Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9k9xUNNtMC3JVkobttI2qn8NAkU.roa
File: 9k9xUNNtMC3JVkobttI2qn8NAkU.roa (raw, json)
Hash identifier: SMjJ+pVvFynu+wasy0cVSOGndk1HGyhDW2c6nQRYnDk=
Subject key identifier: F6:4F:71:50:D3:6D:30:2D:C9:56:4A:1B:B6:D2:36:AA:7F:0D:02:45
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0186C91097F7119590CF57D81041E73A5BB3
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9k9xUNNtMC3JVkobttI2qn8NAkU.roa
Signing time: Fri 10 Mar 2023 01:09:13 +0000
ROA not before: Fri 10 Mar 2023 01:09:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209642
IP address blocks: 45.146.242.0/23 maxlen: 24
185.129.111.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:c9:10:97:f7:11:95:90:cf:57:d8:10:41:e7:3a:5b:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Mar 10 01:09:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f64f7150d36d302dc9564a1bb6d236aa7f0d0245
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:22:84:78:b9:11:77:16:84:41:8b:96:19:d5:
a5:93:c3:a8:71:7a:15:d5:14:f8:cb:62:e9:e5:76:
60:b8:03:9a:5d:98:0f:d2:97:85:4b:42:3e:79:b9:
3f:7c:c7:b3:73:f9:48:ca:3d:1a:9c:45:02:a6:a5:
be:32:2a:e3:38:51:21:ae:29:49:2e:03:cd:17:1f:
ff:1d:cc:d5:8f:5a:35:cc:1c:d5:39:d1:78:b8:90:
fd:41:83:75:72:93:8d:c7:cf:5c:72:38:c5:42:6b:
00:93:7a:0a:ca:f1:c4:d8:e9:8d:92:99:6e:55:02:
04:ac:65:d5:40:87:97:05:7b:60:13:5a:c6:10:27:
d4:68:7f:85:cb:a4:b6:f9:63:04:e9:8a:32:af:35:
52:8c:23:29:a6:f0:ca:ae:19:0e:06:0b:2e:63:10:
18:0f:01:d7:1f:b5:ae:f0:55:b2:36:3a:1b:3c:40:
48:bf:eb:1f:eb:3b:19:6e:ba:3f:e5:1d:be:17:9e:
58:c0:95:16:ed:ca:13:22:9e:33:07:2b:b4:b3:be:
b5:7a:e1:f5:3e:1e:62:8d:b9:19:a5:11:49:eb:89:
e9:00:3e:3c:ac:e5:f8:9a:71:f9:df:e8:6b:0d:20:
12:91:1c:92:fe:c4:0f:11:05:13:03:ab:7e:af:ef:
db:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:4F:71:50:D3:6D:30:2D:C9:56:4A:1B:B6:D2:36:AA:7F:0D:02:45
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9k9xUNNtMC3JVkobttI2qn8NAkU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.242.0/23
185.129.111.0/24
Signature Algorithm: sha256WithRSAEncryption
38:54:fc:13:f2:5a:09:d4:bf:5d:dc:dc:90:fb:c2:af:35:11:
87:a7:91:fa:a5:fb:d7:ff:17:98:8d:63:b1:0e:18:44:f4:c8:
1f:94:d3:f7:5a:56:5b:14:8d:64:de:18:d6:dc:40:a2:62:ba:
93:1c:8f:1c:85:82:3c:3f:0b:80:a5:ef:18:eb:2a:27:0c:d4:
1d:b4:9b:58:68:18:c7:5a:2d:d3:82:b4:d6:a1:f9:ca:7f:f8:
b4:3b:40:ad:32:65:47:dc:52:66:37:b6:f4:fd:f8:ee:17:6d:
2d:c0:95:50:12:1f:5e:a3:08:1b:2e:10:b2:db:e9:37:95:c5:
f9:7e:f4:c6:1c:2e:fa:7d:2a:e2:2b:a4:40:4e:63:ee:d8:76:
af:ee:eb:08:fb:96:f8:b1:bc:86:40:3a:c5:17:43:0e:39:7c:
59:3e:d6:b0:d3:5e:78:27:22:78:a6:69:d2:86:74:02:2e:31:
a5:e6:7b:a5:88:ae:57:6a:aa:d5:e9:89:32:6d:ad:c7:4d:ee:
b9:94:1c:f8:9e:71:38:4b:37:65:b7:1e:3c:5d:b2:98:cf:69:
41:b7:f7:69:75:61:1f:1d:d6:7f:3a:43:ea:e1:54:a6:8a:4d:
38:c2:91:6d:b6:c8:8a:b1:11:53:6c:cd:35:c0:d0:16:8b:e7:
59:c5:fe:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYbJEJf3EZWQz1fYEEHnOluzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMzEwMDEwOTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjRmNzE1MGQzNmQzMDJkYzk1NjRhMWJiNmQyMzZhYTdmMGQwMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCKEeLkRdxaEQYuWGdWlk8OocXoV
1RT4y2Lp5XZguAOaXZgP0peFS0I+ebk/fMezc/lIyj0anEUCpqW+MirjOFEhrilJ
LgPNFx//HczVj1o1zBzVOdF4uJD9QYN1cpONx89ccjjFQmsAk3oKyvHE2OmNkplu
VQIErGXVQIeXBXtgE1rGECfUaH+Fy6S2+WME6YoyrzVSjCMppvDKrhkOBgsuYxAY
DwHXH7Wu8FWyNjobPEBIv+sf6zsZbro/5R2+F55YwJUW7coTIp4zByu0s761euH1
Ph5ijbkZpRFJ64npAD48rOX4mnH53+hrDSASkRyS/sQPEQUTA6t+r+/bRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPZPcVDTbTAtyVZKG7bSNqp/DQJFMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvOWs5eFVOTnRNQzNKVmtvYnR0STJxbjhOQWtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZLyAwQA
uYFvMA0GCSqGSIb3DQEBCwUAA4IBAQA4VPwT8loJ1L9d3NyQ+8KvNRGHp5H6pfvX
/xeYjWOxDhhE9MgflNP3WlZbFI1k3hjW3ECiYrqTHI8chYI8PwuApe8Y6yonDNQd
tJtYaBjHWi3TgrTWofnKf/i0O0CtMmVH3FJmN7b0/fjuF20twJVQEh9eowgbLhCy
2+k3lcX5fvTGHC76fSriK6RATmPu2Hav7usI+5b4sbyGQDrFF0MOOXxZPtaw0154
JyJ4pmnShnQCLjGl5nuliK5XaqrV6Ykyba3HTe65lBz4nnE4Szdltx48XbKYz2lB
t/dpdWEfHdZ/OkPq4VSmik04wpFttsiKsRFTbM01wNAWi+dZxf6t
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org