Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/IwGMv9ZnSDMig_yRdk6wmYPGFKY.roa
File: IwGMv9ZnSDMig_yRdk6wmYPGFKY.roa (raw, json)
Hash identifier: dS3s1GWUYg995uRNvBIy7xr0bLWQpQ2uye0XskUX5Ko=
Subject key identifier: 23:01:8C:BF:D6:67:48:33:22:83:FC:91:76:4E:B0:99:83:C6:14:A6
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 018CC500407F07C299E94B9074EBAC482279
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/IwGMv9ZnSDMig_yRdk6wmYPGFKY.roa
Signing time: Mon 01 Jan 2024 12:29:37 +0000
ROA not before: Mon 01 Jan 2024 12:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207713
IP address blocks: 194.113.34.0/24 maxlen: 24
45.150.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:40:7f:07:c2:99:e9:4b:90:74:eb:ac:48:22:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Jan 1 12:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=23018cbfd66748332283fc91764eb09983c614a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:63:9f:7c:dd:e8:4e:71:6d:a1:f7:49:5b:25:
a7:71:bd:a5:4c:b6:8e:6f:31:f7:50:0d:84:ea:7b:
b6:0d:af:7e:d0:ef:55:bf:67:7d:3e:da:07:f9:c6:
c9:c7:47:d1:d2:85:f9:a4:e2:2e:7b:15:ee:b8:c4:
2c:af:ae:2f:d2:27:dd:97:38:7a:88:62:65:25:2e:
aa:61:59:42:08:b0:a9:c6:84:6a:ac:58:0c:0b:1f:
7f:36:13:21:d6:6f:d2:33:73:96:c3:0a:39:6b:f2:
98:71:64:18:cb:b0:06:20:14:2d:43:6f:0f:65:01:
b6:0b:64:20:a2:d1:a7:24:c1:18:8b:a6:e5:2b:8f:
60:b1:8b:da:32:08:10:c8:0c:37:a4:19:86:51:9d:
4d:e6:ae:8a:85:45:5d:28:13:b5:8a:74:a9:36:e8:
d4:ce:dc:26:13:19:e8:c9:76:0a:4d:2a:87:6c:9a:
09:9e:5c:ec:ae:0e:79:e7:cc:4d:79:e6:78:79:db:
d0:73:86:82:4d:7f:59:70:75:b5:78:b5:86:e3:49:
89:88:67:b0:33:84:07:62:ab:02:4f:ed:3f:f4:97:
95:35:13:55:e3:11:ed:de:cd:b2:cc:b7:7c:75:73:
bd:78:13:c2:37:5f:74:bd:5e:bc:33:0b:94:f4:38:
7a:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:01:8C:BF:D6:67:48:33:22:83:FC:91:76:4E:B0:99:83:C6:14:A6
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/IwGMv9ZnSDMig_yRdk6wmYPGFKY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.109.0/24
194.113.34.0/24
Signature Algorithm: sha256WithRSAEncryption
71:1a:b3:1e:fe:5d:9e:49:97:64:53:93:8f:f1:30:24:a8:27:
ae:be:70:a9:fa:00:33:cd:7e:b9:1c:16:36:57:19:f0:2d:78:
d3:97:92:6a:7f:29:99:ed:10:0e:db:fc:96:8f:65:3f:e1:53:
ab:6c:0f:32:6a:04:5c:c1:86:79:b5:9f:58:10:10:5c:36:e4:
01:ea:d1:12:11:f1:a5:13:86:b6:5e:20:e1:4a:ae:42:74:b7:
62:c6:8e:19:41:2f:5b:f2:59:57:01:72:6a:27:40:b3:ac:4d:
e2:55:cd:cb:ea:4f:38:97:e4:c3:57:60:da:df:04:ce:6c:34:
6c:e0:18:3d:9c:9f:12:f4:ef:39:0c:4a:47:38:39:09:46:46:
72:f3:f2:85:84:fe:e8:5e:a7:22:fc:46:a0:86:50:0d:69:1a:
a8:56:63:fe:a1:a3:3c:c6:fa:d9:a2:dd:19:73:e9:56:15:c0:
be:0f:3e:9e:dc:d6:3c:50:b9:cf:ae:3a:0f:83:fe:65:a8:ad:
78:a3:72:76:55:2c:4c:a5:72:dc:13:dd:e1:fd:5d:94:84:62:
d2:d5:95:c0:ff:20:79:81:18:99:fe:38:0c:f8:72:3e:b5:d0:
84:39:d9:a5:7b:12:90:f6:23:2c:4f:3c:61:be:f1:50:75:51:
b4:3f:51:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAEB/B8KZ6UuQdOusSCJ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMTAxMTIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzAxOGNiZmQ2Njc0ODMzMjI4M2ZjOTE3NjRlYjA5OTgzYzYxNGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GOffN3oTnFtofdJWyWncb2lTLaO
bzH3UA2E6nu2Da9+0O9Vv2d9PtoH+cbJx0fR0oX5pOIuexXuuMQsr64v0ifdlzh6
iGJlJS6qYVlCCLCpxoRqrFgMCx9/NhMh1m/SM3OWwwo5a/KYcWQYy7AGIBQtQ28P
ZQG2C2QgotGnJMEYi6blK49gsYvaMggQyAw3pBmGUZ1N5q6KhUVdKBO1inSpNujU
ztwmExnoyXYKTSqHbJoJnlzsrg5558xNeeZ4edvQc4aCTX9ZcHW1eLWG40mJiGew
M4QHYqsCT+0/9JeVNRNV4xHt3s2yzLd8dXO9eBPCN190vV68MwuU9Dh6qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCMBjL/WZ0gzIoP8kXZOsJmDxhSmMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvSXdHTXY5Wm5TRE1pZ195UmRrNndtWVBHRktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZZtAwQA
wnEiMA0GCSqGSIb3DQEBCwUAA4IBAQBxGrMe/l2eSZdkU5OP8TAkqCeuvnCp+gAz
zX65HBY2VxnwLXjTl5JqfymZ7RAO2/yWj2U/4VOrbA8yagRcwYZ5tZ9YEBBcNuQB
6tESEfGlE4a2XiDhSq5CdLdixo4ZQS9b8llXAXJqJ0CzrE3iVc3L6k84l+TDV2Da
3wTObDRs4Bg9nJ8S9O85DEpHODkJRkZy8/KFhP7oXqci/EaghlANaRqoVmP+oaM8
xvrZot0Zc+lWFcC+Dz6e3NY8ULnPrjoPg/5lqK14o3J2VSxMpXLcE93h/V2UhGLS
1ZXA/yB5gRiZ/jgM+HI+tdCEOdmlexKQ9iMsTzxhvvFQdVG0P1G2
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:00 2024 by rpki-client on console-ams.rpki-client.org