Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vcys56a5d1TiQqSuUc1EdVHrFsM.roa
File: vcys56a5d1TiQqSuUc1EdVHrFsM.roa (raw, json)
Hash identifier: dNb6cdyDqtahqxZJz48cM/ls4Y312EkA5a5FBUQWFY0=
Subject key identifier: BD:CC:AC:E7:A6:B9:77:54:E2:42:A4:AE:51:CD:44:75:51:EB:16:C3
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01892C4A73C7DB60BB67CF13915980B967CB
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vcys56a5d1TiQqSuUc1EdVHrFsM.roa
Signing time: Thu 06 Jul 2023 17:40:23 +0000
ROA not before: Thu 06 Jul 2023 17:40:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.255.39.0/24 maxlen: 24
188.214.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
188.241.214.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
193.23.129.0/24 maxlen: 24
193.23.128.0/24 maxlen: 24
213.232.93.0/24 maxlen: 24
213.232.92.0/24 maxlen: 24
45.156.159.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
89.33.84.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.255.170.0/24 maxlen: 24
89.35.154.0/24 maxlen: 24
89.35.155.0/24 maxlen: 24
188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.155.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
87.247.149.0/24 maxlen: 24
87.247.151.0/24 maxlen: 24
188.240.224.0/24 maxlen: 24
188.240.225.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
188.240.227.0/24 maxlen: 24
188.240.233.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
91.188.206.0/24 maxlen: 24
91.188.207.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
185.135.140.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
188.241.110.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:2c:4a:73:c7:db:60:bb:67:cf:13:91:59:80:b9:67:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jul 6 17:40:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bdccace7a6b97754e242a4ae51cd447551eb16c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:00:63:58:5f:7d:55:6a:dd:21:6e:e6:ed:c8:
45:cd:a1:1d:6a:f7:ed:fb:d7:68:0a:c2:d5:cd:e0:
e6:eb:70:da:77:b5:c7:fa:18:aa:b0:ac:97:39:ba:
db:73:de:92:03:f6:6e:4e:f6:3a:47:17:2d:b7:55:
af:6f:dd:46:7c:ee:ae:74:2d:ec:d3:9f:91:c1:d2:
2a:9d:2b:18:0c:4a:f9:3b:66:56:1e:9d:13:66:ae:
3d:dc:23:eb:7a:c1:e8:5a:fd:f8:b7:df:17:d1:79:
dc:0c:c9:b1:10:ac:50:f5:06:e4:68:5d:95:db:60:
29:c0:37:2d:7c:9a:8a:a9:c6:30:c3:c4:02:d5:69:
9e:7f:8d:e4:5f:17:29:cb:e7:1c:ba:dc:e3:b7:4e:
30:6e:c7:66:70:5a:0e:be:df:01:f9:e4:a9:2e:37:
64:39:8b:bf:89:19:0d:71:1b:b6:e2:1a:01:d4:1f:
c4:22:a1:3d:44:71:6f:09:50:fa:be:e3:10:db:a9:
c7:85:15:e7:68:aa:c0:55:d1:3d:60:3b:b9:70:19:
b8:47:d0:07:9c:86:b3:21:56:6c:14:93:b2:ba:24:
da:6a:51:52:8c:eb:12:f5:5e:51:9b:a1:3d:b4:65:
21:4d:67:67:6d:18:13:5a:41:ed:21:d9:da:e9:7e:
45:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:CC:AC:E7:A6:B9:77:54:E2:42:A4:AE:51:CD:44:75:51:EB:16:C3
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vcys56a5d1TiQqSuUc1EdVHrFsM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
