Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Bh5GoXj-fheMVkwY4HGPcl8N8m0.roa
File: Bh5GoXj-fheMVkwY4HGPcl8N8m0.roa (raw, json)
Hash identifier: OpXnVx4RenqtO01xkkgzN+jUQeo59rk8NWXv0kwoBNc=
Subject key identifier: 06:1E:46:A1:78:FE:7E:17:8C:56:4C:18:E0:71:8F:72:5F:0D:F2:6D
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0186ACCC1474485E11B95469F9107B706645
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Bh5GoXj-fheMVkwY4HGPcl8N8m0.roa
Signing time: Sat 04 Mar 2023 13:25:01 +0000
ROA not before: Sat 04 Mar 2023 13:25:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209642
IP address blocks: 185.80.196.0/23 maxlen: 24
45.146.242.0/23 maxlen: 24
185.129.111.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ac:cc:14:74:48:5e:11:b9:54:69:f9:10:7b:70:66:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Mar 4 13:25:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=061e46a178fe7e178c564c18e0718f725f0df26d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:14:2f:18:87:1f:e8:f7:06:d7:10:aa:cd:ef:
ad:bf:bb:10:d3:9c:09:30:fc:c9:61:d2:39:a7:7d:
0d:49:d0:05:52:9f:58:d0:a4:09:7f:63:63:c4:9d:
7f:13:3d:c4:4e:f9:b1:64:f4:cb:57:99:79:33:04:
ae:50:34:7e:e8:62:27:c1:8e:1c:36:bd:d1:48:51:
e9:2a:af:79:5f:67:c2:60:07:2b:90:26:b9:b6:31:
b2:0e:ec:31:da:b2:ee:6a:12:29:c9:ea:45:3a:b4:
f7:02:08:7b:92:70:18:df:54:bc:42:63:28:79:f4:
a8:89:9a:3c:d8:97:5d:20:80:40:e4:de:ba:3c:fa:
91:6c:cd:8a:18:c4:4a:b6:95:ce:25:4f:93:94:e6:
4f:06:39:20:79:d1:26:39:6d:66:d8:b5:eb:43:6b:
4e:cb:3b:27:3b:fb:d0:51:22:76:4a:5a:e1:e4:f6:
52:56:93:fb:b8:db:f4:91:12:d6:2e:49:89:16:fa:
44:d4:47:b8:c6:80:f4:fc:45:64:71:79:1f:26:59:
68:dc:36:5c:33:7c:9b:91:cf:86:56:18:19:53:9f:
e7:5e:04:35:9b:b6:88:4f:f7:17:fd:d8:68:b6:ed:
c2:ee:c9:0f:b0:0c:ee:eb:bc:c0:b5:9e:62:a0:bb:
76:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:1E:46:A1:78:FE:7E:17:8C:56:4C:18:E0:71:8F:72:5F:0D:F2:6D
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Bh5GoXj-fheMVkwY4HGPcl8N8m0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.242.0/23
185.80.196.0/23
185.129.111.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:e3:ee:4f:e3:26:63:ae:26:cc:de:43:c6:f0:72:bb:e0:f8:
96:fa:d7:72:85:3b:12:56:77:dd:8e:5b:da:4c:74:07:46:2b:
39:94:18:fc:43:08:0c:83:24:c4:62:e5:6f:dc:15:63:df:f1:
33:a5:cc:3b:32:f6:37:c9:af:fc:4d:b3:2a:fc:90:ca:bf:98:
03:f9:66:b0:fa:9b:ac:ce:04:85:56:54:02:c8:e5:5f:aa:d9:
2f:38:cb:3a:93:78:77:e7:ba:d2:8f:37:dc:77:a4:47:73:95:
57:44:1f:43:3d:f7:89:68:f3:33:f9:79:d0:03:c2:0e:c6:ea:
6d:d5:6e:e4:18:dc:75:52:97:37:fe:56:37:08:cf:ef:cb:95:
6e:39:35:b0:36:c2:13:25:e7:e7:86:d9:ca:fd:6a:35:73:01:
3b:9e:d2:ef:7c:7f:f1:fa:d8:6d:bc:59:b1:14:b6:fc:ab:aa:
2e:b1:e4:5b:6e:a1:91:b7:c8:10:d4:3a:ce:22:4d:bb:82:69:
10:7f:18:88:9d:ab:7e:2d:94:ed:cb:2c:5e:00:21:f2:cc:f7:
50:b2:78:f4:58:8e:2a:d0:bb:d8:e6:96:bb:ab:75:a5:80:a4:
4b:18:a0:2e:f4:87:91:64:7c:ca:67:8b:59:77:bf:1c:33:a8:
47:56:75:26
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYaszBR0SF4RuVRp+RB7cGZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMzA0MTMyNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjFlNDZhMTc4ZmU3ZTE3OGM1NjRjMThlMDcxOGY3MjVmMGRmMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBQvGIcf6PcG1xCqze+tv7sQ05wJ
MPzJYdI5p30NSdAFUp9Y0KQJf2NjxJ1/Ez3ETvmxZPTLV5l5MwSuUDR+6GInwY4c
Nr3RSFHpKq95X2fCYAcrkCa5tjGyDuwx2rLuahIpyepFOrT3Agh7knAY31S8QmMo
efSoiZo82JddIIBA5N66PPqRbM2KGMRKtpXOJU+TlOZPBjkgedEmOW1m2LXrQ2tO
yzsnO/vQUSJ2Slrh5PZSVpP7uNv0kRLWLkmJFvpE1Ee4xoD0/EVkcXkfJllo3DZc
M3ybkc+GVhgZU5/nXgQ1m7aIT/cX/dhotu3C7skPsAzu67zAtZ5ioLt2IwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAYeRqF4/n4XjFZMGOBxj3JfDfJtMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQmg1R29Yai1maGVNVmt3WTRIR1BjbDhOOG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZLyAwQB
uVDEAwQAuYFvMA0GCSqGSIb3DQEBCwUAA4IBAQA74+5P4yZjribM3kPG8HK74PiW
+tdyhTsSVnfdjlvaTHQHRis5lBj8QwgMgyTEYuVv3BVj3/Ezpcw7MvY3ya/8TbMq
/JDKv5gD+Waw+puszgSFVlQCyOVfqtkvOMs6k3h357rSjzfcd6RHc5VXRB9DPfeJ
aPMz+XnQA8IOxupt1W7kGNx1Upc3/lY3CM/vy5VuOTWwNsITJefnhtnK/Wo1cwE7
ntLvfH/x+thtvFmxFLb8q6ouseRbbqGRt8gQ1DrOIk27gmkQfxiInat+LZTtyyxe
ACHyzPdQsnj0WI4q0LvY5pa7q3WlgKRLGKAu9IeRZHzKZ4tZd78cM6hHVnUm
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:34 2024 by rpki-client on console-fra.rpki-client.org