Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/oDQeImwpnkR3D2kRVQt6orCH4MA.roa
File: oDQeImwpnkR3D2kRVQt6orCH4MA.roa (raw, json)
Hash identifier: zw72nf5C1kUdWJPruh2g93itu4is7NdTZvQtfdL8rqk=
Subject key identifier: A0:34:1E:22:6C:29:9E:44:77:0F:69:11:55:0B:7A:A2:B0:87:E0:C0
Certificate issuer: /CN=27516d20ebefd12f072d413c4d2606bdb258691a
Certificate serial: 01866497D3D454B3B01368755E89E5E50F8A
Authority key identifier: 27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/oDQeImwpnkR3D2kRVQt6orCH4MA.roa
Signing time: Sat 18 Feb 2023 12:55:17 +0000
ROA not before: Sat 18 Feb 2023 12:55:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5089
IP address blocks: 185.190.45.0/24 maxlen: 24
195.66.24.0/24 maxlen: 24
195.66.25.0/24 maxlen: 24
195.66.26.0/24 maxlen: 24
195.66.29.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:64:97:d3:d4:54:b3:b0:13:68:75:5e:89:e5:e5:0f:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27516d20ebefd12f072d413c4d2606bdb258691a
Validity
Not Before: Feb 18 12:55:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a0341e226c299e44770f6911550b7aa2b087e0c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:5f:47:b4:bc:27:f8:cf:43:05:c0:44:cc:ca:
5a:62:c0:40:d5:68:cc:d7:8a:46:34:37:e2:a9:8e:
66:4e:ed:76:16:6b:84:39:f0:ef:e3:6d:30:94:37:
ce:41:84:20:3a:45:49:fe:36:ea:00:c0:05:33:d2:
f4:5f:de:38:e2:90:7d:f3:aa:4e:11:91:1d:90:6e:
54:41:23:42:1a:dd:62:7f:6a:eb:67:11:53:8e:0b:
c9:0d:39:09:2f:98:ba:23:e8:95:59:a8:41:6c:f2:
a6:eb:42:c1:c4:12:80:68:42:6f:d9:e6:38:c7:76:
db:a3:c4:5b:91:e5:b4:4e:16:13:40:04:06:ac:f0:
f1:51:fb:66:ea:0a:e3:3c:e0:f8:66:24:cb:94:8c:
dc:34:d9:c3:03:0c:3a:37:61:aa:99:47:0a:6d:9a:
fb:e5:8a:85:af:6d:a1:e2:cb:8c:37:e4:e8:7e:8c:
93:97:3a:02:7f:54:c1:9b:3d:65:9d:66:44:a1:d9:
13:93:9c:d1:b5:ee:d1:03:5c:03:0e:f7:41:96:96:
39:92:d1:a5:07:ac:cc:33:bb:d3:bf:eb:63:4a:6b:
8b:dc:bd:90:51:77:fa:3d:58:63:eb:bd:2f:f4:44:
ac:8a:33:8d:cf:51:d6:7d:80:3b:be:de:7e:7d:95:
81:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:34:1E:22:6C:29:9E:44:77:0F:69:11:55:0B:7A:A2:B0:87:E0:C0
X509v3 Authority Key Identifier:
keyid:27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/oDQeImwpnkR3D2kRVQt6orCH4MA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.45.0/24
195.66.24.0-195.66.26.255
195.66.29.0/24
Signature Algorithm: sha256WithRSAEncryption
