Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sbB1g4RFOih8Wr8m8q0YmMNObz8.roa
File: sbB1g4RFOih8Wr8m8q0YmMNObz8.roa (raw, json)
Hash identifier: 5CG5nHlvCXazymyC6tbqRHfSuGSb4a7XLZtMtzDrVqU=
Subject key identifier: B1:B0:75:83:84:45:3A:28:7C:5A:BF:26:F2:AD:18:98:C3:4E:6F:3F
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186E16B8C5BBB09C09F71909F5C85B1DCAA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sbB1g4RFOih8Wr8m8q0YmMNObz8.roa
Signing time: Tue 14 Mar 2023 18:39:27 +0000
ROA not before: Tue 14 Mar 2023 18:39:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
94.176.110.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e1:6b:8c:5b:bb:09:c0:9f:71:90:9f:5c:85:b1:dc:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 14 18:39:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b1b0758384453a287c5abf26f2ad1898c34e6f3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:88:b2:d7:58:b4:6b:ab:3d:95:c8:0f:37:bc:
8a:31:a3:8b:27:85:b9:0e:ac:f4:d0:db:8b:de:51:
a4:4e:fe:a1:32:43:f2:8b:9d:d3:11:e7:40:34:88:
40:f6:32:5b:11:6d:46:9c:53:a2:8e:b9:73:d1:ae:
36:60:69:fa:05:07:a5:48:f3:e8:a0:b4:a7:12:7e:
79:e1:8f:d7:6b:68:02:36:5a:48:e8:02:92:4e:81:
ac:8b:29:38:88:aa:4e:44:8f:3c:9a:fe:45:30:f5:
5c:3f:f4:cf:15:ba:9c:0c:86:89:f0:18:b5:e8:33:
d6:74:fe:ce:81:d6:79:27:39:b1:a9:9f:7e:cf:2b:
60:63:2e:00:7a:ce:01:0d:95:6f:7c:9e:4e:b9:84:
a7:39:e4:ae:d0:20:93:fb:fa:9b:43:09:1f:98:80:
32:56:02:ab:8e:c8:ac:9a:93:e4:a6:b2:b6:a3:19:
87:21:9a:8c:cb:41:62:fc:bc:2a:be:be:4c:db:47:
6d:77:c9:54:a1:66:f2:7a:4b:df:61:39:23:0c:9e:
c4:91:e1:49:9e:7e:fc:9b:58:24:bc:f0:c6:40:35:
f0:91:85:62:8e:7a:c6:ca:0c:01:2a:d9:3f:71:b1:
cf:29:84:e3:3c:a0:02:5a:d6:a2:1d:d5:1e:20:73:
39:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:B0:75:83:84:45:3A:28:7C:5A:BF:26:F2:AD:18:98:C3:4E:6F:3F
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sbB1g4RFOih8Wr8m8q0YmMNObz8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.247.148.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
94.176.110.0/24
185.103.72.0/24
185.238.10.0/24
185.241.210.0/23
185.255.169.0-185.255.171.255
188.212.132.0/23
188.240.232.0/24
Signature Algorithm: sha256WithRSAEncryption
42:a4:39:9f:4e:b3:61:98:10:70:a3:33:3c:8c:dd:2a:2b:f1:
33:b1:9e:86:d9:8a:db:76:16:6f:2e:fd:5d:15:26:02:b0:58:
2b:8f:00:6c:8a:fd:fa:a5:82:6c:ff:0c:f0:06:81:2a:89:38:
63:ea:f5:f4:92:28:93:09:db:0d:97:2f:26:06:16:ea:c4:1f:
3d:30:62:38:b2:64:90:40:00:3f:b1:03:c1:1e:25:e2:4e:21:
9d:4b:7a:51:5e:ae:70:88:a9:67:16:9f:51:6d:79:f8:26:30:
d0:31:6b:c1:9f:d2:35:1e:bd:b8:0e:4d:6a:2c:a8:b3:c5:8b:
83:91:cc:b6:62:0a:65:da:5b:b3:29:c3:4b:b9:a4:0b:50:76:
d1:50:66:78:be:eb:3c:9b:fb:23:d5:d3:ad:79:ba:a8:c1:d8:
ea:26:e8:7e:8c:a4:f9:52:81:fc:8b:c7:ad:ba:a6:c1:72:1d:
ee:ee:fb:96:70:46:b1:13:0a:5c:b9:0b:5f:2e:52:a2:f2:96:
d9:d2:28:97:57:1f:05:8c:a9:f0:15:4a:4c:55:f3:c9:09:03:
1b:6f:22:a7:83:7c:7b:aa:5e:2e:1c:dc:1b:b0:34:6d:78:2d:
d1:e8:a2:63:aa:19:c3:85:34:6d:47:6e:0e:5b:20:a3:b2:aa:
ed:d8:51:a5
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYbha4xbuwnAn3GQn1yFsdyqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzE0MTgzOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWIwNzU4Mzg0NDUzYTI4N2M1YWJmMjZmMmFkMTg5OGMzNGU2ZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Yiy11i0a6s9lcgPN7yKMaOLJ4W5
Dqz00NuL3lGkTv6hMkPyi53TEedANIhA9jJbEW1GnFOijrlz0a42YGn6BQelSPPo
oLSnEn554Y/Xa2gCNlpI6AKSToGsiyk4iKpORI88mv5FMPVcP/TPFbqcDIaJ8Bi1
6DPWdP7OgdZ5JzmxqZ9+zytgYy4Aes4BDZVvfJ5OuYSnOeSu0CCT+/qbQwkfmIAy
VgKrjsismpPkprK2oxmHIZqMy0Fi/Lwqvr5M20dtd8lUoWbyekvfYTkjDJ7EkeFJ
nn78m1gkvPDGQDXwkYVijnrGygwBKtk/cbHPKYTjPKACWtaiHdUeIHM5KQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFLGwdYOERToofFq/JvKtGJjDTm8/MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvc2JCMWc0UkZPaWg4V3I4bThxMFltTU5PYno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAV/eUAwQA
WSU/AwQAW7zMAwQBXXP+AwQAXrBuAwQAuWdIAwQAue4KAwQBufHSMAwDBAC5/6kD
BAK5/6gDBAG81IQDBAC88OgwDQYJKoZIhvcNAQELBQADggEBAEKkOZ9Os2GYEHCj
MzyM3Sor8TOxnobZitt2Fm8u/V0VJgKwWCuPAGyK/fqlgmz/DPAGgSqJOGPq9fSS
KJMJ2w2XLyYGFurEHz0wYjiyZJBAAD+xA8EeJeJOIZ1LelFernCIqWcWn1Ftefgm
MNAxa8Gf0jUevbgOTWosqLPFi4ORzLZiCmXaW7Mpw0u5pAtQdtFQZni+6zyb+yPV
0615uqjB2Oom6H6MpPlSgfyLx626psFyHe7u+5ZwRrETCly5C18uUqLyltnSKJdX
HwWMqfAVSkxV88kJAxtvIqeDfHuqXi4c3BuwNG14LdHoomOqGcOFNG1Hbg5bIKOy
qu3YUaU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org