Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7q9wDFymDGMYZsl_6S9uBtV4zBE.roa
File: 7q9wDFymDGMYZsl_6S9uBtV4zBE.roa (raw, json)
Hash identifier: vIWpRmP6cjpn5Dfh41GakEwSiALzC7gpPpECmtzVX+Y=
Subject key identifier: EE:AF:70:0C:5C:A6:0C:63:18:66:C9:7F:E9:2F:6E:06:D5:78:CC:11
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189F2E40E0C32FD64A00BC028525A95C353
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7q9wDFymDGMYZsl_6S9uBtV4zBE.roa
Signing time: Mon 14 Aug 2023 07:12:59 +0000
ROA not before: Mon 14 Aug 2023 07:12:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209371
IP address blocks: 45.128.96.0/24 maxlen: 24
45.139.107.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:f2:e4:0e:0c:32:fd:64:a0:0b:c0:28:52:5a:95:c3:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 14 07:12:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=eeaf700c5ca60c631866c97fe92f6e06d578cc11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:a9:74:dd:4b:83:13:26:57:9d:e5:69:db:39:
38:25:36:37:6c:ac:93:e9:f6:e2:3b:b4:69:4d:93:
6b:9b:56:dd:c8:15:a3:ad:c1:82:c4:85:c4:61:2e:
29:b6:e6:a5:ea:83:47:87:95:b1:a0:d2:76:6e:01:
3b:9a:ca:bf:13:fb:31:b6:9e:ce:39:d9:31:05:01:
7a:a4:04:55:fc:a0:54:43:5a:b2:1c:a8:06:b5:e5:
69:f8:11:b6:0a:8e:53:db:22:0a:a9:31:ff:14:aa:
fb:52:48:b7:42:5a:f1:9e:bd:8b:d2:87:97:a1:56:
5f:05:ee:c3:b9:fb:f2:7e:46:2b:e1:e5:e0:8d:04:
62:96:f8:46:db:ad:2a:46:1e:1e:75:c9:79:a4:40:
ab:f7:b5:95:e7:75:ba:cb:27:62:f9:b4:13:93:da:
3f:33:ac:89:a4:db:ee:db:a9:a3:11:2d:b6:c8:d1:
c4:de:86:71:61:ee:b4:1b:25:13:50:eb:5c:72:f3:
8f:b8:48:a7:5f:15:05:5a:d6:fd:ce:46:64:89:c1:
58:e5:7a:6c:33:fa:8a:29:ae:36:bf:67:56:34:6c:
70:8e:ae:11:a5:d8:7c:9b:cf:65:d5:e3:00:b5:6f:
22:7b:33:e2:c5:30:b0:e3:58:5a:0b:4f:27:1e:59:
48:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:AF:70:0C:5C:A6:0C:63:18:66:C9:7F:E9:2F:6E:06:D5:78:CC:11
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7q9wDFymDGMYZsl_6S9uBtV4zBE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.128.96.0/24
45.139.107.0/24
Signature Algorithm: sha256WithRSAEncryption
39:25:27:0d:9c:14:00:08:1d:8b:84:cc:2f:53:0c:68:67:8f:
95:8e:67:84:7f:6c:5e:d1:0c:3b:e2:12:f3:4b:8f:74:b6:43:
42:b1:c8:4a:88:c1:76:1b:2b:36:e4:1d:50:05:bf:d8:49:5f:
c5:3e:fd:5e:96:ae:03:b6:51:2f:cf:54:db:9e:c8:9b:56:24:
66:fc:08:09:89:36:3d:b4:da:0a:90:27:2b:12:23:b3:13:f4:
c9:03:9e:57:61:70:a3:91:19:1b:eb:35:cc:44:9d:47:ce:c7:
e9:a9:6f:e5:66:87:82:82:7e:f3:2f:9b:90:95:d1:5a:af:f6:
4e:eb:b2:13:0b:86:87:6e:67:24:52:3b:db:42:a5:9a:f3:4d:
04:9a:aa:5a:33:ac:08:fe:2b:5e:c4:fd:2f:58:e5:04:7b:82:
d6:38:20:9c:98:48:f2:d5:db:23:6c:3a:5f:43:d0:29:e3:ca:
16:dd:69:a7:92:f6:59:d3:50:40:18:b8:dd:3b:17:a3:8f:f5:
46:5e:3f:fd:c5:47:eb:6c:83:ea:0a:c4:e1:bc:40:94:96:07:
75:8d:ee:a5:c8:da:e4:db:ed:a3:a6:f5:77:58:14:7f:7e:99:
0e:f1:7d:ec:d1:70:4e:54:a4:c1:0a:20:c0:20:77:fa:80:14:
f5:e2:5d:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYny5A4MMv1koAvAKFJalcNTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODE0MDcxMjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWFmNzAwYzVjYTYwYzYzMTg2NmM5N2ZlOTJmNmUwNmQ1NzhjYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApal03UuDEyZXneVp2zk4JTY3bKyT
6fbiO7RpTZNrm1bdyBWjrcGCxIXEYS4ptual6oNHh5WxoNJ2bgE7msq/E/sxtp7O
OdkxBQF6pARV/KBUQ1qyHKgGteVp+BG2Co5T2yIKqTH/FKr7Uki3Qlrxnr2L0oeX
oVZfBe7DufvyfkYr4eXgjQRilvhG260qRh4edcl5pECr97WV53W6yydi+bQTk9o/
M6yJpNvu26mjES22yNHE3oZxYe60GyUTUOtccvOPuEinXxUFWtb9zkZkicFY5Xps
M/qKKa42v2dWNGxwjq4Rpdh8m89l1eMAtW8iezPixTCw41haC08nHllILwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO6vcAxcpgxjGGbJf+kvbgbVeMwRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvN3E5d0RGeW1ER01ZWnNsXzZTOXVCdFY0ekJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVRZAwQA
LYBgAwQALYtrMA0GCSqGSIb3DQEBCwUAA4IBAQA5JScNnBQACB2LhMwvUwxoZ4+V
jmeEf2xe0Qw74hLzS490tkNCschKiMF2Gys25B1QBb/YSV/FPv1elq4DtlEvz1Tb
nsibViRm/AgJiTY9tNoKkCcrEiOzE/TJA55XYXCjkRkb6zXMRJ1HzsfpqW/lZoeC
gn7zL5uQldFar/ZO67ITC4aHbmckUjvbQqWa800EmqpaM6wI/itexP0vWOUEe4LW
OCCcmEjy1dsjbDpfQ9Ap48oW3WmnkvZZ01BAGLjdOxejj/VGXj/9xUfrbIPqCsTh
vECUlgd1je6lyNrk2+2jpvV3WBR/fpkO8X3s0XBOVKTBCiDAIHf6gBT14l19
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:25 2024 by rpki-client on console-ams.rpki-client.org