Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/jXQYb3hrGd9G-M0gx_4KQByBaqU.roa
File: jXQYb3hrGd9G-M0gx_4KQByBaqU.roa (raw, json)
Hash identifier: Dj0jMyynRBfl5Yt+lpJhZEaSD1Uo1NAKgpSOrw/Epqk=
Subject key identifier: 8D:74:18:6F:78:6B:19:DF:46:F8:CD:20:C7:FE:0A:40:1C:81:6A:A5
Certificate issuer: /CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Certificate serial: 018CC424612442F6B571BF5D1A089F5B658D
Authority key identifier: D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/jXQYb3hrGd9G-M0gx_4KQByBaqU.roa
Signing time: Mon 01 Jan 2024 08:29:27 +0000
ROA not before: Mon 01 Jan 2024 08:29:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59745
IP address blocks: 45.151.92.0/22 maxlen: 24
80.66.96.0/20 maxlen: 24
195.20.20.0/22 maxlen: 24
185.198.200.0/22 maxlen: 24
2a02:340::/32 maxlen: 32
2a0a:8ec0::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:24:61:24:42:f6:b5:71:bf:5d:1a:08:9f:5b:65:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Validity
Not Before: Jan 1 08:29:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8d74186f786b19df46f8cd20c7fe0a401c816aa5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:22:e6:86:37:8f:4a:08:15:90:3e:64:b5:23:
0b:f5:5e:da:8d:7b:e7:66:19:55:cb:60:51:52:0a:
1d:16:c5:05:ad:94:14:51:f0:bd:f7:b9:e6:b1:ce:
83:34:8a:07:ea:ae:5d:30:3d:f9:91:95:28:fa:3c:
40:ec:32:a4:03:0b:0a:11:b8:93:42:e5:d9:9c:9c:
64:bb:d6:1e:97:53:af:45:91:b4:73:74:bf:45:33:
dc:1e:fc:ac:aa:1a:92:fe:bd:67:74:f5:76:6c:b1:
c5:05:a7:72:4f:ba:eb:e3:ed:70:67:f8:c3:36:69:
23:bf:09:1f:94:37:40:ad:6c:be:12:56:ce:34:6c:
c6:19:58:c7:93:e5:9e:d8:1f:dc:cf:49:4d:bc:1a:
dd:00:35:79:af:4b:8b:0d:8f:41:5a:a1:00:89:b2:
05:01:e6:5e:ab:52:48:93:a3:69:e0:36:d3:5c:a4:
f6:bb:d3:00:77:00:2f:f4:e6:dc:7e:60:7f:b9:53:
bd:67:57:ba:c4:1f:7a:4c:f2:0c:3e:ca:11:a9:90:
79:55:46:d7:4f:71:05:71:8d:ee:3e:98:54:91:4b:
67:42:01:ef:b0:8b:44:7c:07:e4:a6:00:28:23:ac:
6e:fc:38:70:e8:75:09:ee:a6:a0:a3:ee:0c:a1:2e:
75:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:74:18:6F:78:6B:19:DF:46:F8:CD:20:C7:FE:0A:40:1C:81:6A:A5
X509v3 Authority Key Identifier:
keyid:D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/jXQYb3hrGd9G-M0gx_4KQByBaqU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.92.0/22
80.66.96.0/20
185.198.200.0/22
195.20.20.0/22
IPv6:
2a02:340::/32
2a0a:8ec0::/29
Signature Algorithm: sha256WithRSAEncryption
