Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Zx9tC6P90ivsLJzxj7EawnsV0_4.roa
File: Zx9tC6P90ivsLJzxj7EawnsV0_4.roa (raw, json)
Hash identifier: WIV6YcHkM4tEIm33U+wqdtEi3ev0uB+Basj+EC8j+d4=
Subject key identifier: 67:1F:6D:0B:A3:FD:D2:2B:EC:2C:9C:F1:8F:B1:1A:C2:7B:15:D3:FE
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018CC2DB2B697581C09A60708A86AF055A62
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Zx9tC6P90ivsLJzxj7EawnsV0_4.roa
Signing time: Mon 01 Jan 2024 02:29:52 +0000
ROA not before: Mon 01 Jan 2024 02:29:52 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49006
IP address blocks: 85.159.117.0/24 maxlen: 24
45.10.12.0/22 maxlen: 22
91.214.200.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:db:2b:69:75:81:c0:9a:60:70:8a:86:af:05:5a:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 1 02:29:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=671f6d0ba3fdd22bec2c9cf18fb11ac27b15d3fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:40:10:76:b1:58:73:ea:84:07:1d:9b:9d:01:
f3:44:46:c9:3c:8a:7d:5a:14:f4:58:b6:45:eb:a7:
f4:55:60:49:0c:af:3c:96:07:e9:9e:bc:91:b8:40:
aa:5e:ad:a8:6c:10:82:f9:96:d9:e9:9d:d5:78:af:
74:42:8c:ad:f1:55:0f:77:38:fe:a7:fe:01:e4:88:
f1:e4:4a:6e:bf:3a:c6:a6:2d:6b:a4:70:2f:af:29:
e6:9b:be:85:1a:0f:9f:85:62:32:7f:c9:be:7b:d8:
88:31:2e:a5:fc:ba:70:09:2d:e4:a1:46:9c:7f:77:
32:23:d6:cf:2c:f0:5d:5b:ab:62:31:45:52:50:c1:
f0:9b:da:b8:30:ce:9a:0a:7b:74:f2:6c:62:99:0f:
63:ae:b4:a4:7d:dd:67:12:b1:87:c3:7b:d8:91:f2:
96:c6:bb:5e:8b:31:ad:e3:05:3a:c8:e3:7d:94:b7:
33:d5:f7:41:11:68:06:d5:73:e5:2f:57:4a:bb:a6:
69:31:b1:14:f7:1d:2c:f7:48:bd:09:db:fb:67:ad:
c0:d9:5b:dd:ee:b7:4b:70:48:c5:ae:77:01:49:fa:
df:2f:92:e5:09:17:de:0b:f4:9f:e5:ca:55:03:8f:
c7:53:83:4a:9e:0e:dc:47:54:c0:51:83:f6:c2:13:
a3:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:1F:6D:0B:A3:FD:D2:2B:EC:2C:9C:F1:8F:B1:1A:C2:7B:15:D3:FE
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Zx9tC6P90ivsLJzxj7EawnsV0_4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.12.0/22
85.159.117.0/24
91.214.200.0/22
Signature Algorithm: sha256WithRSAEncryption
43:30:6a:6d:4e:8a:fc:c4:30:f1:cf:aa:de:e9:bd:c9:ff:1c:
d4:c0:b3:c8:f0:1c:a0:ef:20:4c:3f:43:60:b9:cb:6b:86:37:
b9:6c:96:4e:ef:75:76:26:f5:83:72:45:e5:59:26:cd:91:f9:
47:d9:5f:5e:9b:3f:7e:bf:c7:7c:80:90:6d:55:97:f5:ac:b1:
4c:88:6b:26:de:82:b2:49:8d:1b:9b:6b:07:45:88:72:be:2a:
33:60:20:5d:3b:51:26:5d:b2:bf:2a:da:4c:7c:77:b8:81:94:
fd:89:b7:90:fb:5f:12:9c:1d:76:0e:a9:49:7e:90:47:b6:e6:
09:e7:97:81:d4:fe:d2:89:93:80:ab:88:a3:76:f8:1e:e9:1f:
0d:72:5b:1f:e2:e6:72:03:d3:0b:b4:fd:79:de:53:d4:25:7f:
62:be:cd:01:44:5e:36:3f:c3:4e:40:d2:ff:03:3d:6b:6c:96:
33:2a:81:04:6f:b5:ef:c6:5f:fd:6e:bd:1b:df:6a:e0:4e:0b:
73:a9:b0:91:5d:e8:fc:9f:e0:c5:81:a5:9b:06:17:38:60:2d:
a7:c8:32:87:84:51:53:1d:26:4c:d1:7e:03:c8:72:c3:ac:17:
09:14:90:56:a0:30:c4:1e:19:1c:70:42:6e:73:f0:0e:8e:47:
68:d5:42:58
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2ytpdYHAmmBwioavBVpiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzFmNmQwYmEzZmRkMjJiZWMyYzljZjE4ZmIxMWFjMjdiMTVkM2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUAQdrFYc+qEBx2bnQHzREbJPIp9
WhT0WLZF66f0VWBJDK88lgfpnryRuECqXq2obBCC+ZbZ6Z3VeK90Qoyt8VUPdzj+
p/4B5Ijx5EpuvzrGpi1rpHAvrynmm76FGg+fhWIyf8m+e9iIMS6l/LpwCS3koUac
f3cyI9bPLPBdW6tiMUVSUMHwm9q4MM6aCnt08mximQ9jrrSkfd1nErGHw3vYkfKW
xrteizGt4wU6yON9lLcz1fdBEWgG1XPlL1dKu6ZpMbEU9x0s90i9Cdv7Z63A2Vvd
7rdLcEjFrncBSfrfL5LlCRfeC/Sf5cpVA4/HU4NKng7cR1TAUYP2whOjJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGcfbQuj/dIr7Cyc8Y+xGsJ7FdP+MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvWng5dEM2UDkwaXZzTEp6eGo3RWF3bnNWMF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLQoMAwQA
VZ91AwQCW9bIMA0GCSqGSIb3DQEBCwUAA4IBAQBDMGptTor8xDDxz6re6b3J/xzU
wLPI8Byg7yBMP0Nguctrhje5bJZO73V2JvWDckXlWSbNkflH2V9emz9+v8d8gJBt
VZf1rLFMiGsm3oKySY0bm2sHRYhyviozYCBdO1EmXbK/KtpMfHe4gZT9ibeQ+18S
nB12DqlJfpBHtuYJ55eB1P7SiZOAq4ijdvge6R8Nclsf4uZyA9MLtP153lPUJX9i
vs0BRF42P8NOQNL/Az1rbJYzKoEEb7Xvxl/9br0b32rgTgtzqbCRXej8n+DFgaWb
Bhc4YC2nyDKHhFFTHSZM0X4DyHLDrBcJFJBWoDDEHhkccEJuc/AOjkdo1UJY
-----END CERTIFICATE-----
Generated at Thu Mar 7 13:55:42 2024 by rpki-client on console-fra.rpki-client.org