Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/1j5RUArzQB-5Ow7hsVWpjRBHrdU.roa
File: 1j5RUArzQB-5Ow7hsVWpjRBHrdU.roa (raw, json)
Hash identifier: FNbKzcVERtvCknfkpof6VTXw2T9bR2kIoHfVjL012h4=
Subject key identifier: D6:3E:51:50:0A:F3:40:1F:B9:3B:0E:E1:B1:55:A9:8D:10:47:AD:D5
Certificate issuer: /CN=8ac7eae649d9547b0ad0ab007ab4e8a48ded4d5d
Certificate serial: 018F5839890FD2FAD849E014FB883DF070AF
Authority key identifier: 8A:C7:EA:E6:49:D9:54:7B:0A:D0:AB:00:7A:B4:E8:A4:8D:ED:4D:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/isfq5knZVHsK0KsAerTopI3tTV0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/1j5RUArzQB-5Ow7hsVWpjRBHrdU.roa
Signing time: Wed 08 May 2024 12:41:56 +0000
ROA not before: Wed 08 May 2024 12:41:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207054
IP address blocks: 45.10.12.0/22 maxlen: 22
45.15.92.0/22 maxlen: 22
45.90.171.0/24 maxlen: 24
185.167.112.0/22 maxlen: 22
185.231.192.0/22 maxlen: 22
194.58.24.0/22 maxlen: 22
2a0b:1a00::/29 maxlen: 29
2a0e:2680::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:58:39:89:0f:d2:fa:d8:49:e0:14:fb:88:3d:f0:70:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8ac7eae649d9547b0ad0ab007ab4e8a48ded4d5d
Validity
Not Before: May 8 12:41:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d63e51500af3401fb93b0ee1b155a98d1047add5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:50:ff:a6:c2:57:41:eb:7f:e5:59:9c:ec:b6:
30:24:19:c2:f0:b3:34:6c:c4:b8:13:9b:4f:bb:ee:
e0:54:ee:f2:d0:5e:9b:21:52:6b:18:6f:9c:3f:b5:
9f:57:9b:14:7f:1f:4e:bf:5c:07:15:3d:e1:a5:46:
21:fd:cd:84:68:5c:c7:a6:4a:e5:8c:d0:4f:06:0e:
22:47:a2:07:0f:cc:dd:a4:e5:5b:d1:3f:1f:11:c7:
8d:70:d0:b5:07:f7:1e:c8:29:2a:46:8d:cb:ee:4e:
de:46:8e:f9:76:4a:14:03:70:22:ab:d8:f0:b3:29:
ee:5c:6e:a3:ae:c3:e9:60:7e:0f:50:da:62:1c:bf:
d8:db:c9:62:a2:db:bf:09:13:63:27:c6:0d:a6:57:
9b:68:ef:89:32:aa:56:0d:38:2d:f4:cb:8f:2f:03:
2b:42:2f:91:b7:90:70:89:f9:ce:c7:c5:b9:42:43:
1a:17:35:cd:71:40:7c:3e:ec:5a:2d:c9:bf:21:97:
aa:31:08:32:f6:b7:ce:44:31:7c:c2:76:04:f6:78:
e6:e7:75:17:3d:d7:6a:11:c3:e1:0e:e3:19:5a:ab:
ab:28:dd:3c:e4:25:25:fd:52:30:2d:de:d0:f5:22:
d7:ae:7b:58:36:91:e7:96:c6:d5:9e:fb:fa:81:9d:
3c:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:3E:51:50:0A:F3:40:1F:B9:3B:0E:E1:B1:55:A9:8D:10:47:AD:D5
X509v3 Authority Key Identifier:
keyid:8A:C7:EA:E6:49:D9:54:7B:0A:D0:AB:00:7A:B4:E8:A4:8D:ED:4D:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/isfq5knZVHsK0KsAerTopI3tTV0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/1j5RUArzQB-5Ow7hsVWpjRBHrdU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/67db0b-1d10-4c97-9af6-ac01f0c5662b/1/isfq5knZVHsK0KsAerTopI3tTV0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.12.0/22
45.15.92.0/22