45.156.159.0/24
87.247.148.0/22
89.33.84.0/23
89.35.154.0/23
89.37.63.0/24
91.188.204.0/24
91.188.206.0/23
93.115.254.0/23
185.103.72.0/24
185.135.140.0/24
185.135.143.0/24
185.238.10.0/24
185.241.210.0/23
185.255.39.0/24
185.255.169.0-185.255.171.255
188.212.132.0/23
188.212.155.0/24
188.212.158.0/24
188.213.203.0/24
188.214.209.0/24
188.240.224.0/23
188.240.227.0/24
188.240.230.0/24
188.240.232.0/23
188.241.110.0/24
188.241.214.0/24
193.23.128.0/23
213.232.92.0/23
Signature Algorithm: sha256WithRSAEncryption
2d:3e:20:5e:4b:6c:15:c6:92:66:1e:5c:a6:df:3f:c7:66:34:
36:ce:25:ea:f7:46:0c:08:e5:a9:74:a4:a4:2b:65:d5:a2:71:
91:f3:8e:52:84:e3:30:ff:59:4e:9c:6a:1e:fa:d1:0e:43:67:
d7:9b:86:50:86:ca:95:fc:4f:69:89:16:bb:93:24:33:20:1e:
66:46:41:f3:68:6f:33:f5:66:2b:88:c1:be:ee:5d:eb:2f:bd:
60:71:52:0b:6a:c7:ad:a7:f6:99:98:46:34:cd:20:b8:3d:32:
4f:b9:14:1b:0a:5f:f4:bf:d3:1d:b2:35:f5:5c:2e:7c:a0:51:
4d:0c:2f:4e:bb:eb:cf:64:1b:d7:3c:fe:9b:03:55:1f:8a:83:
5b:3a:09:33:1c:f1:03:b3:13:d7:44:95:93:90:ab:b1:fd:2e:
d2:70:4e:0d:a7:8b:d3:90:e2:c6:09:8c:23:81:2f:db:da:de:
f7:49:06:7a:7a:f7:29:13:3f:ca:27:bf:bf:d5:91:32:88:13:
80:e2:f4:dd:ec:43:67:8d:9e:22:a5:38:1c:40:7c:22:c3:40:
05:7a:43:14:c1:31:3d:63:19:b9:65:ff:8e:07:90:89:e5:0d:
81:0e:91:b2:39:0d:cd:2f:87:1d:ba:bf:62:9c:82:76:ce:15:
e9:66:b7:05
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAYksSnPH22C7Z88TkVmAuWfLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzA2MTc0MDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGNjYWNlN2E2Yjk3NzU0ZTI0MmE0YWU1MWNkNDQ3NTUxZWIxNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgBjWF99VWrdIW7m7chFzaEdavft
+9doCsLVzeDm63Dad7XH+hiqsKyXObrbc96SA/ZuTvY6Rxctt1Wvb91GfO6udC3s
05+RwdIqnSsYDEr5O2ZWHp0TZq493CPresHoWv34t98X0XncDMmxEKxQ9QbkaF2V
22ApwDctfJqKqcYww8QC1Wmef43kXxcpy+ccutzjt04wbsdmcFoOvt8B+eSpLjdk
OYu/iRkNcRu24hoB1B/EIqE9RHFvCVD6vuMQ26nHhRXnaKrAVdE9YDu5cBm4R9AH
nIazIVZsFJOyuiTaalFSjOsS9V5Rm6E9tGUhTWdnbRgTWkHtIdna6X5F7QIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFL3MrOemuXdU4kKkrlHNRHVR6xbDMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdmN5czU2YTVkMVRpUXFTdVVjMUVkVkhyRnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHTBggrBgEFBQcBBwEB/wSBwzCBwDCBvQQCAAEwgbYDBAAt
nJ0DBAAtnJ8DBAJX95QDBAFZIVQDBAFZI5oDBABZJT8DBABbvMwDBAFbvM4DBAFd
c/4DBAC5Z0gDBAC5h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQME
Arn/qAMEAbzUhAMEALzUmwMEALzUngMEALzVywMEALzW0QMEAbzw4AMEALzw4wME
ALzw5gMEAbzw6AMEALzxbgMEALzx1gMEAcEXgAMEAdXoXDANBgkqhkiG9w0BAQsF
AAOCAQEALT4gXktsFcaSZh5cpt8/x2Y0Ns4l6vdGDAjlqXSkpCtl1aJxkfOOUoTj
MP9ZTpxqHvrRDkNn15uGUIbKlfxPaYkWu5MkMyAeZkZB82hvM/VmK4jBvu5d6y+9
YHFSC2rHraf2mZhGNM0guD0yT7kUGwpf9L/THbI19VwufKBRTQwvTrvrz2Qb1zz+
mwNVH4qDWzoJMxzxA7MT10SVk5Crsf0u0nBODaeL05DixgmMI4Ev29re90kGenr3
KRM/yie/v9WRMogTgOL03exDZ42eIqU4HEB8IsNABXpDFMExPWMZuWX/jgeQieUN
gQ6RsjkNzS+HHbq/YpyCds4V6Wa3BQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org