Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/nz7Y5Lfo1TAFx04td4GOtnkwggc.roa
File: nz7Y5Lfo1TAFx04td4GOtnkwggc.roa (raw, json)
Hash identifier: bEsHZIJm5yN2rYok5hcNxuZF/qIShhH9G1gXO6QYJJU=
Subject key identifier: 9F:3E:D8:E4:B7:E8:D5:30:05:C7:4E:2D:77:81:8E:B6:79:30:82:07
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 0184C788C9DFBB9E85472B82779EAC9874E6
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/nz7Y5Lfo1TAFx04td4GOtnkwggc.roa
Signing time: Wed 30 Nov 2022 07:55:41 +0000
ROA not before: Wed 30 Nov 2022 07:55:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207713
IP address blocks: 5.44.42.0/24 maxlen: 24
45.80.128.0/24 maxlen: 24
195.80.49.0/24 maxlen: 24
195.80.48.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:c7:88:c9:df:bb:9e:85:47:2b:82:77:9e:ac:98:74:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Nov 30 07:55:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9f3ed8e4b7e8d53005c74e2d77818eb679308207
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:48:94:b8:2e:17:25:08:e2:c6:a4:bd:c3:66:
c8:85:e4:9a:d7:a3:f3:16:a2:88:80:18:77:7b:5d:
fb:a1:19:cd:81:91:60:20:fe:83:fb:ba:d0:5c:b7:
54:fc:96:0d:3c:6f:c1:d2:bd:d0:a2:b7:b9:cc:14:
53:96:3a:2e:9d:d3:0d:90:5f:bf:0c:e8:2a:46:95:
cd:e6:a8:3a:e9:9a:6a:ea:43:2c:d2:96:27:6f:98:
9a:2c:17:e7:4d:42:85:6f:d9:de:5e:5e:0f:9a:c8:
5d:5d:1e:a6:6d:b0:20:42:a9:b7:41:20:80:5c:14:
bc:14:8c:1b:8c:ca:89:8f:76:b4:09:df:83:54:d1:
d8:94:6d:fc:59:34:92:37:e7:6b:39:88:23:e3:c5:
ad:6b:5a:f9:cd:93:41:eb:c1:43:3f:32:75:b8:f0:
49:79:1b:f6:36:32:db:c3:35:a3:cd:ec:15:fe:8e:
2b:51:b4:b4:99:d8:b8:b1:f8:33:bb:c2:86:4e:22:
d4:bf:94:a5:29:1e:49:3a:89:3a:f2:44:89:27:6e:
59:e2:d0:21:72:c4:7c:6b:36:fd:42:98:a5:05:05:
07:b2:47:2d:72:6e:f4:af:17:d3:b3:57:0a:ea:3a:
3c:7d:5c:2a:21:13:92:c0:63:c4:ca:a3:80:20:7e:
35:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:3E:D8:E4:B7:E8:D5:30:05:C7:4E:2D:77:81:8E:B6:79:30:82:07
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/nz7Y5Lfo1TAFx04td4GOtnkwggc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.42.0/24
45.80.128.0/24
195.80.48.0/23
Signature Algorithm: sha256WithRSAEncryption
62:bf:d0:e6:1e:38:0d:be:82:c3:e5:ea:b4:8f:56:a4:3c:d9:
e5:91:47:e1:b9:a3:84:a0:0b:22:fd:78:e6:f6:67:4b:a0:66:
c7:05:ed:f7:56:fe:37:50:3a:32:a2:ba:47:3b:1f:79:76:66:
e8:53:b6:1c:4c:2a:77:31:37:78:fc:80:86:43:f1:92:52:d6:
53:41:33:64:c2:e0:69:8a:85:15:72:21:b9:cc:82:b0:11:0c:
c4:96:35:c1:a8:17:4a:35:46:50:c2:5a:1d:e1:b1:aa:8e:00:
7d:c8:7b:b3:b9:d8:2b:cd:59:06:d4:be:8f:28:ad:a8:4b:90:
86:ff:a1:4c:f3:47:91:b1:65:93:e7:e0:cb:c2:fd:2d:93:1c:
88:e5:55:6e:f2:e9:fe:9c:88:32:02:33:8c:c6:9a:89:58:8f:
1b:c8:06:27:d1:f7:f0:96:d9:1f:96:3d:9b:e7:ed:81:cb:d8:
9d:2d:01:c9:96:74:95:e4:29:9c:b3:5c:d6:93:0b:3d:73:56:
2d:fa:a8:37:0d:74:79:70:61:70:86:bb:28:46:b1:d7:c2:9c:
50:96:a2:b4:46:c6:0d:04:a2:a2:f4:f2:9e:e1:74:50:81:ab:
93:c6:cb:6f:69:c1:e1:e9:ec:24:91:7e:43:ce:41:57:d8:13:
1f:93:3f:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYTHiMnfu56FRyuCd56smHTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMTMwMDc1NTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjNlZDhlNGI3ZThkNTMwMDVjNzRlMmQ3NzgxOGViNjc5MzA4MjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkiUuC4XJQjixqS9w2bIheSa16Pz
FqKIgBh3e137oRnNgZFgIP6D+7rQXLdU/JYNPG/B0r3Qore5zBRTljoundMNkF+/
DOgqRpXN5qg66Zpq6kMs0pYnb5iaLBfnTUKFb9neXl4PmshdXR6mbbAgQqm3QSCA
XBS8FIwbjMqJj3a0Cd+DVNHYlG38WTSSN+drOYgj48Wta1r5zZNB68FDPzJ1uPBJ
eRv2NjLbwzWjzewV/o4rUbS0mdi4sfgzu8KGTiLUv5SlKR5JOok68kSJJ25Z4tAh
csR8azb9QpilBQUHskctcm70rxfTs1cK6jo8fVwqIROSwGPEyqOAIH41/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ8+2OS36NUwBcdOLXeBjrZ5MIIHMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvbno3WTVMZm8xVEFGeDA0dGQ0R090bmt3Z2djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABSwqAwQA
LVCAAwQBw1AwMA0GCSqGSIb3DQEBCwUAA4IBAQBiv9DmHjgNvoLD5eq0j1akPNnl
kUfhuaOEoAsi/Xjm9mdLoGbHBe33Vv43UDoyorpHOx95dmboU7YcTCp3MTd4/ICG
Q/GSUtZTQTNkwuBpioUVciG5zIKwEQzEljXBqBdKNUZQwlod4bGqjgB9yHuzudgr
zVkG1L6PKK2oS5CG/6FM80eRsWWT5+DLwv0tkxyI5VVu8un+nIgyAjOMxpqJWI8b
yAYn0ffwltkflj2b5+2By9idLQHJlnSV5Cmcs1zWkws9c1Yt+qg3DXR5cGFwhrso
RrHXwpxQlqK0RsYNBKKi9PKe4XRQgauTxstvacHh6ewkkX5DzkFX2BMfkz8c
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:55 2023 by rpki-client on console-fra.rpki-client.org