Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tGmS8gx4ZFs4gxYDcEkyMMJPdAc.roa
File: tGmS8gx4ZFs4gxYDcEkyMMJPdAc.roa (raw, json)
Hash identifier: LEO2LjA++QPC6W1ys0WtUuazmnlaor1VJMpRzfL8ktw=
Subject key identifier: B4:69:92:F2:0C:78:64:5B:38:83:16:03:70:49:32:30:C2:4F:74:07
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0189497503B51A817C58FE7F21B7A6B91F59
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tGmS8gx4ZFs4gxYDcEkyMMJPdAc.roa
Signing time: Wed 12 Jul 2023 09:35:52 +0000
ROA not before: Wed 12 Jul 2023 09:35:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.33.14.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
213.32.248.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
103.205.26.0/24 maxlen: 24
103.205.25.0/24 maxlen: 24
103.205.27.0/24 maxlen: 24
188.214.27.0/24 maxlen: 24
185.230.250.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.230.251.0/24 maxlen: 24
185.230.249.0/24 maxlen: 24
192.166.212.0/22 maxlen: 24
193.42.52.0/24 maxlen: 24
193.42.54.0/23 maxlen: 24
185.9.54.0/24 maxlen: 24
62.197.132.0/24 maxlen: 24
62.197.135.0/24 maxlen: 24
185.103.74.0/24 maxlen: 24
185.103.73.0/24 maxlen: 24
185.115.146.0/24 maxlen: 24
185.115.147.0/24 maxlen: 24
77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
77.75.63.0/24 maxlen: 24
194.4.158.0/24 maxlen: 24
194.4.156.0/23 maxlen: 24
194.4.159.0/24 maxlen: 24
185.115.144.0/24 maxlen: 24
185.115.144.0/23 maxlen: 24
185.115.145.0/24 maxlen: 24
78.142.242.0/24 maxlen: 24
78.142.242.0/23 maxlen: 24
45.159.152.0/24 maxlen: 24
45.159.154.0/24 maxlen: 24
45.159.153.0/24 maxlen: 24
89.38.101.0/24 maxlen: 24
89.40.160.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
185.229.105.0/24 maxlen: 24
185.229.106.0/24 maxlen: 24
185.229.107.0/24 maxlen: 24
89.43.211.0/24 maxlen: 24
89.43.210.0/23 maxlen: 24
185.245.238.0/24 maxlen: 24
185.245.236.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
185.245.239.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
89.43.210.0/24 maxlen: 24
185.245.237.0/24 maxlen: 24
89.47.89.0/24 maxlen: 24
185.121.229.0/24 maxlen: 24
178.239.201.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
178.239.203.0/24 maxlen: 24
185.121.228.0/24 maxlen: 24
178.239.200.0/24 maxlen: 24
185.121.230.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
185.236.62.0/24 maxlen: 24
185.236.63.0/24 maxlen: 24
223.27.112.0/24 maxlen: 24
178.239.192.0/23 maxlen: 24
178.239.192.0/24 maxlen: 24
178.239.193.0/24 maxlen: 24
178.239.194.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:49:75:03:b5:1a:81:7c:58:fe:7f:21:b7:a6:b9:1f:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jul 12 09:35:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b46992f20c78645b3883160370493230c24f7407
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:35:ea:db:27:e4:3c:57:c9:96:6b:db:83:fa:
34:23:18:9a:8b:ef:2d:d5:c1:7e:7e:41:fb:57:27:
ad:be:0f:ed:c8:be:43:35:70:6a:10:8a:fb:f1:81:
fc:c7:f8:7b:df:b3:ed:84:7e:17:fd:1d:56:13:fe:
33:a1:6d:31:34:5d:98:15:89:d4:8c:26:80:99:c8:
6d:ec:19:f9:8b:02:45:8a:ad:57:63:77:7a:ee:a0:
cb:72:92:63:88:51:eb:a0:8d:65:e7:f5:f7:f3:fc:
af:c4:d0:f7:e2:c3:fe:25:a3:76:59:db:b0:37:69:
b5:fe:b0:fa:30:51:91:59:cd:41:65:90:26:3a:40:
35:26:4a:78:c4:d1:75:3f:63:46:7f:6d:99:2c:2d:
bd:d8:39:51:2d:b2:4d:bf:93:73:fe:83:6e:bd:2e:
36:3f:e9:28:0b:6b:a3:fb:16:97:d8:e9:68:e6:bd:
fb:cf:6c:fd:45:eb:63:3c:07:71:3a:6f:72:42:e2:
b7:87:9a:bc:00:06:48:14:15:ad:f6:bc:74:60:0e:
