Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/ODBECuJIOKnnUNJ1wTJgu0hcjvU.roa
File: ODBECuJIOKnnUNJ1wTJgu0hcjvU.roa (raw, json)
Hash identifier: pTyL9FxhPPlIFuWPvrbawaVtTHK0zoOL2khBMgA7hiM=
Subject key identifier: 38:30:44:0A:E2:48:38:A9:E7:50:D2:75:C1:32:60:BB:48:5C:8E:F5
Certificate issuer: /CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Certificate serial: 018B60583772D89D0AD09BA3373BE0E99F42
Authority key identifier: D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/ODBECuJIOKnnUNJ1wTJgu0hcjvU.roa
Signing time: Tue 24 Oct 2023 06:21:15 +0000
ROA not before: Tue 24 Oct 2023 06:21:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59745
IP address blocks: 45.151.92.0/22 maxlen: 24
80.66.96.0/20 maxlen: 24
195.20.20.0/22 maxlen: 24
185.198.200.0/22 maxlen: 24
2a02:340::/32 maxlen: 32
2a0a:8ec0::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:60:58:37:72:d8:9d:0a:d0:9b:a3:37:3b:e0:e9:9f:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Validity
Not Before: Oct 24 06:21:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3830440ae24838a9e750d275c13260bb485c8ef5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:cd:21:1e:dd:80:66:13:3d:3c:4d:67:85:84:
60:95:e2:85:40:6b:25:d9:15:92:ff:5a:eb:7c:87:
d9:ce:10:74:eb:45:c1:59:7c:ed:ab:b4:7b:0f:35:
ea:03:20:9a:24:a0:ca:e7:3e:a8:21:18:3d:0f:f7:
80:33:5b:0c:d3:17:62:ae:21:d7:98:7f:c9:26:56:
c7:8d:99:ef:a2:7f:6e:59:63:61:32:86:eb:52:53:
85:c3:41:b4:17:fa:b8:cd:ac:6c:92:c2:09:e7:e2:
87:4a:71:ee:d1:b7:9a:1b:b0:6f:8b:92:63:d8:61:
70:7f:60:39:e6:a2:4e:1d:56:72:c0:9a:93:8a:2e:
7f:77:c6:bf:e4:31:74:21:51:92:bf:de:d8:39:e8:
1a:b0:a7:64:ed:78:75:62:ae:d7:06:ab:eb:81:7a:
84:8e:66:3f:9c:f9:a5:d4:db:6a:25:a3:18:fc:7e:
09:94:bf:d2:04:98:76:6b:2e:d0:51:5e:e4:1f:cb:
67:ef:63:72:0c:c2:75:f9:90:e4:85:d3:3f:12:f0:
31:52:c0:ac:86:b8:0e:58:d4:0a:99:3b:25:28:c1:
76:84:ab:fa:24:a0:6d:92:cd:9c:2d:f3:a5:8a:26:
28:26:dc:e3:6b:83:17:95:f6:be:4c:f1:72:ae:ec:
b5:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:30:44:0A:E2:48:38:A9:E7:50:D2:75:C1:32:60:BB:48:5C:8E:F5
X509v3 Authority Key Identifier:
keyid:D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/ODBECuJIOKnnUNJ1wTJgu0hcjvU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.92.0/22
80.66.96.0/20
185.198.200.0/22
195.20.20.0/22
IPv6:
2a02:340::/32
2a0a:8ec0::/29
Signature Algorithm: sha256WithRSAEncryption
