Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/tyGXhfHCcRwhGjJfzAmbez0KcLQ.roa
File: tyGXhfHCcRwhGjJfzAmbez0KcLQ.roa (raw, json)
Hash identifier: 4JlOcAUMeZiW2NwJPdFE4aAch0tHG2Tow7Sw/f1QjDc=
Subject key identifier: B7:21:97:85:F1:C2:71:1C:21:1A:32:5F:CC:09:9B:7B:3D:0A:70:B4
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 01904AC09A03E7B2AADE8898BD051BD52FE0
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/tyGXhfHCcRwhGjJfzAmbez0KcLQ.roa
Signing time: Mon 24 Jun 2024 14:57:34 +0000
ROA not before: Mon 24 Jun 2024 14:57:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7018
IP address blocks: 45.67.117.0/24 maxlen: 24
91.242.71.0/24 maxlen: 24
91.242.72.0/23 maxlen: 24
91.242.75.0/24 maxlen: 24
185.40.105.0/24 maxlen: 24
194.180.238.0/24 maxlen: 24
194.213.10.0/24 maxlen: 24
194.242.28.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:4a:c0:9a:03:e7:b2:aa:de:88:98:bd:05:1b:d5:2f:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jun 24 14:57:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b7219785f1c2711c211a325fcc099b7b3d0a70b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:0d:df:5f:0c:01:b3:10:49:fb:d4:c4:a0:d8:
26:7f:a6:5e:a9:7d:e9:3d:dc:39:2c:29:4b:6a:3b:
a3:a3:d4:a8:7e:84:4a:4c:e4:99:a7:1a:32:fa:90:
30:a5:80:01:dc:41:73:74:11:8f:15:29:4b:b2:94:
91:e3:30:07:53:8d:9b:39:c5:58:00:99:70:70:a1:
f7:9c:8d:41:89:48:3b:bb:0a:eb:67:0d:e9:26:d6:
73:65:78:4f:f1:7c:95:cb:8f:6e:ed:aa:00:71:86:
6d:b5:19:b4:13:c1:4a:6c:fd:63:8f:72:a5:66:83:
e9:2e:c1:d0:01:48:23:70:a0:5c:29:58:b1:0f:23:
c6:db:c4:6e:07:49:6e:f9:83:a9:c3:9b:b0:eb:30:
75:f6:96:89:96:61:8c:77:0e:3b:95:d4:cc:b2:f4:
a1:e3:c3:0d:9e:00:7e:26:5c:6c:77:04:bc:bc:a0:
03:90:54:cc:35:03:cc:8b:90:84:50:ca:a7:8c:ab:
6f:87:4e:a6:d4:b4:2e:9e:cf:ce:98:f6:91:d1:22:
23:de:de:10:ea:fa:40:27:c8:63:fe:46:6f:ed:80:
7c:d8:dc:38:0c:1e:cf:61:98:e0:b6:93:c6:cb:64:
c3:cb:cd:27:71:5c:6c:06:aa:57:c4:c7:9e:58:ae:
e9:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:21:97:85:F1:C2:71:1C:21:1A:32:5F:CC:09:9B:7B:3D:0A:70:B4
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/tyGXhfHCcRwhGjJfzAmbez0KcLQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.117.0/24
91.242.71.0-91.242.73.255
91.242.75.0/24
185.40.105.0/24
194.180.238.0/24
194.213.10.0/24
194.242.28.0/23
Signature Algorithm: sha256WithRSAEncryption
50:e8:51:a1:60:20:54:e9:78:e4:3c:51:cf:4c:58:8f:5d:ff:
28:55:52:b8:1a:17:f4:e4:f8:5a:ac:0a:a3:2a:96:69:c1:34:
8d:43:25:98:88:21:f5:10:90:44:31:24:70:e9:59:5a:77:54:
15:72:19:dd:66:73:93:e8:f8:24:cd:25:3b:4d:2d:12:79:b7:
bb:9c:1f:10:02:b6:50:23:ca:b7:de:74:79:a8:2b:f2:bb:0a:
fe:ec:8f:89:3f:53:dd:3d:ec:90:19:f4:5f:47:05:8a:32:84:
5a:a5:cb:c8:4a:f5:0a:24:9b:ff:89:10:7d:9e:0f:01:c9:70:
74:ba:27:e4:2f:bd:32:60:4a:5d:33:9e:f8:1f:f6:67:5d:a3:
b8:f2:34:e5:63:8b:61:a7:a5:b8:b2:19:be:12:9b:ce:9c:31:
ee:8f:9f:3c:3a:4a:fe:70:70:ad:eb:60:2f:d8:cb:db:80:3f:
8a:49:80:d3:98:0e:65:2a:a8:b7:e4:bd:ba:d8:04:b1:87:88:
e0:79:f3:23:ce:3e:1b:26:21:dc:fb:6f:6e:51:0f:02:c2:fe:
02:65:cc:7a:a1:cf:40:52:1f:a1:01:b3:9c:94:e0:b0:dc:be:
8e:82:40:e3:94:ce:cf:56:12:b5:fd:bd:19:ed:71:91:26:9e:
cb:63:e7:57
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZBKwJoD57Kq3oiYvQUb1S/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNjI0MTQ1NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzIxOTc4NWYxYzI3MTFjMjExYTMyNWZjYzA5OWI3YjNkMGE3MGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Q3fXwwBsxBJ+9TEoNgmf6ZeqX3p
Pdw5LClLajujo9SofoRKTOSZpxoy+pAwpYAB3EFzdBGPFSlLspSR4zAHU42bOcVY
AJlwcKH3nI1BiUg7uwrrZw3pJtZzZXhP8XyVy49u7aoAcYZttRm0E8FKbP1jj3Kl
ZoPpLsHQAUgjcKBcKVixDyPG28RuB0lu+YOpw5uw6zB19paJlmGMdw47ldTMsvSh
48MNngB+JlxsdwS8vKADkFTMNQPMi5CEUMqnjKtvh06m1LQuns/OmPaR0SIj3t4Q
6vpAJ8hj/kZv7YB82Nw4DB7PYZjgtpPGy2TDy80ncVxsBqpXxMeeWK7pQQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLchl4XxwnEcIRoyX8wJm3s9CnC0MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvdHlHWGhmSENjUndoR2pKZnpBbWJlejBLY0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALUN1MAwD
BABb8kcDBAFb8kgDBABb8ksDBAC5KGkDBADCtO4DBADC1QoDBAHC8hwwDQYJKoZI
hvcNAQELBQADggEBAFDoUaFgIFTpeOQ8Uc9MWI9d/yhVUrgaF/Tk+FqsCqMqlmnB
NI1DJZiIIfUQkEQxJHDpWVp3VBVyGd1mc5Po+CTNJTtNLRJ5t7ucHxACtlAjyrfe
dHmoK/K7Cv7sj4k/U9097JAZ9F9HBYoyhFqly8hK9Qokm/+JEH2eDwHJcHS6J+Qv
vTJgSl0znvgf9mddo7jyNOVji2GnpbiyGb4Sm86cMe6Pnzw6Sv5wcK3rYC/Yy9uA
P4pJgNOYDmUqqLfkvbrYBLGHiOB58yPOPhsmIdz7b25RDwLC/gJlzHqhz0BSH6EB
s5yU4LDcvo6CQOOUzs9WErX9vRntcZEmnstj51c=
-----END CERTIFICATE-----
Generated at Mon Jul 8 16:01:27 2024 by rpki-client on console-ams.rpki-client.org