e7:8a:16:a4:3e:75:18:ed:4c:af:e0:37:c1:9e:eb:
87:fa:d8:85:36:fc:bd:05:e6:5c:b3:23:ea:e4:67:
dd:b2:67:b4:f0:b0:9f:06:1f:ff:1e:8f:45:ce:7b:
84:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:69:92:F2:0C:78:64:5B:38:83:16:03:70:49:32:30:C2:4F:74:07
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tGmS8gx4ZFs4gxYDcEkyMMJPdAc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0-45.159.154.255
62.197.132.0/24
62.197.135.0/24
77.75.60.0/24
77.75.62.0/23
78.142.242.0/23
89.33.14.0/24
89.38.101.0/24
89.40.160.0/24
89.43.208.0/24
89.43.210.0/23
89.47.89.0/24
93.114.246.0/24
103.205.25.0-103.205.27.255
178.239.192.0-178.239.194.255
178.239.200.0/23
178.239.203.0/24
185.9.54.0/24
185.103.73.0-185.103.74.255
185.115.144.0/22
185.121.228.0/22
185.229.104.0/22
185.230.248.0/22
185.236.62.0/23
185.245.236.0/22
188.214.27.0/24
192.166.212.0/22
193.19.106.0/24
193.42.52.0/24
193.42.54.0/23
194.4.156.0/22
203.0.8.0/24
213.32.248.0/23
223.27.112.0/24
Signature Algorithm: sha256WithRSAEncryption
46:92:5a:ce:0a:22:4d:23:6d:0b:34:2e:18:53:32:3d:33:13:
fc:bb:d6:0e:0a:63:14:e2:90:2b:e8:6e:a6:f9:47:77:a6:21:
9d:81:be:20:45:ea:1d:27:d9:18:3c:39:ff:bb:3d:98:cf:c5:
be:88:ed:a2:93:56:08:0e:37:9d:22:d3:ea:98:eb:16:6f:15:
de:13:df:8e:0a:5c:ba:96:d4:90:c5:f2:b7:80:a1:a6:63:c9:
c8:41:81:21:ae:38:26:2f:e5:1b:97:a2:38:3c:bd:ad:dc:6c:
b3:de:2d:0d:be:f4:1b:fd:22:94:88:39:4c:3e:37:3a:6a:cb:
0c:24:44:c4:90:84:96:14:9d:16:91:dc:15:e9:a4:90:8e:e6:
46:69:b2:1c:2a:db:0a:62:dc:17:08:7e:64:6c:78:68:aa:e7:
62:85:f8:54:d1:a0:c3:3d:ee:ae:9d:20:6d:af:12:03:d2:cb:
02:62:6b:f3:2f:52:35:e8:71:e0:9d:66:5e:bb:bb:e3:93:3d:
8d:2d:ae:2e:71:c1:69:65:67:96:3d:93:ae:bc:94:a5:3c:78:
e8:01:66:85:17:a0:a3:d3:da:4a:11:64:15:9b:07:ef:9b:3e:
69:94:64:44:8d:01:bc:4a:96:7a:4f:77:06:25:a0:16:75:b8:
20:0b:21:f2
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgISAYlJdQO1GoF8WP5/IbemuR9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzEyMDkzNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDY5OTJmMjBjNzg2NDViMzg4MzE2MDM3MDQ5MzIzMGMyNGY3NDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzXq2yfkPFfJlmvbg/o0Ixiai+8t
1cF+fkH7Vyetvg/tyL5DNXBqEIr78YH8x/h737PthH4X/R1WE/4zoW0xNF2YFYnU
jCaAmcht7Bn5iwJFiq1XY3d67qDLcpJjiFHroI1l5/X38/yvxND34sP+JaN2Wduw
N2m1/rD6MFGRWc1BZZAmOkA1Jkp4xNF1P2NGf22ZLC292DlRLbJNv5Nz/oNuvS42
P+koC2uj+xaX2Olo5r37z2z9RetjPAdxOm9yQuK3h5q8AAZIFBWt9rx0YA7nihak
PnUY7Uyv4DfBnuuH+tiFNvy9BeZcsyPq5Gfdsme08LCfBh//Ho9FznuEwwIDAQAB
o4IC9TCCAvEwHQYDVR0OBBYEFLRpkvIMeGRbOIMWA3BJMjDCT3QHMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdEdtUzhneDRaRnM0Z3hZRGNFa3lNTUpQZEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCQYIKwYBBQUHAQcBAf8EgfkwgfYwgfMEAgABMIHsMAwD
BAMtn5gDBAAtn5oDBAA+xYQDBAA+xYcDBABNSzwDBAFNSz4DBAFOjvIDBABZIQ4D
BABZJmUDBABZKKADBABZK9ADBAFZK9IDBABZL1kDBABdcvYwDAMEAGfNGQMEAmfN
GDAMAwQGsu/AAwQAsu/CAwQBsu/IAwQAsu/LAwQAuQk2MAwDBAC5Z0kDBAC5Z0oD
BAK5c5ADBAK5eeQDBAK55WgDBAK55vgDBAG57D4DBAK59ewDBAC81hsDBALAptQD
BADBE2oDBADBKjQDBAHBKjYDBALCBJwDBADLAAgDBAHVIPgDBADfG3AwDQYJKoZI
hvcNAQELBQADggEBAEaSWs4KIk0jbQs0LhhTMj0zE/y71g4KYxTikCvobqb5R3em
IZ2BviBF6h0n2Rg8Of+7PZjPxb6I7aKTVggON50i0+qY6xZvFd4T344KXLqW1JDF
8reAoaZjychBgSGuOCYv5RuXojg8va3cbLPeLQ2+9Bv9IpSIOUw+NzpqywwkRMSQ
hJYUnRaR3BXppJCO5kZpshwq2wpi3BcIfmRseGiq52KF+FTRoMM97q6dIG2vEgPS
ywJia/MvUjXoceCdZl67u+OTPY0tri5xwWllZ5Y9k668lKU8eOgBZoUXoKPT2koR
ZBWbB++bPmmUZESNAbxKlnpPdwYloBZ1uCALIfI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org