ad:30:d2:fe:9a:ed:51:e5:ab:44:f6:b1:5d:0e:53:8c:07:ea:
93:f9:ed:73:f9:99:af:1c:94:d9:04:79:f1:16:e6:dc:5b:9a:
1b:20:1d:6f:9d:2b:f8:37:fc:1b:e3:2d:a0:47:bc:02:1e:ee:
41:91:a3:ac:ad:14:eb:c0:2c:9d:a4:e5:d4:df:b8:02:1c:40:
c7:bb:6a:13:b2:e6:17:9d:8f:b6:13:1d:76:d9:46:c1:f7:a2:
00:9f:c6:ba:0c:ef:4b:ad:3a:29:41:cb:56:98:91:34:5a:a7:
dd:9e:3b:51:df:db:7f:c2:99:17:1f:c7:35:6b:db:8d:bf:30:
a3:c7:c4:1e:53:55:23:8d:b4:25:47:1c:c4:33:39:94:a7:a8:
f4:90:4e:1e:93:08:70:f6:c4:af:fb:49:7b:f9:56:0a:02:6f:
99:49:0a:0a:5e:ae:a5:89:e3:74:81:0e:e8:2e:ea:99:ff:18:
2f:e9:75:ec:74:f8:89:62:49:65:dd:2f:fc:0b:0c:83:30:43:
ef:dc:04:65:58:0e:46:3f:5f:8f:0d:af:f4:69:54:93:b1:1e:
38:bd:ff:5a:97:26:36:80:0d:87:c9:d0:d3:e9:8f:a2:85:a9:
e4:46:d8:c9:21:d1:18:df:8d:ea:4b:df:db:64:1d:b3:c6:3d:
23:e0:de:93
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYtgWDdy2J0K0JujNzvg6Z9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzNiMTJjOGQ2MzUxOTBlYzkyODQzN2JiZDZjYjBlOGMz
OGY5YTkwHhcNMjMxMDI0MDYyMTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODMwNDQwYWUyNDgzOGE5ZTc1MGQyNzVjMTMyNjBiYjQ4NWM4ZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu80hHt2AZhM9PE1nhYRgleKFQGsl
2RWS/1rrfIfZzhB060XBWXztq7R7DzXqAyCaJKDK5z6oIRg9D/eAM1sM0xdiriHX
mH/JJlbHjZnvon9uWWNhMobrUlOFw0G0F/q4zaxsksIJ5+KHSnHu0beaG7Bvi5Jj
2GFwf2A55qJOHVZywJqTii5/d8a/5DF0IVGSv97YOegasKdk7Xh1Yq7XBqvrgXqE
jmY/nPml1NtqJaMY/H4JlL/SBJh2ay7QUV7kH8tn72NyDMJ1+ZDkhdM/EvAxUsCs
hrgOWNQKmTslKMF2hKv6JKBtks2cLfOliiYoJtzja4MXlfa+TPFyruy1hQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFDgwRAriSDip51DSdcEyYLtIXI71MB8GA1UdIwQY
MBaAFNTDsSyNY1GQ7JKEN7vWyw6MOPmpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTkt
MGY5ZDU3YTVkNGZhLzEvT0RCRUN1SklPS25uVU5KMXdUSmd1MGhjanZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTktMGY5ZDU3YTVkNGZh
LzEvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCLZdcAwQE
UEJgAwQCucbIAwQCwxQUMBQEAgACMA4DBQAqAgNAAwUDKgqOwDANBgkqhkiG9w0B
AQsFAAOCAQEArTDS/prtUeWrRPaxXQ5TjAfqk/ntc/mZrxyU2QR58Rbm3FuaGyAd
b50r+Df8G+MtoEe8Ah7uQZGjrK0U68AsnaTl1N+4AhxAx7tqE7LmF52PthMddtlG
wfeiAJ/GugzvS606KUHLVpiRNFqn3Z47Ud/bf8KZFx/HNWvbjb8wo8fEHlNVI420
JUccxDM5lKeo9JBOHpMIcPbEr/tJe/lWCgJvmUkKCl6upYnjdIEO6C7qmf8YL+l1
7HT4iWJJZd0v/AsMgzBD79wEZVgORj9fjw2v9GlUk7EeOL3/WpcmNoANh8nQ0+mP
ooWp5EbYySHRGN+N6kvf22Qds8Y9I+Dekw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:12:34 2025 by rpki-client