Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/TPA6lL-UOKRiB1lnh1nVRCk4Ce0.roa
File: TPA6lL-UOKRiB1lnh1nVRCk4Ce0.roa (raw, json)
Hash identifier: c2b7J5h2HLWwJZgsAwoP+eZPHsdi6jIi8nxUKnhG05w=
Subject key identifier: 4C:F0:3A:94:BF:94:38:A4:62:07:59:67:87:59:D5:44:29:38:09:ED
Certificate issuer: /CN=47312b28074cb8dfad155178ca254bdb4f5e711a
Certificate serial: 0185DE841BB4D712BC26007DEAA3F313F3C0
Authority key identifier: 47:31:2B:28:07:4C:B8:DF:AD:15:51:78:CA:25:4B:DB:4F:5E:71:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RzErKAdMuN-tFVF4yiVL209ecRo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/TPA6lL-UOKRiB1lnh1nVRCk4Ce0.roa
Signing time: Mon 23 Jan 2023 12:04:37 +0000
ROA not before: Mon 23 Jan 2023 12:04:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212128
IP address blocks: 193.246.144.0/24 maxlen: 24
193.246.150.0/24 maxlen: 24
193.246.153.0/24 maxlen: 24
193.246.159.0/24 maxlen: 24
45.153.60.0/22 maxlen: 22
193.141.230.0/23 maxlen: 23
45.153.188.0/22 maxlen: 22
193.142.20.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:de:84:1b:b4:d7:12:bc:26:00:7d:ea:a3:f3:13:f3:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=47312b28074cb8dfad155178ca254bdb4f5e711a
Validity
Not Before: Jan 23 12:04:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4cf03a94bf9438a4620759678759d544293809ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:7c:78:bc:d3:9c:64:18:f3:9a:d3:57:3c:05:
7f:82:ed:b4:76:61:02:1e:8e:89:b2:13:4a:43:71:
dd:2d:04:7c:21:ae:c8:61:10:a5:29:db:69:5d:52:
52:04:bc:89:24:7f:a9:04:5e:91:fb:c3:07:d7:4f:
af:12:fd:23:f7:cd:63:63:1c:bd:22:77:db:ab:bd:
c8:ac:7b:81:fa:a5:84:9a:1a:37:94:fd:4f:f3:14:
e3:02:01:91:58:a9:d7:f6:f4:12:17:23:4f:5b:5a:
5d:eb:a1:b5:66:9f:83:4f:b2:6d:ce:d0:c1:72:70:
62:a7:23:b2:8e:e1:84:52:83:8b:a5:22:4a:4b:04:
46:ef:83:d6:c1:06:65:a8:55:32:1d:82:4a:07:74:
50:42:22:35:19:d1:a2:76:66:88:b2:27:16:f5:77:
f0:64:64:65:50:12:8e:66:66:d7:c7:cc:79:4d:0a:
7e:a1:eb:66:96:17:02:c5:22:04:17:8c:dd:ee:8c:
1c:77:f6:2e:d5:1a:d9:f4:a2:19:7d:28:2f:49:27:
d1:94:87:d8:de:59:fc:d2:76:05:11:0c:37:82:4f:
95:f5:73:33:ad:9a:02:a2:44:6e:d5:37:14:7a:56:
19:2e:25:6e:92:a9:c5:76:6a:32:b2:86:4e:72:b2:
a8:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:F0:3A:94:BF:94:38:A4:62:07:59:67:87:59:D5:44:29:38:09:ED
X509v3 Authority Key Identifier:
keyid:47:31:2B:28:07:4C:B8:DF:AD:15:51:78:CA:25:4B:DB:4F:5E:71:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzErKAdMuN-tFVF4yiVL209ecRo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/TPA6lL-UOKRiB1lnh1nVRCk4Ce0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/827dcd-5695-41e6-bbfb-88e15fb19f74/1/RzErKAdMuN-tFVF4yiVL209ecRo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.60.0/22