1c:7e:98:2b:74:ef:c4:94:51:7f:64:c8:92:e1:8c:70:fc:54:
e5:1b:8c:03:dc:93:5a:83:55:d2:bd:e7:ca:9f:14:55:3a:62:
f0:c9:75:13:26:f6:4c:42:6e:69:be:93:0a:69:52:18:ff:d8:
54:01:f4:54:1c:b3:33:4e:63:97:6a:55:bf:a2:e0:c9:f3:02:
9b:ed:fb:9c:1f:e5:c9:32:b9:cd:0b:52:1e:1c:f2:ec:50:83:
16:4b:56:af:73:de:2f:df:b0:0a:02:54:5e:99:86:c5:4e:82:
fa:f5:d7:d7:50:e9:74:25:9e:ef:3d:03:d4:d2:3c:90:b8:6f:
ef:85:ff:d5:14:be:63:f5:40:47:e0:9e:be:e3:73:ae:68:90:
fb:0c:f5:ad:5c:4b:12:4c:28:8d:ac:0d:c9:19:94:1d:cb:2d:
59:ca:03:31:a2:e3:38:fd:a4:7d:ed:df:8b:1b:31:7b:91:42:
b5:5b:76:d7:2d:11:f7:09:bc:11:de:76:6f:ba:b5:11:5e:58:
05:e3:ba:15:e8:4a:12:74:51:e1:e6:24:dc:01:96:ae:5b:76:
9d:52:0e:79:96:af:e6:61:2e:6b:21:16:7d:ff:8d:4f:01:a3:
a7:40:5d:f3:2c:ef:28:d9:d9:11:22:15:6e:6d:15:c4:4e:83:
e9:a8:de:dd
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzEJGEkQva1cb9dGgifW2WNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzNiMTJjOGQ2MzUxOTBlYzkyODQzN2JiZDZjYjBlOGMz
OGY5YTkwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDc0MTg2Zjc4NmIxOWRmNDZmOGNkMjBjN2ZlMGE0MDFjODE2YWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliLmhjePSggVkD5ktSML9V7ajXvn
ZhlVy2BRUgodFsUFrZQUUfC997nmsc6DNIoH6q5dMD35kZUo+jxA7DKkAwsKEbiT
QuXZnJxku9Yel1OvRZG0c3S/RTPcHvysqhqS/r1ndPV2bLHFBadyT7rr4+1wZ/jD
NmkjvwkflDdArWy+ElbONGzGGVjHk+We2B/cz0lNvBrdADV5r0uLDY9BWqEAibIF
AeZeq1JIk6Np4DbTXKT2u9MAdwAv9ObcfmB/uVO9Z1e6xB96TPIMPsoRqZB5VUbX
T3EFcY3uPphUkUtnQgHvsItEfAfkpgAoI6xu/Dhw6HUJ7qago+4MoS51AQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFI10GG94axnfRvjNIMf+CkAcgWqlMB8GA1UdIwQY
MBaAFNTDsSyNY1GQ7JKEN7vWyw6MOPmpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTkt
MGY5ZDU3YTVkNGZhLzEvalhRWWIzaHJHZDlHLU0wZ3hfNEtRQnlCYXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTktMGY5ZDU3YTVkNGZh
LzEvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCLZdcAwQE
UEJgAwQCucbIAwQCwxQUMBQEAgACMA4DBQAqAgNAAwUDKgqOwDANBgkqhkiG9w0B
AQsFAAOCAQEAHH6YK3TvxJRRf2TIkuGMcPxU5RuMA9yTWoNV0r3nyp8UVTpi8Ml1
Eyb2TEJuab6TCmlSGP/YVAH0VByzM05jl2pVv6LgyfMCm+37nB/lyTK5zQtSHhzy
7FCDFktWr3PeL9+wCgJUXpmGxU6C+vXX11DpdCWe7z0D1NI8kLhv74X/1RS+Y/VA
R+CevuNzrmiQ+wz1rVxLEkwojawNyRmUHcstWcoDMaLjOP2kfe3fixsxe5FCtVt2
1y0R9wm8Ed52b7q1EV5YBeO6FehKEnRR4eYk3AGWrlt2nVIOeZav5mEuayEWff+N
TwGjp0Bd8yzvKNnZESIVbm0VxE6D6aje3Q==
-----END CERTIFICATE-----
Generated at Thu Apr 17 23:44:31 2025 by rpki-client