Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/PriOKAaAD6jX0AtGy4KmozFs4Kg.roa
File: PriOKAaAD6jX0AtGy4KmozFs4Kg.roa (raw, json)
Hash identifier: mxA6pyjocl8Vts52eU5KIjumORu7Tvjoam7yJDvlPnc=
Subject key identifier: 3E:B8:8E:28:06:80:0F:A8:D7:D0:0B:46:CB:82:A6:A3:31:6C:E0:A8
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 0192A50A1FD88BAE09D77C2D106E19581400
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/PriOKAaAD6jX0AtGy4KmozFs4Kg.roa
Signing time: Sat 19 Oct 2024 13:49:17 +0000
ROA not before: Sat 19 Oct 2024 13:49:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62005
IP address blocks: 45.66.248.0/24 maxlen: 24
45.66.249.0/24 maxlen: 24
45.143.166.0/23 maxlen: 24
45.150.108.0/24 maxlen: 24
45.150.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:a5:0a:1f:d8:8b:ae:09:d7:7c:2d:10:6e:19:58:14:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Oct 19 13:49:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3eb88e2806800fa8d7d00b46cb82a6a3316ce0a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:03:f5:0b:b6:39:44:a0:cd:a0:b6:00:00:7c:
54:f4:97:5a:ed:87:ed:85:05:a9:f9:9a:4c:bb:2b:
e7:a4:3f:ff:ad:20:84:d3:60:fd:49:0e:25:31:41:
ec:15:37:33:b6:83:8b:23:a9:bf:d6:a6:0a:ed:d0:
b2:73:89:95:e0:43:d7:e2:40:58:6f:34:03:80:8f:
c5:85:2d:48:6d:55:45:a6:8b:d7:c3:9f:53:9f:30:
d6:47:20:17:d7:54:e7:db:cc:38:34:cd:cf:bd:1a:
e9:59:a0:7f:08:73:b1:b4:a9:d9:e3:b1:40:08:63:
f6:02:96:68:1a:a0:e4:82:67:d7:c6:ee:c0:50:c1:
6c:fe:ae:b0:6a:3f:bf:af:68:d6:c6:66:48:d6:e3:
f8:06:4f:4b:7a:52:05:fb:11:66:d6:b2:4e:19:1c:
d6:91:c1:af:36:9e:7d:54:a7:ad:97:27:59:c1:d0:
3f:69:4d:8c:d4:2a:89:18:22:c5:7e:bc:7c:a1:8c:
56:3f:3d:93:5d:71:c3:15:5c:bf:f7:cf:f6:00:a3:
d4:3c:ee:51:1e:24:37:71:3f:dd:5e:56:a5:8c:6c:
e8:6d:d7:0c:cb:ae:65:e7:68:ae:0f:93:42:06:0b:
f1:0e:65:05:0c:dd:b7:f3:94:23:1e:8c:ba:78:aa:
e6:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:B8:8E:28:06:80:0F:A8:D7:D0:0B:46:CB:82:A6:A3:31:6C:E0:A8
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/PriOKAaAD6jX0AtGy4KmozFs4Kg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.248.0/23
45.143.166.0/23
45.150.108.0/23
Signature Algorithm: sha256WithRSAEncryption
4b:9b:a0:96:7e:40:c5:31:17:03:6a:ab:d3:3f:9a:51:81:48:
07:99:ba:ee:58:d9:e5:1d:39:aa:c4:a8:08:cc:27:d8:ad:37:
63:96:35:72:91:d0:36:6d:64:3a:9f:15:41:be:09:34:6d:bc:
22:4b:4d:8f:94:93:10:01:eb:c9:a9:3f:cb:c3:1d:ba:ba:61:
30:9b:8c:5a:0d:2e:d1:e7:85:5b:4f:f0:ab:f0:bd:83:90:55:
46:db:67:88:c6:13:77:fb:93:3d:9d:35:41:1a:68:27:46:db:
45:5f:22:d6:8c:cd:7d:78:9b:e1:55:ea:71:b3:45:c1:ab:d0:
ac:73:25:c6:03:f2:f6:b0:3c:43:e7:76:96:bd:ab:0a:3b:98:
d9:f4:7a:6a:8a:55:cd:d8:b9:65:9e:2e:b2:05:58:fa:40:b5:
e6:bd:f1:9d:8b:b7:a7:e4:4f:24:6d:8a:cb:18:fc:a4:a4:92:
3e:66:7f:31:4a:fd:d8:67:7f:a0:19:54:88:20:7b:c0:2b:b4:
10:c4:a7:a2:9b:0b:17:86:73:d1:9c:d1:4d:50:0a:3c:8f:26:
f1:14:2f:59:1f:e1:7b:35:b1:8f:cf:b9:cb:11:58:aa:91:ef:
11:48:98:dd:45:6c:14:27:64:5c:6e:50:08:44:e4:1a:bb:cf:
38:7a:8e:2b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZKlCh/Yi64J13wtEG4ZWBQAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQxMDE5MTM0OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI4OGUyODA2ODAwZmE4ZDdkMDBiNDZjYjgyYTZhMzMxNmNlMGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQP1C7Y5RKDNoLYAAHxU9Jda7Yft
hQWp+ZpMuyvnpD//rSCE02D9SQ4lMUHsFTcztoOLI6m/1qYK7dCyc4mV4EPX4kBY
bzQDgI/FhS1IbVVFpovXw59TnzDWRyAX11Tn28w4NM3PvRrpWaB/CHOxtKnZ47FA
CGP2ApZoGqDkgmfXxu7AUMFs/q6waj+/r2jWxmZI1uP4Bk9LelIF+xFm1rJOGRzW
kcGvNp59VKetlydZwdA/aU2M1CqJGCLFfrx8oYxWPz2TXXHDFVy/98/2AKPUPO5R
HiQ3cT/dXlaljGzobdcMy65l52iuD5NCBgvxDmUFDN2385QjHoy6eKrmMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD64jigGgA+o19ALRsuCpqMxbOCoMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvUHJpT0tBYUFENmpYMEF0R3k0S21vekZzNEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLUL4AwQB
LY+mAwQBLZZsMA0GCSqGSIb3DQEBCwUAA4IBAQBLm6CWfkDFMRcDaqvTP5pRgUgH
mbruWNnlHTmqxKgIzCfYrTdjljVykdA2bWQ6nxVBvgk0bbwiS02PlJMQAevJqT/L
wx26umEwm4xaDS7R54VbT/Cr8L2DkFVG22eIxhN3+5M9nTVBGmgnRttFXyLWjM19
eJvhVepxs0XBq9CscyXGA/L2sDxD53aWvasKO5jZ9HpqilXN2Lllni6yBVj6QLXm
vfGdi7en5E8kbYrLGPykpJI+Zn8xSv3YZ3+gGVSIIHvAK7QQxKeimwsXhnPRnNFN
UAo8jybxFC9ZH+F7NbGPz7nLEViqke8RSJjdRWwUJ2RcblAIROQau884eo4r
-----END CERTIFICATE-----
Generated at Wed Nov 20 12:17:26 2024 by rpki-client on console-ams.rpki-client.org