Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/czT70CNSQB2TzKw1TIMcfhTe4p0.roa
File: czT70CNSQB2TzKw1TIMcfhTe4p0.roa (raw, json)
Hash identifier: PFirpHMjyW6q568mKxvH+fs3wTKsTdfFKAcwu6TlwR8=
Subject key identifier: 73:34:FB:D0:23:52:40:1D:93:CC:AC:35:4C:83:1C:7E:14:DE:E2:9D
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 018AAE30D434E5E2F61468379C22E06F7999
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/czT70CNSQB2TzKw1TIMcfhTe4p0.roa
Signing time: Tue 19 Sep 2023 16:05:50 +0000
ROA not before: Tue 19 Sep 2023 16:05:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207713
IP address blocks: 194.113.34.0/24 maxlen: 24
45.150.109.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ae:30:d4:34:e5:e2:f6:14:68:37:9c:22:e0:6f:79:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Sep 19 16:05:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7334fbd02352401d93ccac354c831c7e14dee29d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:02:d9:3e:53:36:84:c7:42:1f:2b:d4:de:97:
5a:80:9c:a0:65:29:b9:d3:d9:9c:de:8b:ff:aa:92:
bd:36:4d:ae:7b:df:87:8e:7f:d2:e1:ac:20:58:68:
0c:74:73:7f:d4:fd:d7:00:8b:e6:35:5f:02:3e:32:
c5:56:6e:d9:b4:71:31:35:b7:fe:c2:a6:d8:a7:d2:
57:b6:b3:df:99:e6:01:a3:43:8b:37:6f:4d:40:35:
da:93:95:19:44:0d:de:fc:8f:32:50:e1:22:5d:ae:
86:8f:c0:0c:a6:8f:c7:b9:b5:02:99:07:02:7a:6e:
4b:06:6b:90:32:77:bf:d2:5b:8a:86:90:dd:e9:36:
a8:83:69:f7:de:4d:3b:6a:c8:e2:cc:c5:0d:75:32:
13:44:51:94:d1:fa:38:81:fa:b6:dd:74:22:fe:06:
19:96:55:5b:8f:83:cd:96:76:ee:9e:0e:7e:db:00:
04:ce:df:aa:a4:52:61:b1:19:09:43:6b:d1:ea:a9:
ad:ab:d5:06:55:e4:af:f6:8d:10:d2:a4:89:2c:dc:
4c:53:fa:53:2b:53:ba:aa:fc:36:59:46:18:59:6d:
ea:0d:cf:d3:39:ce:a4:0d:3d:c7:8e:7e:1b:a2:b6:
db:5b:6c:9c:c4:64:71:97:13:b8:20:36:af:f2:71:
cb:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:34:FB:D0:23:52:40:1D:93:CC:AC:35:4C:83:1C:7E:14:DE:E2:9D
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/czT70CNSQB2TzKw1TIMcfhTe4p0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.109.0/24
194.113.34.0/24
Signature Algorithm: sha256WithRSAEncryption
25:b4:8f:dc:d8:a3:e4:6f:f2:2b:de:db:07:f4:9d:5c:d0:33:
bb:3e:c5:e1:c7:f8:c7:c6:00:15:37:70:f6:f8:be:08:fd:9c:
b0:6b:e5:ba:65:42:63:a8:ab:3e:eb:73:af:88:98:28:8f:e8:
89:33:bb:53:79:b7:6b:6b:14:8d:a6:7e:ae:b8:80:75:06:3f:
a4:93:d2:c7:04:53:da:6e:c2:23:62:ff:b6:6c:81:e8:64:0f:
a1:dc:7f:af:3a:a0:37:29:f6:d9:65:4b:79:95:9a:6a:3e:4b:
75:6d:22:74:43:6e:df:d4:17:8d:eb:c8:4d:a4:fb:50:49:18:
04:73:9d:6f:bb:e5:74:ae:07:3c:50:ce:f2:50:a0:ab:e4:31:
d9:06:20:a3:1a:b5:69:61:2e:58:0d:e7:70:78:29:2b:9a:15:
3b:af:fc:df:b1:59:a6:12:d6:a9:a5:d1:c8:a6:d4:2f:bd:05:
93:0c:0e:8a:45:92:73:38:52:a3:c6:aa:98:1b:c5:90:1a:41:
77:24:b6:4e:20:f4:8d:37:6a:b0:e5:0a:c3:82:8c:bd:ba:ff:
2b:4a:6d:cc:23:64:72:09:08:70:53:4b:c0:10:04:dd:5c:90:
08:ef:bd:0e:30:df:fe:1c:90:99:ea:98:c9:43:64:6d:3d:a8:
36:bb:66:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYquMNQ05eL2FGg3nCLgb3mZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjMwOTE5MTYwNTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzM0ZmJkMDIzNTI0MDFkOTNjY2FjMzU0YzgzMWM3ZTE0ZGVlMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngLZPlM2hMdCHyvU3pdagJygZSm5
09mc3ov/qpK9Nk2ue9+Hjn/S4awgWGgMdHN/1P3XAIvmNV8CPjLFVm7ZtHExNbf+
wqbYp9JXtrPfmeYBo0OLN29NQDXak5UZRA3e/I8yUOEiXa6Gj8AMpo/HubUCmQcC
em5LBmuQMne/0luKhpDd6Taog2n33k07asjizMUNdTITRFGU0fo4gfq23XQi/gYZ
llVbj4PNlnbung5+2wAEzt+qpFJhsRkJQ2vR6qmtq9UGVeSv9o0Q0qSJLNxMU/pT
K1O6qvw2WUYYWW3qDc/TOc6kDT3Hjn4borbbW2ycxGRxlxO4IDav8nHLSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHM0+9AjUkAdk8ysNUyDHH4U3uKdMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvY3pUNzBDTlNRQjJUekt3MVRJTWNmaFRlNHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZZtAwQA
wnEiMA0GCSqGSIb3DQEBCwUAA4IBAQAltI/c2KPkb/Ir3tsH9J1c0DO7PsXhx/jH
xgAVN3D2+L4I/Zywa+W6ZUJjqKs+63OviJgoj+iJM7tTebdraxSNpn6uuIB1Bj+k
k9LHBFPabsIjYv+2bIHoZA+h3H+vOqA3KfbZZUt5lZpqPkt1bSJ0Q27f1BeN68hN
pPtQSRgEc51vu+V0rgc8UM7yUKCr5DHZBiCjGrVpYS5YDedweCkrmhU7r/zfsVmm
EtappdHIptQvvQWTDA6KRZJzOFKjxqqYG8WQGkF3JLZOIPSNN2qw5QrDgoy9uv8r
Sm3MI2RyCQhwU0vAEATdXJAI770OMN/+HJCZ6pjJQ2RtPag2u2ak
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:00 2024 by rpki-client on console-ams.rpki-client.org