Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9GnXy7qC0B-nUMbMNxLiETfCBzw.roa
File: 9GnXy7qC0B-nUMbMNxLiETfCBzw.roa (raw, json)
Hash identifier: Jfv9kSVMqZtfdJXL+NyhGoAyauLBltO9iPT+5VTuk0M=
Subject key identifier: F4:69:D7:CB:BA:82:D0:1F:A7:50:C6:CC:37:12:E2:11:37:C2:07:3C
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018571A79D1677421056D98CE24BCDBE1786
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9GnXy7qC0B-nUMbMNxLiETfCBzw.roa
Signing time: Mon 02 Jan 2023 08:44:48 +0000
ROA not before: Mon 02 Jan 2023 08:44:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 194.180.238.0/24 maxlen: 24
45.140.32.0/22 maxlen: 22
45.150.180.0/22 maxlen: 22
185.145.80.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:a7:9d:16:77:42:10:56:d9:8c:e2:4b:cd:be:17:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 2 08:44:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f469d7cbba82d01fa750c6cc3712e21137c2073c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:f9:44:80:9c:93:51:7e:3a:6a:80:f8:f6:74:
87:78:d5:f8:2d:4b:43:f6:03:42:ea:05:9f:78:6f:
de:3e:a2:ae:8f:21:7e:e2:f5:a3:17:c4:1b:4d:5c:
32:5f:9a:ce:56:29:dd:0c:2f:5c:7b:62:4e:5f:4e:
e8:6a:89:5a:b8:b8:38:32:ea:35:b2:84:c4:b9:4b:
70:ae:33:b1:38:f9:5e:92:99:26:86:dd:16:4f:81:
dd:da:88:0a:f1:0f:7b:0b:ba:9a:38:79:85:67:a6:
75:58:11:45:1c:12:1d:03:e4:5c:23:52:e2:ee:85:
0f:cc:01:99:0e:74:4e:3c:2c:e3:1d:b7:6d:1d:96:
e5:53:8c:89:38:75:6b:78:30:99:68:18:af:1f:a1:
70:61:92:a9:83:1e:f3:b0:33:de:05:da:e5:76:6c:
f2:59:dc:02:d6:5a:18:6b:cc:03:4e:4d:9e:c8:79:
6a:87:97:a7:bc:ff:4c:85:63:b7:17:c1:f9:c4:e0:
18:1a:e4:37:77:0c:68:c2:db:e8:a6:45:64:df:61:
cb:69:ec:38:b2:c6:2a:b9:46:7d:4d:97:d2:3e:4f:
4b:98:36:bb:63:e0:6a:d8:b1:be:2f:0c:87:ba:0e:
7e:5e:21:ac:21:ad:5c:a3:9d:13:d9:53:ab:3a:34:
c7:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:69:D7:CB:BA:82:D0:1F:A7:50:C6:CC:37:12:E2:11:37:C2:07:3C
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/9GnXy7qC0B-nUMbMNxLiETfCBzw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.140.32.0/22
45.150.180.0/22
185.145.80.0/22
194.180.238.0/24
Signature Algorithm: sha256WithRSAEncryption
00:ca:2f:c3:46:d3:61:ce:4b:7a:69:5f:15:3e:b2:43:48:61:
e7:5e:c1:0a:cc:03:2b:e9:6c:ca:73:ca:f7:0a:35:e6:8f:39:
40:5a:2e:ff:16:d2:78:3b:6d:c9:c5:b8:c9:8d:98:34:a0:ea:
70:ee:88:bc:38:9a:d8:04:cb:5c:fd:e0:4f:da:fc:b9:07:ed:
d4:8c:61:8b:77:ad:13:ac:fa:56:c8:88:61:9c:c0:5e:b7:1a:
25:f7:88:f9:0e:4c:fa:bb:b1:54:a1:46:4b:cc:97:3d:c9:2a:
89:9a:4f:78:60:39:84:29:8a:ae:0c:e6:2a:29:6d:27:20:d8:
b6:8b:6b:02:b4:c9:7e:ae:26:94:ca:4b:2e:9e:35:b7:c7:6f:
50:a4:dc:2a:d0:9b:09:72:2f:10:f1:3b:b2:3b:4b:43:ca:df:
2a:c0:40:f5:91:5d:7f:26:3c:85:b0:e5:0d:ff:a0:ff:ae:b3:
08:00:e3:3a:09:40:46:ed:46:51:11:91:f8:f9:21:b3:b4:74:
f8:87:cb:1d:67:2d:a6:f7:96:2b:53:60:ab:bf:80:34:66:1c:
cb:06:68:f9:9a:f6:d8:72:2f:c4:d1:a7:d6:30:9d:03:0c:08:
68:68:69:a7:0e:a3:b7:d1:b8:12:7d:72:f7:aa:fd:d8:aa:3c:
17:88:2e:db
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVxp50Wd0IQVtmM4kvNvheGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwMTAyMDg0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDY5ZDdjYmJhODJkMDFmYTc1MGM2Y2MzNzEyZTIxMTM3YzIwNzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvlEgJyTUX46aoD49nSHeNX4LUtD
9gNC6gWfeG/ePqKujyF+4vWjF8QbTVwyX5rOVindDC9ce2JOX07oaolauLg4Muo1
soTEuUtwrjOxOPlekpkmht0WT4Hd2ogK8Q97C7qaOHmFZ6Z1WBFFHBIdA+RcI1Li
7oUPzAGZDnROPCzjHbdtHZblU4yJOHVreDCZaBivH6FwYZKpgx7zsDPeBdrldmzy
WdwC1loYa8wDTk2eyHlqh5envP9MhWO3F8H5xOAYGuQ3dwxowtvopkVk32HLaew4
ssYquUZ9TZfSPk9LmDa7Y+Bq2LG+LwyHug5+XiGsIa1co50T2VOrOjTHOwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPRp18u6gtAfp1DGzDcS4hE3wgc8MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvOUduWHk3cUMwQi1uVU1iTU54TGlFVGZDQnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLYwgAwQC
LZa0AwQCuZFQAwQAwrTuMA0GCSqGSIb3DQEBCwUAA4IBAQAAyi/DRtNhzkt6aV8V
PrJDSGHnXsEKzAMr6WzKc8r3CjXmjzlAWi7/FtJ4O23JxbjJjZg0oOpw7oi8OJrY
BMtc/eBP2vy5B+3UjGGLd60TrPpWyIhhnMBetxol94j5Dkz6u7FUoUZLzJc9ySqJ
mk94YDmEKYquDOYqKW0nINi2i2sCtMl+riaUyksunjW3x29QpNwq0JsJci8Q8Tuy
O0tDyt8qwED1kV1/JjyFsOUN/6D/rrMIAOM6CUBG7UZREZH4+SGztHT4h8sdZy2m
95YrU2Crv4A0ZhzLBmj5mvbYci/E0afWMJ0DDAhoaGmnDqO30bgSfXL3qv3YqjwX
iC7b
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org