Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xbFbRxK-q4gsF78bi9pY8WKLrtY.roa
File: xbFbRxK-q4gsF78bi9pY8WKLrtY.roa (raw, json)
Hash identifier: Lzd0RZJ9Ly4bmSTNx+jleeAZCqmuMkA89lssoSdcwds=
Subject key identifier: C5:B1:5B:47:12:BE:AB:88:2C:17:BF:1B:8B:DA:58:F1:62:8B:AE:D6
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186CAD21E628D25324512A48533EA1BD3D2
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xbFbRxK-q4gsF78bi9pY8WKLrtY.roa
Signing time: Fri 10 Mar 2023 09:20:13 +0000
ROA not before: Fri 10 Mar 2023 09:20:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 77.75.62.0/24 maxlen: 24
77.75.60.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.157.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ca:d2:1e:62:8d:25:32:45:12:a4:85:33:ea:1b:d3:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 10 09:20:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5b15b4712beab882c17bf1b8bda58f1628baed6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:4d:67:ad:5d:6d:88:d2:98:5e:b6:f6:6d:b7:
43:7d:35:4e:a4:d0:8f:97:a6:27:49:d2:2c:c5:73:
3c:35:78:4e:da:6c:74:54:b0:82:24:d6:2b:0d:5c:
b3:b7:b0:a2:4f:ab:b1:42:8a:b6:c3:79:86:81:85:
40:58:bc:da:cc:ae:95:8b:dc:10:95:bc:76:c5:05:
4d:ab:b2:6f:d2:b9:3e:64:6b:2f:af:b9:11:88:bf:
be:35:9a:f9:dd:00:36:b4:6a:ec:66:87:04:9e:bb:
b8:dd:54:7f:ba:77:44:11:eb:db:9c:09:fc:e5:8f:
ff:b1:36:a8:56:cf:47:b4:c6:a7:46:61:72:64:ed:
e0:83:57:e0:bb:3a:76:1e:e9:5d:fd:9b:7e:8e:ef:
09:6d:05:2b:3d:31:0f:98:cc:ea:1f:9f:d6:88:4b:
03:9f:b1:9b:22:6b:22:4a:86:c0:f3:23:87:fc:5e:
21:90:b2:af:ab:1e:4d:c6:89:ef:05:d5:a4:b0:90:
af:96:06:78:c2:20:f0:9e:d2:fe:32:7c:5d:f3:d1:
37:7c:24:31:b5:c4:69:13:70:d4:04:ed:5e:e1:83:
f8:65:8f:a8:25:49:a1:b9:96:b0:22:52:f6:92:a7:
12:a1:4d:a4:9b:c1:ed:b4:3f:34:54:2f:a3:0c:9f:
bd:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:B1:5B:47:12:BE:AB:88:2C:17:BF:1B:8B:DA:58:F1:62:8B:AE:D6
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/xbFbRxK-q4gsF78bi9pY8WKLrtY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
77.75.60.0/24
77.75.62.0/24
89.43.208.0/24
185.229.104.0/24
194.4.157.0/24
203.0.8.0/24
Signature Algorithm: sha256WithRSAEncryption
65:8f:08:8f:cf:95:78:2a:ea:72:75:c1:12:63:bf:50:cb:11:
e1:5b:c6:d8:e8:bc:ae:c6:bd:b0:90:4f:60:54:0d:c7:ce:be:
db:0c:4f:b9:60:ca:1c:11:5e:dc:04:cc:f9:33:ac:7b:5b:55:
0e:96:94:76:5a:cf:0e:1a:ba:06:75:49:a8:2d:c3:34:88:5c:
62:11:3d:b1:d7:36:d7:43:ce:cf:3f:ba:09:0b:4a:6d:00:5e:
55:b2:31:34:89:f6:3c:01:d0:7d:3d:1b:26:4d:b4:20:2f:6c:
1c:0d:a2:13:3d:d1:77:58:7c:d3:da:3c:8a:b6:52:38:bb:28:
85:a6:be:19:30:fb:94:cf:a0:99:d8:2d:03:66:2c:05:a2:be:
95:2a:08:0b:ec:eb:db:bc:98:cd:2e:10:ee:d9:86:bc:97:f0:
9b:88:ff:c0:e3:9c:a0:0e:62:1d:9f:9e:d6:65:d0:33:4b:2d:
eb:83:12:c6:06:b6:ea:3f:79:fe:bd:d6:f5:47:d3:9f:b5:32:
c7:fc:eb:e4:46:6a:92:ce:64:c3:b0:e8:aa:99:e2:68:e5:a2:
9e:af:fe:ce:7e:be:05:ac:ba:e3:3b:47:d3:b1:9e:0d:7c:f5:
96:7c:bd:47:87:48:7c:bc:6c:e8:09:dd:68:b8:67:aa:fc:2f:
cb:6a:de:e9
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYbK0h5ijSUyRRKkhTPqG9PSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzEwMDkyMDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIxNWI0NzEyYmVhYjg4MmMxN2JmMWI4YmRhNThmMTYyOGJhZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU1nrV1tiNKYXrb2bbdDfTVOpNCP
l6YnSdIsxXM8NXhO2mx0VLCCJNYrDVyzt7CiT6uxQoq2w3mGgYVAWLzazK6Vi9wQ
lbx2xQVNq7Jv0rk+ZGsvr7kRiL++NZr53QA2tGrsZocEnru43VR/undEEevbnAn8
5Y//sTaoVs9HtManRmFyZO3gg1fguzp2Huld/Zt+ju8JbQUrPTEPmMzqH5/WiEsD
n7GbImsiSobA8yOH/F4hkLKvqx5NxonvBdWksJCvlgZ4wiDwntL+Mnxd89E3fCQx
tcRpE3DUBO1e4YP4ZY+oJUmhuZawIlL2kqcSoU2km8HttD80VC+jDJ+9GwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMWxW0cSvquILBe/G4vaWPFii67WMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEveGJGYlJ4Sy1xNGdzRjc4Ymk5cFk4V0tMcnRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALZ+YAwQA
TUs8AwQATUs+AwQAWSvQAwQAueVoAwQAwgSdAwQAywAIMA0GCSqGSIb3DQEBCwUA
A4IBAQBljwiPz5V4KupydcESY79QyxHhW8bY6Lyuxr2wkE9gVA3Hzr7bDE+5YMoc
EV7cBMz5M6x7W1UOlpR2Ws8OGroGdUmoLcM0iFxiET2x1zbXQ87PP7oJC0ptAF5V
sjE0ifY8AdB9PRsmTbQgL2wcDaITPdF3WHzT2jyKtlI4uyiFpr4ZMPuUz6CZ2C0D
ZiwFor6VKggL7OvbvJjNLhDu2Ya8l/CbiP/A45ygDmIdn57WZdAzSy3rgxLGBrbq
P3n+vdb1R9OftTLH/OvkRmqSzmTDsOiqmeJo5aKer/7Ofr4FrLrjO0fTsZ4NfPWW
fL1Hh0h8vGzoCd1ouGeq/C/Lat7p
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org