Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/q29PmwBc5JDuJF-ayYqaFXRhxbQ.roa
File: q29PmwBc5JDuJF-ayYqaFXRhxbQ.roa (raw, json)
Hash identifier: r2+Lv63CvrwXXHE8MGIKZ1WjuaI66yGcjZT9WQ0JraU=
Subject key identifier: AB:6F:4F:9B:00:5C:E4:90:EE:24:5F:9A:C9:8A:9A:15:74:61:C5:B4
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 018DEF3119407A0F40DE7C08BD735C926F1F
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/q29PmwBc5JDuJF-ayYqaFXRhxbQ.roa
Signing time: Wed 28 Feb 2024 10:09:48 +0000
ROA not before: Wed 28 Feb 2024 10:09:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 26042
IP address blocks: 45.143.164.0/24 maxlen: 24
45.143.165.0/24 maxlen: 24
192.144.12.0/22 maxlen: 24
194.110.246.0/24 maxlen: 24
194.113.35.0/24 maxlen: 24
2a11:2a47::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:ef:31:19:40:7a:0f:40:de:7c:08:bd:73:5c:92:6f:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Feb 28 10:09:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ab6f4f9b005ce490ee245f9ac98a9a157461c5b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:81:26:d7:68:15:09:ca:f9:15:c0:07:6d:fd:
43:58:fd:f2:3b:92:c4:95:8c:18:4b:3e:3c:e1:db:
2a:76:0c:93:96:22:44:96:c9:68:36:ac:9c:f2:25:
e8:20:05:5f:90:5a:f7:42:ab:0a:3b:cc:ed:b9:af:
41:e1:76:d9:f5:a7:44:89:33:0b:0d:ef:3c:0a:47:
c4:63:c0:26:2d:0e:d6:d5:d4:cc:94:4c:b1:74:59:
b5:bb:a5:bc:9e:bc:8b:c7:ac:66:53:b9:bb:5d:8c:
2e:96:fb:bc:56:eb:a8:d5:51:70:bf:48:e4:e4:3b:
f2:4d:00:67:53:8b:87:18:18:f9:b7:4b:41:18:9a:
eb:e6:36:c1:45:19:06:8a:0c:f2:e3:85:e9:1c:21:
12:5a:66:34:4a:f8:27:f7:44:20:15:b4:0a:39:1d:
99:11:f7:dd:22:81:c4:7b:80:ad:ba:3f:a0:bb:c6:
fa:ac:54:f1:d1:5a:2f:75:bc:2c:6f:fd:80:e0:a3:
19:d6:9e:7d:42:52:1b:10:96:17:fd:74:ae:b6:ac:
74:8b:a7:3d:d3:da:49:bd:08:40:e9:14:5f:8c:0e:
f6:fa:d6:86:75:0c:f5:ef:1e:5a:01:94:49:39:bc:
4a:6e:2d:cb:c1:35:05:c1:15:c4:ab:85:b3:ed:2d:
ec:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:6F:4F:9B:00:5C:E4:90:EE:24:5F:9A:C9:8A:9A:15:74:61:C5:B4
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/q29PmwBc5JDuJF-ayYqaFXRhxbQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.164.0/23
192.144.12.0/22
194.110.246.0/24
194.113.35.0/24
IPv6:
2a11:2a47::/32
Signature Algorithm: sha256WithRSAEncryption
0d:f2:0a:d2:a1:bf:34:d5:09:aa:04:51:ce:c1:c1:17:49:b6:
f7:b3:1a:76:1a:dc:d6:2a:05:06:23:b9:44:1c:ef:81:74:75:
fb:a3:dc:f6:ce:d2:f5:f5:52:e8:f1:7e:be:03:b0:8a:45:83:
d2:a6:56:15:c9:e3:b6:6f:07:cb:32:6e:b0:d9:7a:c7:2a:bb:
15:fe:54:1e:39:5d:ee:d8:d2:7a:d9:8e:4a:f9:f1:55:93:07:
1d:6d:da:79:24:72:1b:c5:ae:0e:fe:9e:0d:0c:03:17:1a:2c:
63:dd:cb:c3:d7:65:51:b8:77:25:06:1b:1d:66:d3:37:d5:1a:
06:8e:6a:db:c7:f7:b6:68:7e:e1:f5:ed:4d:a9:34:f9:f0:51:
6c:75:24:c7:72:dc:fa:07:5b:eb:70:b8:7f:bb:c9:f0:86:4f:
bb:e5:e9:ba:55:f6:52:e0:bd:e6:4d:47:dc:c8:82:1f:aa:05:
51:a8:36:8f:1d:91:fb:2a:0e:1c:5d:b5:7b:4d:b2:ca:20:13:
61:95:a2:de:89:27:10:40:9c:c7:59:c2:8d:26:70:72:a0:04:
fb:cb:18:7e:39:a7:cf:d3:6b:08:49:b0:42:a4:ea:23:93:ec:
05:db:b0:37:3a:c1:50:6b:e6:70:14:ab:d8:0f:c1:1c:5d:c0:
82:c4:90:ee
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY3vMRlAeg9A3nwIvXNckm8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMjI4MTAwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjZmNGY5YjAwNWNlNDkwZWUyNDVmOWFjOThhOWExNTc0NjFjNWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIEm12gVCcr5FcAHbf1DWP3yO5LE
lYwYSz484dsqdgyTliJElsloNqyc8iXoIAVfkFr3QqsKO8ztua9B4XbZ9adEiTML
De88CkfEY8AmLQ7W1dTMlEyxdFm1u6W8nryLx6xmU7m7XYwulvu8Vuuo1VFwv0jk
5DvyTQBnU4uHGBj5t0tBGJrr5jbBRRkGigzy44XpHCESWmY0Svgn90QgFbQKOR2Z
EffdIoHEe4Ctuj+gu8b6rFTx0Vovdbwsb/2A4KMZ1p59QlIbEJYX/XSutqx0i6c9
09pJvQhA6RRfjA72+taGdQz17x5aAZRJObxKbi3LwTUFwRXEq4Wz7S3sxQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKtvT5sAXOSQ7iRfmsmKmhV0YcW0MB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvcTI5UG13QmM1SkR1SkYtYXlZcWFGWFJoeGJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBLY+kAwQC
wJAMAwQAwm72AwQAwnEjMA0EAgACMAcDBQAqESpHMA0GCSqGSIb3DQEBCwUAA4IB
AQAN8grSob801QmqBFHOwcEXSbb3sxp2GtzWKgUGI7lEHO+BdHX7o9z2ztL19VLo
8X6+A7CKRYPSplYVyeO2bwfLMm6w2XrHKrsV/lQeOV3u2NJ62Y5K+fFVkwcdbdp5
JHIbxa4O/p4NDAMXGixj3cvD12VRuHclBhsdZtM31RoGjmrbx/e2aH7h9e1NqTT5
8FFsdSTHctz6B1vrcLh/u8nwhk+75em6VfZS4L3mTUfcyIIfqgVRqDaPHZH7Kg4c
XbV7TbLKIBNhlaLeiScQQJzHWcKNJnByoAT7yxh+OafP02sISbBCpOojk+wF27A3
OsFQa+ZwFKvYD8EcXcCCxJDu
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:37 2024 by rpki-client on console-fra.rpki-client.org