1a:a4:d5:6b:b1:d5:3a:88:
32:a5:0b:93:c0:f0:0e:ba:71:c0:b9:3e:04:81:a2:
3a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:B8:33:D5:0B:C4:63:61:7F:16:FF:F9:68:C2:97:7D:83:A8:95:06
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sLgz1QvEY2F_Fv_5aMKXfYOolQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
77.75.60.0/24
77.75.62.0/24
89.38.101.0/24
89.43.208.0/24
185.229.104.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
03:76:e7:df:9e:de:e4:a9:b0:31:06:49:ec:22:dd:5c:9d:a9:
1d:90:1a:f4:16:c0:be:e3:d0:38:ad:c8:f3:96:c7:2e:68:e9:
6d:39:a5:01:9d:f0:a1:0e:5c:fd:28:54:b5:3d:fc:88:38:53:
fe:9b:6e:21:19:79:f2:b3:8f:e7:d3:c4:51:15:b2:31:55:f0:
49:6c:4e:72:2f:e5:af:cf:cd:85:ae:52:13:9c:bd:c5:aa:c6:
bd:17:68:e4:4d:d1:07:1a:10:e1:2d:6e:fe:a0:19:b9:cf:0f:
95:20:9f:62:b7:59:39:7c:e0:b5:e8:b4:da:35:a9:e3:c2:70:
fb:c8:8b:77:0a:d8:a2:11:dc:a2:c5:90:53:77:cb:0d:a1:a9:
2d:8a:67:e7:0a:90:74:4f:b1:41:00:1f:1a:a7:b5:6d:77:b6:
8a:75:87:37:92:44:f5:a3:e5:51:a2:4f:1e:63:5a:17:f7:0b:
68:40:f1:dd:33:73:d0:dc:e8:76:3c:4f:35:ea:36:73:9b:af:
b4:71:0b:91:db:26:34:65:a9:44:74:0e:38:d1:c2:23:7f:0f:
2f:58:1f:36:d2:7d:1a:58:f1:61:f5:92:6b:b4:0c:bc:2c:c5:
56:ab:84:f4:42:17:bf:23:95:1f:27:62:67:88:f3:fd:86:6d:
f1:8f:a9:a5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYbE7GqETcfOxnZpMoB91GC1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA5MDU1MTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGI4MzNkNTBiYzQ2MzYxN2YxNmZmZjk2OGMyOTc3ZDgzYTg5NTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMFTdJbE4HgYxdRRxxrmdZiSVss8
7WXU1L6B8kJTBUM2/PStyA6fWoNJd1E5v5ruM/rFcesUVfXqS/da67PDPR23gPoY
aBiz5XHvsVkp/DXRDRQqtDCcFXk4Z06r4a4mTOKwGlrjKHGsEzfk58SJ1L+7fdB1
tZjCQ2tTB/hXPtGNU6A4aml/WHxWBKUGg2kbtQ2zG3obAv0fHG/dQfLjGZFNV/ux
ORFI2PIi+uzWl/YHLXTRNQQUrKPtUhkSXvqaY7L2JPJk1chWfvhKTX88pQpoerEt
haeLDZW0ijpmwt2gnyfudC72GqTVa7HVOogypQuTwPAOunHAuT4EgaI6tQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLC4M9ULxGNhfxb/+WjCl32DqJUGMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvc0xnejFRdkVZMkZfRnZfNWFNS1hmWU9vbFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALZ+YAwQA
TUs8AwQATUs+AwQAWSZlAwQAWSvQAwQAueVoAwQAwgSdAwQAywAIMA0GCSqGSIb3
DQEBCwUAA4IBAQADduffnt7kqbAxBknsIt1cnakdkBr0FsC+49A4rcjzlscuaOlt
OaUBnfChDlz9KFS1PfyIOFP+m24hGXnys4/n08RRFbIxVfBJbE5yL+Wvz82FrlIT
nL3Fqsa9F2jkTdEHGhDhLW7+oBm5zw+VIJ9it1k5fOC16LTaNanjwnD7yIt3Ctii
EdyixZBTd8sNoaktimfnCpB0T7FBAB8ap7Vtd7aKdYc3kkT1o+VRok8eY1oX9wto
QPHdM3PQ3Oh2PE816jZzm6+0cQuR2yY0ZalEdA440cIjfw8vWB820n0aWPFh9ZJr
tAy8LMVWq4T0Qhe/I5UfJ2JniPP9hm3xj6ml
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org