Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/wA9UyUU8zy_uy-QbiJJb_KcwWic.roa
File: wA9UyUU8zy_uy-QbiJJb_KcwWic.roa (raw, json)
Hash identifier: iXKfR+k8MxJUgoLZRSTK3yjdoBixdPhqOgocYtA8iT4=
Subject key identifier: C0:0F:54:C9:45:3C:CF:2F:EE:CB:E4:1B:88:92:5B:FC:A7:30:5A:27
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01875601F99D653C6BB34031BD5A6ECB39CD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/wA9UyUU8zy_uy-QbiJJb_KcwWic.roa
Signing time: Thu 06 Apr 2023 09:59:42 +0000
ROA not before: Thu 06 Apr 2023 09:59:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 188.214.27.0/24 maxlen: 24
78.142.243.0/24 maxlen: 24
185.9.55.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
185.103.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:56:01:f9:9d:65:3c:6b:b3:40:31:bd:5a:6e:cb:39:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 6 09:59:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c00f54c9453ccf2feecbe41b88925bfca7305a27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:1d:67:bf:d3:7e:37:d4:6c:67:5c:31:5e:cf:
fa:70:fb:ae:3f:8f:46:3c:0a:a7:13:b1:89:73:a9:
5a:99:11:d2:e8:06:f9:7c:ee:ec:3e:5b:0b:68:e6:
72:1a:d6:af:d7:1a:b7:81:87:5a:2b:e6:8f:d1:42:
00:4f:a4:aa:e6:19:36:f7:d9:3d:94:b1:27:9a:9d:
54:ad:ce:69:17:3b:2d:fb:31:1e:74:96:e8:d6:85:
37:bb:ca:d3:f0:0b:62:b3:be:7c:04:f4:21:33:eb:
5c:28:6c:24:4b:58:eb:a2:ea:50:75:e4:3d:c1:ff:
ec:2c:40:06:d2:33:62:17:28:06:1c:af:ef:c3:de:
bc:7c:15:cd:35:e5:f1:e3:72:36:de:e2:f2:24:46:
ba:9a:4b:71:9e:b1:06:40:34:82:bb:a2:43:2f:ab:
a3:4e:30:75:dc:3e:fa:06:5c:9d:f8:b2:aa:ef:f0:
81:87:16:7d:f5:10:48:de:1c:1d:49:d1:4e:95:9c:
76:9c:d0:1c:4d:13:14:d6:7b:d6:4a:98:07:cd:8e:
fd:5e:08:e1:16:02:32:4f:47:8b:33:60:6d:41:d4:
6d:ea:31:19:e2:74:b9:53:f8:73:12:5c:61:e6:48:
58:2b:1d:a5:7f:d9:23:9d:58:87:6c:b8:28:de:f8:
69:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:0F:54:C9:45:3C:CF:2F:EE:CB:E4:1B:88:92:5B:FC:A7:30:5A:27
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/wA9UyUU8zy_uy-QbiJJb_KcwWic.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
78.142.243.0/24
185.9.55.0/24
185.103.75.0/24
188.214.27.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
63:4b:48:e0:04:81:4d:fe:56:f5:c6:d6:5d:6d:5d:16:b5:96:
11:68:ea:05:99:b2:e6:fb:d6:9f:7f:7d:d5:8b:73:ad:65:bd:
86:d0:40:b5:cb:0b:ff:6b:7a:7b:9f:d2:a2:56:8c:8b:b0:8a:
4c:a8:f0:7e:8f:9c:82:c3:cf:7a:36:dc:18:9b:38:57:e7:05:
84:9f:15:11:db:4d:77:9f:91:d3:02:5a:1c:91:1f:8f:f0:3e:
50:b7:f6:92:7f:9d:ec:80:11:27:89:d2:05:d2:c1:87:ba:c3:
83:1f:ec:fe:cd:6f:51:a8:3f:bd:67:7d:ed:12:b3:b0:4a:96:
a7:4c:a7:79:fe:85:f8:d3:88:c7:84:b7:12:ce:58:a7:c8:26:
fe:21:ee:35:27:67:24:25:64:31:ad:5d:a1:aa:93:24:26:aa:
2c:bf:53:1b:b2:bc:c6:79:d7:dd:9e:3e:7a:e4:78:72:66:85:
4f:09:b1:82:f0:64:8a:2e:60:b3:87:69:23:af:85:c0:d4:c3:
dd:10:4d:f8:ec:20:bc:88:cc:ca:32:1c:4c:8f:7d:4d:8c:77:
ef:7c:8e:d3:cf:6e:2a:7b:c9:31:53:f6:c9:73:31:19:fc:36:
e1:d1:94:f2:31:08:d4:39:a4:f7:cf:f1:6d:eb:18:93:54:5c:
e0:f3:90:43
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYdWAfmdZTxrs0AxvVpuyznNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA2MDk1OTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDBmNTRjOTQ1M2NjZjJmZWVjYmU0MWI4ODkyNWJmY2E3MzA1YTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvB1nv9N+N9RsZ1wxXs/6cPuuP49G
PAqnE7GJc6lamRHS6Ab5fO7sPlsLaOZyGtav1xq3gYdaK+aP0UIAT6Sq5hk299k9
lLEnmp1Urc5pFzst+zEedJbo1oU3u8rT8Atis758BPQhM+tcKGwkS1jroupQdeQ9
wf/sLEAG0jNiFygGHK/vw968fBXNNeXx43I23uLyJEa6mktxnrEGQDSCu6JDL6uj
TjB13D76Blyd+LKq7/CBhxZ99RBI3hwdSdFOlZx2nNAcTRMU1nvWSpgHzY79Xgjh
FgIyT0eLM2BtQdRt6jEZ4nS5U/hzElxh5khYKx2lf9kjnViHbLgo3vhphQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMAPVMlFPM8v7svkG4iSW/ynMFonMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvd0E5VXlVVTh6eV91eS1RYmlKSmJfS2N3V2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALZ+YAwQA
To7zAwQAuQk3AwQAuWdLAwQAvNYbAwQAwgSdAwQAywAIMA0GCSqGSIb3DQEBCwUA
A4IBAQBjS0jgBIFN/lb1xtZdbV0WtZYRaOoFmbLm+9aff33Vi3OtZb2G0EC1ywv/
a3p7n9KiVoyLsIpMqPB+j5yCw896NtwYmzhX5wWEnxUR2013n5HTAlockR+P8D5Q
t/aSf53sgBEnidIF0sGHusODH+z+zW9RqD+9Z33tErOwSpanTKd5/oX404jHhLcS
zlinyCb+Ie41J2ckJWQxrV2hqpMkJqosv1MbsrzGedfdnj565HhyZoVPCbGC8GSK
LmCzh2kjr4XA1MPdEE347CC8iMzKMhxMj31NjHfvfI7Tz24qe8kxU/bJczEZ/Dbh
0ZTyMQjUOaT3z/Ft6xiTVFzg85BD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:49 2024 by rpki-client on console-fra.rpki-client.org