Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sbuC5QZvobS0Suf_Yinbyit0k88.roa
File: sbuC5QZvobS0Suf_Yinbyit0k88.roa (raw, json)
Hash identifier: C8IMQIDvrwTPaVPicBBTkJfW6jubXUt1ev9HbLOay4g=
Subject key identifier: B1:BB:82:E5:06:6F:A1:B4:B4:4A:E7:FF:62:29:DB:CA:2B:74:93:CF
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01874AAF9BF0B0A374B098603A130AA83698
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sbuC5QZvobS0Suf_Yinbyit0k88.roa
Signing time: Tue 04 Apr 2023 05:13:55 +0000
ROA not before: Tue 04 Apr 2023 05:13:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200482
IP address blocks: 178.239.200.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.128.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4a:af:9b:f0:b0:a3:74:b0:98:60:3a:13:0a:a8:36:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 4 05:13:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b1bb82e5066fa1b4b44ae7ff6229dbca2b7493cf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:f0:eb:4b:80:f6:97:0e:33:b3:6a:28:3a:b9:
fa:9f:a7:9f:67:2e:57:81:a1:43:75:92:a0:93:0a:
fe:2c:90:9d:d1:84:c5:6c:03:75:63:f4:2c:15:eb:
37:07:6f:a6:13:d8:cf:17:1c:57:04:ce:68:bc:7c:
67:21:d5:09:05:e6:c0:71:eb:7d:13:a6:15:6a:9b:
e4:66:46:98:e8:79:e9:2d:2a:24:2b:85:0b:a3:ab:
09:9e:28:57:11:bf:ad:7a:ec:97:4f:2a:2b:23:07:
ec:98:f2:4a:54:56:86:d6:ff:ad:8a:df:ff:f8:7b:
b2:09:48:3c:22:9b:c6:10:07:7f:76:ba:fb:7f:3b:
ae:01:52:5a:01:f2:81:e9:a4:c9:88:4f:95:14:75:
87:2a:e6:91:81:d6:e4:2c:e3:6b:b2:15:56:c0:75:
8e:03:47:23:49:b5:ae:74:b2:8b:ff:09:18:97:a6:
8b:9e:c4:88:e3:3f:bf:f7:d1:35:69:70:ba:f5:18:
ac:7d:3d:08:22:ac:e3:2d:a7:ed:b2:da:da:d2:6e:
33:16:81:cd:19:7d:91:a5:24:81:6f:4e:d5:e6:c4:
d6:09:59:4d:0e:e5:cf:07:8a:47:4f:5e:c5:f3:1b:
e5:1f:b6:06:44:da:9a:12:2d:5e:e9:1d:13:c7:b9:
44:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:BB:82:E5:06:6F:A1:B4:B4:4A:E7:FF:62:29:DB:CA:2B:74:93:CF
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sbuC5QZvobS0Suf_Yinbyit0k88.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.153.0/24
62.197.128.0/24
62.197.132.0/24
91.209.12.0/24
103.205.25.0/24
178.239.193.0-178.239.194.255
178.239.200.0/24
185.229.105.0/24
185.245.236.0/24
Signature Algorithm: sha256WithRSAEncryption
55:7f:f8:ae:25:6d:81:e5:fd:7b:d0:13:61:e9:6c:39:01:86:
ff:30:05:2b:64:3f:d4:1a:7a:a1:c1:d9:b2:05:20:58:cb:52:
45:14:2b:31:25:e0:e4:80:38:dd:33:ca:7f:ef:57:ee:68:d3:
60:14:e3:53:f0:e4:9e:f0:c9:df:7b:1c:cf:46:79:61:23:01:
11:9f:1c:c2:b5:6f:6e:a1:a5:7d:53:41:03:90:9d:4c:dd:fe:
e2:7a:c6:20:f8:83:8e:a3:dd:4b:5e:32:29:d9:a7:f2:ee:3b:
8d:dc:04:4c:c4:07:44:1c:7d:94:02:8d:e4:ba:ee:c5:dc:6b:
a8:c2:99:da:a2:d1:17:26:25:14:21:a8:64:53:f6:2a:5c:21:
3e:f4:96:3e:ab:4d:6f:94:9d:c7:64:c0:d0:0b:e5:ab:53:be:
14:15:a5:30:ea:83:05:2b:75:10:7e:0e:50:2d:0b:77:e9:95:
63:77:d3:a5:1a:63:35:10:5b:6a:da:cf:9f:29:fb:ec:bd:99:
90:63:01:62:72:ef:90:c1:8d:52:4a:84:04:36:49:ad:f2:20:
8e:f4:39:98:58:9f:3d:e4:1e:b2:f5:11:dc:2c:33:88:97:b5:
2d:86:14:b8:4b:ef:82:cb:82:1c:6a:a0:39:9c:d5:de:7e:9e:
f2:cc:ee:14
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYdKr5vwsKN0sJhgOhMKqDaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA0MDUxMzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWJiODJlNTA2NmZhMWI0YjQ0YWU3ZmY2MjI5ZGJjYTJiNzQ5M2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPDrS4D2lw4zs2ooOrn6n6efZy5X
gaFDdZKgkwr+LJCd0YTFbAN1Y/QsFes3B2+mE9jPFxxXBM5ovHxnIdUJBebAcet9
E6YVapvkZkaY6HnpLSokK4ULo6sJnihXEb+teuyXTyorIwfsmPJKVFaG1v+tit//
+HuyCUg8IpvGEAd/drr7fzuuAVJaAfKB6aTJiE+VFHWHKuaRgdbkLONrshVWwHWO
A0cjSbWudLKL/wkYl6aLnsSI4z+/99E1aXC69RisfT0IIqzjLaftstra0m4zFoHN
GX2RpSSBb07V5sTWCVlNDuXPB4pHT17F8xvlH7YGRNqaEi1e6R0Tx7lEGwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFLG7guUGb6G0tErn/2Ip28ordJPPMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvc2J1QzVRWnZvYlMwU3VmX1lpbmJ5aXQwazg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQALZ+ZAwQA
PsWAAwQAPsWEAwQAW9EMAwQAZ80ZMAwDBACy78EDBACy78IDBACy78gDBAC55WkD
BAC59ewwDQYJKoZIhvcNAQELBQADggEBAFV/+K4lbYHl/XvQE2HpbDkBhv8wBStk
P9QaeqHB2bIFIFjLUkUUKzEl4OSAON0zyn/vV+5o02AU41Pw5J7wyd97HM9GeWEj
ARGfHMK1b26hpX1TQQOQnUzd/uJ6xiD4g46j3UteMinZp/LuO43cBEzEB0QcfZQC
jeS67sXca6jCmdqi0RcmJRQhqGRT9ipcIT70lj6rTW+UncdkwNAL5atTvhQVpTDq
gwUrdRB+DlAtC3fplWN306UaYzUQW2raz58p++y9mZBjAWJy75DBjVJKhAQ2Sa3y
II70OZhYnz3kHrL1EdwsM4iXtS2GFLhL74LLghxqoDmc1d5+nvLM7hQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org