45.153.188.0/22
193.141.230.0/23
193.142.20.0/23
193.246.144.0/24
193.246.150.0/24
193.246.153.0/24
193.246.159.0/24
Signature Algorithm: sha256WithRSAEncryption
a7:64:78:c3:5d:1a:54:51:75:4c:e8:25:47:20:c6:d2:80:5e:
77:15:b4:2d:b9:47:50:bf:63:9e:51:5c:d6:23:c1:a9:83:b1:
0d:5c:e9:0b:4d:44:16:5b:52:ad:3c:e7:8d:ab:2f:99:cb:70:
c2:05:4b:34:50:22:e2:88:dc:13:80:6f:dd:37:e9:85:46:37:
94:fb:4d:33:02:a2:c6:f4:c8:2e:5f:94:c1:a5:7b:a0:ae:11:
99:37:b6:84:92:a0:d4:a0:cb:8e:82:7e:99:4f:ac:31:af:52:
b3:89:ca:a6:b7:fc:42:8e:1c:b4:c0:4f:1e:84:20:2b:65:f5:
89:0b:26:a4:46:dd:6b:71:08:cf:cc:8d:73:1b:99:c0:11:a3:
5d:41:e2:fe:eb:cb:0b:64:db:59:b5:2c:58:8b:c2:f4:4e:36:
59:86:ba:a1:50:91:95:3c:d6:de:61:7b:1c:d8:41:33:74:31:
be:3c:36:b2:3a:44:ff:3a:93:99:32:aa:3a:01:41:75:75:8d:
89:d5:03:00:50:e7:d9:74:0d:6d:c8:80:cc:84:10:42:9b:ca:
67:33:0b:d0:bf:4b:68:ce:44:26:8e:25:93:f7:a1:3b:e2:fa:
98:b7:fa:72:0a:cf:54:5c:a4:d7:ff:68:44:ff:83:3f:b9:47:
d0:99:59:06
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYXehBu01xK8JgB96qPzE/PAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzEyYjI4MDc0Y2I4ZGZhZDE1NTE3OGNhMjU0YmRiNGY1
ZTcxMWEwHhcNMjMwMTIzMTIwNDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2YwM2E5NGJmOTQzOGE0NjIwNzU5Njc4NzU5ZDU0NDI5MzgwOWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHx4vNOcZBjzmtNXPAV/gu20dmEC
Ho6JshNKQ3HdLQR8Ia7IYRClKdtpXVJSBLyJJH+pBF6R+8MH10+vEv0j981jYxy9
Infbq73IrHuB+qWEmho3lP1P8xTjAgGRWKnX9vQSFyNPW1pd66G1Zp+DT7JtztDB
cnBipyOyjuGEUoOLpSJKSwRG74PWwQZlqFUyHYJKB3RQQiI1GdGidmaIsicW9Xfw
ZGRlUBKOZmbXx8x5TQp+oetmlhcCxSIEF4zd7owcd/Yu1RrZ9KIZfSgvSSfRlIfY
3ln80nYFEQw3gk+V9XMzrZoCokRu1TcUelYZLiVukqnFdmoysoZOcrKoNQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEzwOpS/lDikYgdZZ4dZ1UQpOAntMB8GA1UdIwQY
MBaAFEcxKygHTLjfrRVReMolS9tPXnEaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpFcktBZE11Ti10RlZGNHlpVkwyMDllY1JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84MjdkY2QtNTY5NS00MWU2LWJiZmIt
ODhlMTVmYjE5Zjc0LzEvVFBBNmxMLVVPS1JpQjFsbmgxblZSQ2s0Q2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84MjdkY2QtNTY5NS00MWU2LWJiZmItODhlMTVmYjE5Zjc0
LzEvUnpFcktBZE11Ti10RlZGNHlpVkwyMDllY1JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLZk8AwQC
LZm8AwQBwY3mAwQBwY4UAwQAwfaQAwQAwfaWAwQAwfaZAwQAwfafMA0GCSqGSIb3
DQEBCwUAA4IBAQCnZHjDXRpUUXVM6CVHIMbSgF53FbQtuUdQv2OeUVzWI8Gpg7EN
XOkLTUQWW1KtPOeNqy+Zy3DCBUs0UCLiiNwTgG/dN+mFRjeU+00zAqLG9MguX5TB
pXugrhGZN7aEkqDUoMuOgn6ZT6wxr1Kzicqmt/xCjhy0wE8ehCArZfWJCyakRt1r
cQjPzI1zG5nAEaNdQeL+68sLZNtZtSxYi8L0TjZZhrqhUJGVPNbeYXsc2EEzdDG+
PDayOkT/OpOZMqo6AUF1dY2J1QMAUOfZdA1tyIDMhBBCm8pnMwvQv0tozkQmjiWT
96E74vqYt/pyCs9UXKTX/2hE/4M/uUfQmVkG
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:51 2024 by rpki-client on console-ams.rpki-client.org