Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/rj99mV0neMfMaTjnNBZNb0GHjWE.roa
File: rj99mV0neMfMaTjnNBZNb0GHjWE.roa (raw, json)
Hash identifier: fsb+YJ93dYJBJFbIjPtNoYMp855kwjEwTazl1MkSOjM=
Subject key identifier: AE:3F:7D:99:5D:27:78:C7:CC:69:38:E7:34:16:4D:6F:41:87:8D:61
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 01859637D44EA842EA7B432DB5DB49101CCE
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/rj99mV0neMfMaTjnNBZNb0GHjWE.roa
Signing time: Mon 09 Jan 2023 11:08:39 +0000
ROA not before: Mon 09 Jan 2023 11:08:39 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 26636
IP address blocks: 45.91.65.0/24 maxlen: 24
45.82.15.0/24 maxlen: 24
45.82.14.0/24 maxlen: 24
185.244.50.0/24 maxlen: 24
185.244.48.0/24 maxlen: 24
193.39.170.0/24 maxlen: 24
194.187.120.0/24 maxlen: 24
91.200.151.0/24 maxlen: 24
91.200.148.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:96:37:d4:4e:a8:42:ea:7b:43:2d:b5:db:49:10:1c:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Jan 9 11:08:39 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ae3f7d995d2778c7cc6938e734164d6f41878d61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:84:73:3e:a4:63:a9:2f:15:c1:f8:e6:15:3c:
31:a2:9a:2e:5e:fc:85:71:1c:33:cf:e0:8b:e2:ba:
af:8d:da:52:49:34:60:cf:90:f7:0d:62:47:1b:3d:
9d:af:8f:f0:4a:bc:ee:c5:2f:65:20:ae:af:30:90:
96:94:e0:7c:42:e4:99:12:87:32:18:cb:4c:db:8f:
05:61:ef:d4:2f:46:7b:fb:95:6c:f5:08:b9:58:0d:
82:b6:ad:a2:54:84:74:80:09:97:10:a4:72:31:73:
01:2d:eb:0c:56:92:03:9d:37:91:1e:dd:84:9c:85:
e0:11:f2:e2:ac:f6:95:59:58:9e:50:c1:f2:42:a7:
67:5d:02:ce:52:7d:b4:b3:09:7c:eb:46:49:74:39:
91:95:d3:b3:71:e6:1c:be:b6:21:ff:3e:37:cb:0b:
c7:e6:57:39:fe:cf:6e:99:7b:06:ec:e4:28:c8:ab:
bf:71:96:11:2f:b7:6c:5f:82:9f:87:06:f2:c5:f7:
fd:49:c1:2d:d6:97:1a:ab:47:a3:69:da:da:2d:cd:
f0:9e:0b:3b:ec:8e:84:83:e1:38:4b:43:a1:d6:ea:
e4:3a:54:91:7a:6b:64:e3:03:7f:c5:e3:0e:f5:44:
ff:4b:99:e4:0d:01:da:a8:7a:52:1c:ed:99:0a:d9:
d9:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:3F:7D:99:5D:27:78:C7:CC:69:38:E7:34:16:4D:6F:41:87:8D:61
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/rj99mV0neMfMaTjnNBZNb0GHjWE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.82.14.0/23
45.91.65.0/24
91.200.148.0/24
91.200.151.0/24
185.244.48.0/24
185.244.50.0/24
193.39.170.0/24
194.187.120.0/24
Signature Algorithm: sha256WithRSAEncryption
be:bd:16:20:ac:aa:0b:2d:fc:a1:cb:45:90:f0:7c:f4:a2:89:
df:eb:48:11:15:15:85:32:a2:9b:3e:3d:43:c7:26:29:ed:46:
79:f5:ca:ff:f5:ce:63:2c:39:45:42:fd:64:c9:62:56:63:59:
6e:43:ba:db:85:78:02:10:5b:50:20:1a:57:cb:8e:95:9d:2e:
43:c9:9e:e0:4f:90:85:4e:15:5b:1e:e4:28:c2:95:a4:10:0b:
07:28:b8:88:ba:18:1c:b4:7a:7e:35:e9:96:ff:6a:b5:8d:25:
20:a5:2c:35:3e:56:17:f8:74:28:91:f0:a3:f7:e5:b6:28:52:
f3:27:63:25:7f:f7:2d:98:63:4c:4a:50:d6:3c:4f:7d:af:99:
73:1b:5b:dc:c3:66:0b:47:d3:0c:a2:04:7e:f0:62:52:8a:9b:
27:9f:76:82:77:34:d2:43:c2:a8:85:29:9c:c0:2e:70:78:dc:
01:95:da:03:9c:aa:a2:9e:3a:aa:b7:26:31:d5:49:10:1c:f1:
17:18:c2:bf:ba:bf:88:20:a4:27:83:f7:f8:72:68:38:dd:76:
fe:73:41:3e:97:64:80:da:9b:5d:b6:2c:c5:90:37:6f:db:a4:
6d:e8:b5:a5:d9:aa:3a:58:e2:db:ed:11:5b:5d:1e:8f:11:82:
90:3f:e0:9a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYWWN9ROqELqe0MttdtJEBzOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjMwMTA5MTEwODM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTNmN2Q5OTVkMjc3OGM3Y2M2OTM4ZTczNDE2NGQ2ZjQxODc4ZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoRzPqRjqS8VwfjmFTwxopouXvyF
cRwzz+CL4rqvjdpSSTRgz5D3DWJHGz2dr4/wSrzuxS9lIK6vMJCWlOB8QuSZEocy
GMtM248FYe/UL0Z7+5Vs9Qi5WA2Ctq2iVIR0gAmXEKRyMXMBLesMVpIDnTeRHt2E
nIXgEfLirPaVWVieUMHyQqdnXQLOUn20swl860ZJdDmRldOzceYcvrYh/z43ywvH
5lc5/s9umXsG7OQoyKu/cZYRL7dsX4Kfhwbyxff9ScEt1pcaq0ejadraLc3wngs7
7I6Eg+E4S0Oh1urkOlSRemtk4wN/xeMO9UT/S5nkDQHaqHpSHO2ZCtnZCQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFK4/fZldJ3jHzGk45zQWTW9Bh41hMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvcmo5OW1WMG5lTWZNYVRqbk5CWk5iMEdIaldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBLVIOAwQA
LVtBAwQAW8iUAwQAW8iXAwQAufQwAwQAufQyAwQAwSeqAwQAwrt4MA0GCSqGSIb3
DQEBCwUAA4IBAQC+vRYgrKoLLfyhy0WQ8Hz0oonf60gRFRWFMqKbPj1DxyYp7UZ5
9cr/9c5jLDlFQv1kyWJWY1luQ7rbhXgCEFtQIBpXy46VnS5DyZ7gT5CFThVbHuQo
wpWkEAsHKLiIuhgctHp+NemW/2q1jSUgpSw1PlYX+HQokfCj9+W2KFLzJ2Mlf/ct
mGNMSlDWPE99r5lzG1vcw2YLR9MMogR+8GJSipsnn3aCdzTSQ8KohSmcwC5weNwB
ldoDnKqinjqqtyYx1UkQHPEXGMK/ur+IIKQng/f4cmg43Xb+c0E+l2SA2ptdtizF
kDdv26Rt6LWl2ao6WOLb7RFbXR6PEYKQP+Ca
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:19 2023 by rpki-client on console-ams.rpki-client.org