Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/uK90s6XnmJx3W57-kUU4APi-xCE.roa
File: uK90s6XnmJx3W57-kUU4APi-xCE.roa (raw, json)
Hash identifier: wqI8Kh8u/812PbQ9hTx7Zz/JaiapNTmP3dI/V18Uqe4=
Subject key identifier: B8:AF:74:B3:A5:E7:98:9C:77:5B:9E:FE:91:45:38:00:F8:BE:C4:21
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018929961BDF761E32077153E41642BAB166
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/uK90s6XnmJx3W57-kUU4APi-xCE.roa
Signing time: Thu 06 Jul 2023 05:04:10 +0000
ROA not before: Thu 06 Jul 2023 05:04:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.255.39.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
188.241.214.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
193.23.129.0/24 maxlen: 24
193.23.128.0/24 maxlen: 24
213.232.93.0/24 maxlen: 24
213.232.92.0/24 maxlen: 24
45.156.159.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.255.170.0/24 maxlen: 24
89.35.154.0/24 maxlen: 24
89.35.155.0/24 maxlen: 24
188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.155.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
87.247.149.0/24 maxlen: 24
87.247.151.0/24 maxlen: 24
188.240.224.0/24 maxlen: 24
188.240.225.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
188.240.227.0/24 maxlen: 24
188.240.233.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
91.188.206.0/24 maxlen: 24
91.188.207.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
185.135.140.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
188.241.110.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:29:96:1b:df:76:1e:32:07:71:53:e4:16:42:ba:b1:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jul 6 05:04:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b8af74b3a5e7989c775b9efe91453800f8bec421
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:7e:bb:3a:d1:07:c0:b6:fa:64:27:47:60:9d:
45:52:75:41:8d:0a:70:ad:2e:57:ec:af:c1:b8:b9:
e2:7d:6f:60:22:c8:e0:97:34:7d:df:f9:e6:e3:c2:
15:94:ba:b3:63:bd:12:86:e5:47:2b:16:2c:17:95:
ea:f3:e5:e9:45:34:b2:76:5b:fa:37:8c:b4:69:4f:
ed:52:19:fb:ea:93:5c:7a:77:b2:e4:ef:02:42:f0:
13:51:3d:dc:dc:f1:af:7a:53:27:74:bc:a7:cb:f9:
27:7c:ea:19:c8:c3:5e:d2:24:28:77:89:07:b3:de:
0e:3f:39:56:e5:9c:69:54:e2:e0:6d:35:59:dd:63:
35:70:f0:4c:a4:59:15:66:6b:e0:85:79:2b:ef:a0:
ca:eb:68:aa:71:70:87:0c:fe:58:5f:92:49:ae:66:
63:9a:21:74:07:51:36:fd:39:eb:0f:a1:d5:1d:77:
d9:e0:67:20:85:ca:1a:77:6b:bd:d4:36:47:ce:23:
8d:7b:58:40:20:cc:5f:40:f4:76:84:7b:a9:c4:7c:
e0:8b:12:d0:99:3b:c5:e3:4a:5f:2b:92:be:cf:dc:
2d:9f:72:a2:e5:2e:6b:bc:99:ed:07:44:fb:6b:3f:
b5:c3:2e:8b:4c:52:b2:b7:3d:56:fc:48:03:da:31:
dc:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:AF:74:B3:A5:E7:98:9C:77:5B:9E:FE:91:45:38:00:F8:BE:C4:21
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/uK90s6XnmJx3W57-kUU4APi-xCE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
45.156.159.0/24
