Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OhTmaDGi5uGrXrFEr5jCaAcKH1I.roa
File: OhTmaDGi5uGrXrFEr5jCaAcKH1I.roa (raw, json)
Hash identifier: Z/0ZQN+g/64r3ZVtEjeXAdN7PjQqEC40nc/Rmgsvjyo=
Subject key identifier: 3A:14:E6:68:31:A2:E6:E1:AB:5E:B1:44:AF:98:C2:68:07:0A:1F:52
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01882F037048314C4ED53F5680F4EC66133A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OhTmaDGi5uGrXrFEr5jCaAcKH1I.roa
Signing time: Thu 18 May 2023 13:18:54 +0000
ROA not before: Thu 18 May 2023 13:18:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209371
IP address blocks: 178.215.239.0/24 maxlen: 24
45.128.96.0/22 maxlen: 24
85.31.47.0/24 maxlen: 24
45.139.107.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:2f:03:70:48:31:4c:4e:d5:3f:56:80:f4:ec:66:13:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 18 13:18:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3a14e66831a2e6e1ab5eb144af98c268070a1f52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:2e:ee:8d:31:cd:45:28:91:d6:64:3a:eb:15:
22:2d:48:df:4c:9e:19:cf:c5:b8:0f:e6:88:3d:0e:
09:19:cc:d1:92:a6:7f:bc:89:84:8c:2b:60:de:67:
db:74:eb:f3:d8:85:d4:8a:8e:10:11:66:65:75:a5:
af:5c:38:90:47:a7:48:fa:0e:ae:69:f6:98:70:b1:
3f:4f:09:28:bd:79:6f:ad:10:a6:26:11:46:eb:6a:
1c:b9:00:cd:a2:cc:79:75:2b:22:73:6b:5e:6a:77:
50:ea:ba:86:5d:9f:fd:fd:c3:18:4f:3d:ba:5f:45:
75:aa:11:7c:37:b0:ed:95:bf:02:a2:7e:2d:bf:69:
79:50:7e:2a:bf:77:cc:63:88:73:0a:f8:cf:f2:95:
85:4e:99:b1:7a:e9:21:5d:61:07:d5:f4:39:ac:f6:
3b:4d:26:30:13:13:55:68:5b:e8:b6:04:63:45:c0:
cc:c7:80:60:2b:e0:68:54:70:e4:7b:7e:2e:5f:29:
c1:b1:75:00:4d:e6:f7:5c:d2:df:9f:5a:a3:c9:01:
fe:5e:24:1d:0a:9a:28:7a:b5:d6:6a:ab:0b:a8:69:
9d:13:fe:37:89:cf:66:77:78:92:e0:77:18:97:c1:
e9:e5:06:3d:03:5f:b2:97:e6:0f:35:bf:95:6b:4e:
57:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:14:E6:68:31:A2:E6:E1:AB:5E:B1:44:AF:98:C2:68:07:0A:1F:52
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OhTmaDGi5uGrXrFEr5jCaAcKH1I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.128.96.0/22
45.139.107.0/24
85.31.47.0/24
178.215.239.0/24
Signature Algorithm: sha256WithRSAEncryption
19:be:b0:37:56:03:e7:8e:a4:4e:0c:bb:0f:61:8c:b4:be:12:
dd:3c:a5:e6:ad:50:87:9c:12:90:d5:1b:9f:ab:aa:34:60:c2:
3c:1c:5f:d7:06:55:ae:4d:a1:6e:d1:9f:41:00:2b:b9:03:04:
0a:92:c8:c6:34:12:6b:e6:39:cb:9a:e1:d8:a6:fb:ab:3b:2d:
cd:a4:d8:ab:4a:6c:f6:a6:71:c5:a5:00:35:30:87:aa:c7:c9:
68:1d:ff:7c:b9:d4:32:6f:92:95:04:f8:94:db:17:36:f7:b7:
1c:a3:35:e5:d9:b2:1f:70:b8:3d:a9:41:0c:f9:d2:ba:07:01:
9a:ca:06:cd:cb:85:8a:35:52:9e:a1:24:e5:32:8f:dd:71:db:
3c:09:54:52:41:ff:0b:f4:df:ab:8a:ea:b7:d7:99:f7:36:0c:
a7:66:4a:fe:e8:1b:ef:e7:23:52:16:0e:76:8d:74:b1:8e:ed:
f7:03:f7:a5:02:6d:4d:15:36:c2:64:7a:dd:f0:e8:a6:1e:18:
78:29:c8:c1:67:26:1b:d1:b1:50:e2:cb:52:23:dc:7f:aa:bb:
ba:11:24:87:06:c6:20:23:3e:b8:16:65:08:d2:01:f0:d8:ee:
8c:ff:93:db:6c:6f:06:12:ee:c0:b9:e1:b3:ef:69:87:5c:f3:
8d:8b:c8:af
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYgvA3BIMUxO1T9WgPTsZhM6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTE4MTMxODU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTE0ZTY2ODMxYTJlNmUxYWI1ZWIxNDRhZjk4YzI2ODA3MGExZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAny7ujTHNRSiR1mQ66xUiLUjfTJ4Z
z8W4D+aIPQ4JGczRkqZ/vImEjCtg3mfbdOvz2IXUio4QEWZldaWvXDiQR6dI+g6u
afaYcLE/TwkovXlvrRCmJhFG62ocuQDNosx5dSsic2teandQ6rqGXZ/9/cMYTz26
X0V1qhF8N7Dtlb8Con4tv2l5UH4qv3fMY4hzCvjP8pWFTpmxeukhXWEH1fQ5rPY7
TSYwExNVaFvotgRjRcDMx4BgK+BoVHDke34uXynBsXUATeb3XNLfn1qjyQH+XiQd
CpooerXWaqsLqGmdE/43ic9md3iS4HcYl8Hp5QY9A1+yl+YPNb+Va05XeQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDoU5mgxoubhq16xRK+YwmgHCh9SMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT2hUbWFER2k1dUdyWHJGRXI1akNhQWNLSDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALVRZAwQC
LYBgAwQALYtrAwQAVR8vAwQAstfvMA0GCSqGSIb3DQEBCwUAA4IBAQAZvrA3VgPn
jqRODLsPYYy0vhLdPKXmrVCHnBKQ1Rufq6o0YMI8HF/XBlWuTaFu0Z9BACu5AwQK
ksjGNBJr5jnLmuHYpvurOy3NpNirSmz2pnHFpQA1MIeqx8loHf98udQyb5KVBPiU
2xc297ccozXl2bIfcLg9qUEM+dK6BwGaygbNy4WKNVKeoSTlMo/dcds8CVRSQf8L
9N+riuq315n3NgynZkr+6Bvv5yNSFg52jXSxju33A/elAm1NFTbCZHrd8OimHhh4
KcjBZyYb0bFQ4stSI9x/qru6ESSHBsYgIz64FmUI0gHw2O6M/5PbbG8GEu7AueGz
72mHXPONi8iv
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:36 2023 by rpki-client on console-ams.rpki-client.org