Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/w3YJlHJ5m0SqJlUTcXsLs31d2Jg.roa
File: w3YJlHJ5m0SqJlUTcXsLs31d2Jg.roa (raw, json)
Hash identifier: yD1sODwLGpuzgXGTGzgpEPQrusSXdLf6wfI+Oj/54lc=
Subject key identifier: C3:76:09:94:72:79:9B:44:AA:26:55:13:71:7B:0B:B3:7D:5D:D8:98
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01887C5E90810BA19FE9B098E87BA68DF208
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/w3YJlHJ5m0SqJlUTcXsLs31d2Jg.roa
Signing time: Fri 02 Jun 2023 13:49:12 +0000
ROA not before: Fri 02 Jun 2023 13:49:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.212.132.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
188.240.230.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
185.241.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
91.188.204.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
45.156.157.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/24 maxlen: 24
185.103.72.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:7c:5e:90:81:0b:a1:9f:e9:b0:98:e8:7b:a6:8d:f2:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jun 2 13:49:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c376099472799b44aa265513717b0bb37d5dd898
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:ae:11:ca:dd:b1:9a:60:6c:98:43:aa:14:ba:
8d:08:89:b1:ec:e4:09:a9:c1:6a:8b:d6:f9:7a:6c:
49:da:77:88:2b:60:50:79:10:95:d6:17:a2:e3:73:
74:cf:4d:3f:4b:4c:1b:6e:32:c0:d2:f8:b5:f6:59:
d7:60:44:e1:c3:74:fe:be:ed:25:d7:5a:1b:f3:8e:
50:19:9b:8f:75:be:4c:9d:46:2e:b2:e3:45:17:70:
f6:5f:af:6c:38:35:5d:f1:f7:23:70:8b:f1:b8:96:
82:58:6a:18:a0:47:40:b0:cc:06:8e:d2:38:cb:a7:
65:c9:86:4a:5b:1c:94:54:79:b7:21:cf:e4:76:44:
4c:00:06:8e:ae:e1:97:25:b9:3e:8d:3e:0d:a1:c7:
72:27:c3:59:10:3d:23:1a:31:36:d3:0a:52:dc:99:
53:89:9f:fd:c0:ca:4d:2a:e3:ae:ec:a9:e9:08:4b:
a1:1b:05:40:ff:db:ea:60:ab:41:0a:3b:9e:eb:03:
de:f5:33:5b:dc:37:8e:5f:36:d1:5b:b6:f7:ea:a5:
82:aa:63:cd:f9:f7:89:e7:ba:1c:86:9e:0a:e4:62:
8f:4a:d3:64:a3:c0:bd:15:7a:a3:72:b7:da:58:ce:
06:1a:b3:ae:73:4a:7e:76:cf:95:67:28:ff:95:3c:
a6:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:76:09:94:72:79:9B:44:AA:26:55:13:71:7B:0B:B3:7D:5D:D8:98
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/w3YJlHJ5m0SqJlUTcXsLs31d2Jg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
87.247.148.0/24
87.247.150.0/24
89.37.63.0/24
91.188.204.0/24
93.115.254.0/23
185.103.72.0/24
185.135.143.0/24
185.238.10.0/24
185.241.209.0-185.241.211.255
185.255.169.0-185.255.170.255
188.212.132.0/23
188.212.158.0/24
188.213.203.0/24
188.240.230.0/24
188.240.232.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:6d:2c:98:dc:97:dc:9b:23:f8:02:34:7b:60:c0:6f:d8:32:
b4:46:ba:7d:22:ce:78:3f:29:e9:0d:29:d8:c5:43:1f:f8:77:
cc:38:3f:40:e4:ef:fb:0d:98:e6:1f:a4:79:48:8c:30:19:f2:
9a:99:10:c4:8d:27:8b:91:80:46:97:89:cf:61:8b:4f:67:83:
8d:c0:52:8f:c4:87:12:ff:23:5d:75:c0:4f:c0:1e:91:60:6d:
52:dc:d2:60:9b:4b:40:1a:16:87:0a:b6:07:4a:c9:db:80:23:
12:ce:43:a9:e4:f2:63:f9:c9:33:d4:df:6e:fe:f1:f0:40:ea:
d9:e2:a7:82:79:a6:ee:6d:82:dd:a4:b1:38:e2:07:3f:26:79:
b5:b0:34:89:11:87:d7:aa:a0:1a:b9:23:fb:f4:bf:e1:81:4d:
ad:ad:5f:3f:17:f9:2d:8f:de:1c:bb:4f:17:01:bf:ec:ad:e1:
63:c9:f7:2f:8d:d2:fb:69:ab:79:a9:77:6b:96:a8:6a:fd:44:
79:f4:bf:a6:60:37:0b:8e:ab:ba:e2:d2:e5:84:9d:c2:b0:80:
a9:9b:93:0a:e2:1c:60:47:95:f5:53:27:3e:b2:89:98:da:f8:
08:38:63:e1:bf:3e:ee:2b:9a:f5:81:5f:4e:56:1e:df:14:5a:
98:6c:a1:1d
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAYh8XpCBC6Gf6bCY6HumjfIIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNjAyMTM0OTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzc2MDk5NDcyNzk5YjQ0YWEyNjU1MTM3MTdiMGJiMzdkNWRkODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2a4Ryt2xmmBsmEOqFLqNCImx7OQJ
qcFqi9b5emxJ2neIK2BQeRCV1hei43N0z00/S0wbbjLA0vi19lnXYEThw3T+vu0l
11ob845QGZuPdb5MnUYusuNFF3D2X69sODVd8fcjcIvxuJaCWGoYoEdAsMwGjtI4
y6dlyYZKWxyUVHm3Ic/kdkRMAAaOruGXJbk+jT4NocdyJ8NZED0jGjE20wpS3JlT
iZ/9wMpNKuOu7KnpCEuhGwVA/9vqYKtBCjue6wPe9TNb3DeOXzbRW7b36qWCqmPN
+feJ57ochp4K5GKPStNko8C9FXqjcrfaWM4GGrOuc0p+ds+VZyj/lTymOwIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFMN2CZRyeZtEqiZVE3F7C7N9XdiYMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdzNZSmxISjVtMFNxSmxVVGNYc0xzMzFkMkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwdgQCAAEwcAMEAC2cnQME
AFf3lAMEAFf3lgMEAFklPwMEAFu8zAMEAV1z/gMEALlnSAMEALmHjwMEALnuCjAM
AwQAufHRAwQCufHQMAwDBAC5/6kDBAC5/6oDBAG81IQDBAC81J4DBAC81csDBAC8
8OYDBAC88OgwDQYJKoZIhvcNAQELBQADggEBAI1tLJjcl9ybI/gCNHtgwG/YMrRG
un0izng/KekNKdjFQx/4d8w4P0Dk7/sNmOYfpHlIjDAZ8pqZEMSNJ4uRgEaXic9h
i09ng43AUo/EhxL/I111wE/AHpFgbVLc0mCbS0AaFocKtgdKyduAIxLOQ6nk8mP5
yTPU327+8fBA6tnip4J5pu5tgt2ksTjiBz8mebWwNIkRh9eqoBq5I/v0v+GBTa2t
Xz8X+S2P3hy7TxcBv+yt4WPJ9y+N0vtpq3mpd2uWqGr9RHn0v6ZgNwuOq7ri0uWE
ncKwgKmbkwriHGBHlfVTJz6yiZja+Ag4Y+G/Pu4rmvWBX05WHt8UWphsoR0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:49 2024 by rpki-client on console-fra.rpki-client.org