45.90.171.0/24
185.167.112.0/22
185.231.192.0/22
194.58.24.0/22
IPv6:
2a0b:1a00::/29
2a0e:2680::/29
Signature Algorithm: sha256WithRSAEncryption
a6:e2:87:da:4f:b0:60:0a:dc:c3:43:e7:d6:30:e7:b7:36:a8:
73:e0:b6:10:14:d5:86:96:a0:bf:a5:69:e9:4e:81:ea:7b:ff:
05:24:01:5f:55:68:22:3d:e4:65:ae:81:c6:43:7d:31:6f:ce:
d7:be:24:9f:c3:db:cb:c8:19:7b:f4:2c:f2:bd:f7:0a:48:a6:
42:5f:e4:66:3d:be:7a:0b:8a:24:37:08:b4:d7:19:b7:5c:d3:
f1:ed:08:88:7d:0e:58:da:a7:3d:d6:5e:91:ba:44:c3:b1:fe:
04:f8:71:1c:71:fe:00:f9:3c:be:bd:af:a5:19:aa:0b:a8:26:
f5:b8:11:c1:8e:a0:a8:b1:bf:87:c9:90:91:d0:f4:d1:85:46:
da:88:fc:39:a0:e3:e2:0c:c8:cb:6f:a2:48:6d:0f:f5:b4:a1:
46:cc:f0:0c:31:21:92:c0:5e:67:14:9e:fd:3d:96:2b:a1:27:
f4:19:84:14:9c:98:00:c2:b2:37:77:a3:08:40:15:95:25:6b:
95:eb:0a:cc:6a:3f:ab:3b:63:5f:e4:c7:0a:f7:c2:e7:7a:be:
84:6b:28:46:be:97:c0:af:ab:bd:27:39:1f:1c:3c:25:4c:53:
f4:9b:cb:f2:6c:0d:92:4f:d3:bf:d4:60:64:47:7b:ac:a6:85:
e5:75:c7:37
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAY9YOYkP0vrYSeAU+4g98HCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYzdlYWU2NDlkOTU0N2IwYWQwYWIwMDdhYjRlOGE0OGRl
ZDRkNWQwHhcNMjQwNTA4MTI0MTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjNlNTE1MDBhZjM0MDFmYjkzYjBlZTFiMTU1YTk4ZDEwNDdhZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01D/psJXQet/5Vmc7LYwJBnC8LM0
bMS4E5tPu+7gVO7y0F6bIVJrGG+cP7WfV5sUfx9Ov1wHFT3hpUYh/c2EaFzHpkrl
jNBPBg4iR6IHD8zdpOVb0T8fEceNcNC1B/ceyCkqRo3L7k7eRo75dkoUA3Aiq9jw
synuXG6jrsPpYH4PUNpiHL/Y28liotu/CRNjJ8YNplebaO+JMqpWDTgt9MuPLwMr
Qi+Rt5BwifnOx8W5QkMaFzXNcUB8PuxaLcm/IZeqMQgy9rfORDF8wnYE9njm53UX
PddqEcPhDuMZWqurKN085CUl/VIwLd7Q9SLXrntYNpHnlsbVnvv6gZ08mQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNY+UVAK80AfuTsO4bFVqY0QR63VMB8GA1UdIwQY
MBaAFIrH6uZJ2VR7CtCrAHq06KSN7U1dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXNmcTVrblpWSHNLMEtzQWVyVG9wSTN0VFYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC82N2RiMGItMWQxMC00Yzk3LTlhZjYt
YWMwMWYwYzU2NjJiLzEvMWo1UlVBcnpRQi01T3c3aHNWV3BqUkJIcmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC82N2RiMGItMWQxMC00Yzk3LTlhZjYtYWMwMWYwYzU2NjJi
LzEvaXNmcTVrblpWSHNLMEtzQWVyVG9wSTN0VFYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCLQoMAwQC
LQ9cAwQALVqrAwQCuadwAwQCuefAAwQCwjoYMBQEAgACMA4DBQMqCxoAAwUDKg4m
gDANBgkqhkiG9w0BAQsFAAOCAQEApuKH2k+wYArcw0Pn1jDntzaoc+C2EBTVhpag
v6Vp6U6B6nv/BSQBX1VoIj3kZa6BxkN9MW/O174kn8Pby8gZe/Qs8r33CkimQl/k
Zj2+eguKJDcItNcZt1zT8e0IiH0OWNqnPdZekbpEw7H+BPhxHHH+APk8vr2vpRmq
C6gm9bgRwY6gqLG/h8mQkdD00YVG2oj8OaDj4gzIy2+iSG0P9bShRszwDDEhksBe
ZxSe/T2WK6En9BmEFJyYAMKyN3ejCEAVlSVrlesKzGo/qztjX+THCvfC53q+hGso
Rr6XwK+rvSc5Hxw8JUxT9JvL8mwNkk/Tv9RgZEd7rKaF5XXHNw==
-----END CERTIFICATE-----
Generated at Fri Nov 1 10:44:17 2024 by rpki-client on console-fra.rpki-client.org