17:2e:0d:36:ed:3c:a5:94:53:82:26:f5:a0:5c:54:e3:cc:5a:
0a:6d:f2:97:3f:1e:0f:fc:65:11:d2:84:b2:fd:d6:ad:c9:e5:
cf:74:73:fb:ab:7c:06:cc:f0:6a:e6:bb:42:63:99:d5:bc:6d:
11:07:82:46:f1:cd:09:e9:1e:a2:ef:f5:25:8a:8b:f6:1d:ec:
9b:cf:94:ea:1b:b1:33:19:eb:c5:7a:33:38:d2:45:38:c7:a0:
49:9a:a3:7f:cb:47:f3:51:eb:b4:a8:fe:2e:7e:65:2f:1c:93:
25:bb:45:9c:b2:87:fc:ef:73:ed:7f:d5:d3:8b:ca:63:3d:c8:
f0:00:4e:60:e1:58:f0:ff:53:ae:b3:8e:45:19:84:e9:2d:1c:
3b:f9:7b:2e:7b:b1:2c:4d:38:d2:df:ef:a0:76:48:85:29:e7:
35:d3:c7:9d:ab:2e:2a:ff:d5:b3:87:93:8a:be:28:e2:54:f0:
0d:96:ae:80:ad:72:8a:ac:6f:c8:80:61:49:51:5c:96:90:ce:
45:0d:b9:07:7d:43:82:ed:b0:fc:2b:48:75:a5:0e:13:10:7a:
73:f9:26:c4:da:2f:52:48:94:f3:4f:04:82:8d:a4:c2:aa:16:
30:3e:1f:2f:1e:d0:00:00:5d:11:c1:8d:6f:9f:e1:2b:78:ea:
38:71:78:18
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYZkl9PUVLOwE2h1Xonl5Q+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NTE2ZDIwZWJlZmQxMmYwNzJkNDEzYzRkMjYwNmJkYjI1
ODY5MWEwHhcNMjMwMjE4MTI1NTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDM0MWUyMjZjMjk5ZTQ0NzcwZjY5MTE1NTBiN2FhMmIwODdlMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF9HtLwn+M9DBcBEzMpaYsBA1WjM
14pGNDfiqY5mTu12FmuEOfDv420wlDfOQYQgOkVJ/jbqAMAFM9L0X9444pB986pO
EZEdkG5UQSNCGt1if2rrZxFTjgvJDTkJL5i6I+iVWahBbPKm60LBxBKAaEJv2eY4
x3bbo8RbkeW0ThYTQAQGrPDxUftm6grjPOD4ZiTLlIzcNNnDAww6N2GqmUcKbZr7
5YqFr22h4suMN+TofoyTlzoCf1TBmz1lnWZEodkTk5zRte7RA1wDDvdBlpY5ktGl
B6zMM7vTv+tjSmuL3L2QUXf6PVhj670v9ESsijONz1HWfYA7vt5+fZWBxQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKA0HiJsKZ5Edw9pEVULeqKwh+DAMB8GA1UdIwQY
MBaAFCdRbSDr79EvBy1BPE0mBr2yWGkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYt
NzkwMjQ0NTA4ZGY0LzEvb0RRZUltd3Bua1IzRDJrUlZRdDZvckNINE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYtNzkwMjQ0NTA4ZGY0
LzEvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAub4tMAwD
BAPDQhgDBADDQhoDBADDQh0wDQYJKoZIhvcNAQELBQADggEBABcuDTbtPKWUU4Im
9aBcVOPMWgpt8pc/Hg/8ZRHShLL91q3J5c90c/urfAbM8Grmu0JjmdW8bREHgkbx
zQnpHqLv9SWKi/Yd7JvPlOobsTMZ68V6MzjSRTjHoEmao3/LR/NR67So/i5+ZS8c
kyW7RZyyh/zvc+1/1dOLymM9yPAATmDhWPD/U66zjkUZhOktHDv5ey57sSxNONLf
76B2SIUp5zXTx52rLir/1bOHk4q+KOJU8A2WroCtcoqsb8iAYUlRXJaQzkUNuQd9
Q4LtsPwrSHWlDhMQenP5JsTaL1JIlPNPBIKNpMKqFjA+Hy8e0AAAXRHBjW+f4St4
6jhxeBg=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:18:10 2025 by rpki-client