87.247.148.0/22
89.33.85.0/24
89.35.154.0/23
89.37.63.0/24
91.188.204.0/24
91.188.206.0/23
93.115.254.0/23
185.103.72.0/24
185.135.140.0/24
185.135.143.0/24
185.238.10.0/24
185.241.210.0/23
185.255.39.0/24
185.255.169.0-185.255.171.255
188.212.132.0/23
188.212.155.0/24
188.212.158.0/24
188.213.203.0/24
188.240.224.0/23
188.240.227.0/24
188.240.230.0/24
188.240.232.0/23
188.241.110.0/24
188.241.214.0/24
193.23.128.0/23
213.232.92.0/23
Signature Algorithm: sha256WithRSAEncryption
45:2f:ac:b6:6c:a8:f6:18:5d:f5:76:88:13:f7:17:ed:b9:79:
80:50:92:dd:fc:62:71:98:b7:9b:68:c6:d2:c1:86:8c:e6:a9:
f2:68:f9:91:8d:90:ab:29:e9:a1:50:fc:4b:33:39:e6:a5:67:
e3:6c:b4:75:59:bb:ff:71:4d:28:2e:25:c7:b2:d3:37:f3:4b:
9b:16:de:40:1d:83:a9:ef:59:a9:2b:f4:c4:51:77:70:09:d0:
b7:00:4b:56:6e:d9:49:2b:06:05:76:9e:6c:cd:74:29:6e:6b:
38:af:af:a8:5f:f0:4c:aa:47:86:bc:69:2e:e3:a5:a4:2c:a9:
c4:6e:14:16:47:d9:53:a2:b9:53:44:cd:0e:28:47:5c:ae:a6:
3f:85:88:29:45:1d:5d:c2:59:9c:14:aa:04:24:fd:01:30:6c:
b6:13:bf:7b:3b:30:a8:10:ec:04:7d:02:67:e0:22:a5:2d:10:
db:e5:a7:6d:d1:e1:f5:7c:83:b1:a9:fa:50:cb:6a:34:1f:f4:
c1:30:4d:13:06:54:2c:16:67:2e:58:eb:02:dd:cb:86:61:a8:
fc:f6:81:a9:72:79:f1:0d:07:91:94:39:d1:51:59:5f:42:2c:
ee:01:6a:32:38:a3:41:fb:23:80:d6:c5:dc:12:e3:f0:33:0e:
9b:49:21:7d
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYkplhvfdh4yB3FT5BZCurFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzA2MDUwNDEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGFmNzRiM2E1ZTc5ODljNzc1YjllZmU5MTQ1MzgwMGY4YmVjNDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk367OtEHwLb6ZCdHYJ1FUnVBjQpw
rS5X7K/BuLnifW9gIsjglzR93/nm48IVlLqzY70ShuVHKxYsF5Xq8+XpRTSydlv6
N4y0aU/tUhn76pNceney5O8CQvATUT3c3PGvelMndLyny/knfOoZyMNe0iQod4kH
s94OPzlW5ZxpVOLgbTVZ3WM1cPBMpFkVZmvghXkr76DK62iqcXCHDP5YX5JJrmZj
miF0B1E2/TnrD6HVHXfZ4Gcghcoad2u91DZHziONe1hAIMxfQPR2hHupxHzgixLQ
mTvF40pfK5K+z9wtn3Ki5S5rvJntB0T7az+1wy6LTFKytz1W/EgD2jHcEwIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFLivdLOl55icd1ue/pFFOAD4vsQhMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdUs5MHM2WG5tSngzVzU3LWtVVTRBUGkteENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujCBtwQCAAEwgbADBAAt
nJ0DBAAtnJ8DBAJX95QDBABZIVUDBAFZI5oDBABZJT8DBABbvMwDBAFbvM4DBAFd
c/4DBAC5Z0gDBAC5h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQME
Arn/qAMEAbzUhAMEALzUmwMEALzUngMEALzVywMEAbzw4AMEALzw4wMEALzw5gME
Abzw6AMEALzxbgMEALzx1gMEAcEXgAMEAdXoXDANBgkqhkiG9w0BAQsFAAOCAQEA
RS+stmyo9hhd9XaIE/cX7bl5gFCS3fxicZi3m2jG0sGGjOap8mj5kY2QqynpoVD8
SzM55qVn42y0dVm7/3FNKC4lx7LTN/NLmxbeQB2Dqe9ZqSv0xFF3cAnQtwBLVm7Z
SSsGBXaebM10KW5rOK+vqF/wTKpHhrxpLuOlpCypxG4UFkfZU6K5U0TNDihHXK6m
P4WIKUUdXcJZnBSqBCT9ATBsthO/ezswqBDsBH0CZ+AipS0Q2+WnbdHh9XyDsan6
UMtqNB/0wTBNEwZULBZnLljrAt3LhmGo/PaBqXJ58Q0HkZQ50VFZX0Is7gFqMjij
QfsjgNbF3BLj8DMOm0khfQ==
-----END CERTIFICATE-----
Generated at Wed Apr 16 15:38:50 2025 by rpki-client