Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/S5xEofoMCCR806Hpb8G_I5R4Yvk.roa
File: S5xEofoMCCR806Hpb8G_I5R4Yvk.roa (raw, json)
Hash identifier: jkxDh9j6L0Dsp/LdIhPtrktjORfgQlHlOImdKrdEZs8=
Subject key identifier: 4B:9C:44:A1:FA:0C:08:24:7C:D3:A1:E9:6F:C1:BF:23:94:78:62:F9
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 018E3243C2EAB77C93D7740C472A9BC931F0
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/S5xEofoMCCR806Hpb8G_I5R4Yvk.roa
Signing time: Tue 12 Mar 2024 10:44:45 +0000
ROA not before: Tue 12 Mar 2024 10:44:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 45.128.128.0/24 maxlen: 24
62.3.31.0/24 maxlen: 24
91.210.69.0/24 maxlen: 24
185.214.164.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:32:43:c2:ea:b7:7c:93:d7:74:0c:47:2a:9b:c9:31:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Mar 12 10:44:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4b9c44a1fa0c08247cd3a1e96fc1bf23947862f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:7b:f3:74:da:08:fe:52:12:88:b6:70:c8:02:
71:5d:c2:fa:28:93:a2:fa:43:ee:70:dc:08:98:02:
c7:08:88:89:0e:fb:12:d4:74:f4:0c:61:b3:4f:37:
ae:d8:9f:05:4d:86:42:ac:f5:81:b1:b9:53:f3:c4:
74:71:b7:c8:1e:4e:55:95:5f:b6:25:5d:4e:b9:65:
4d:e6:c2:5b:42:56:4f:44:ce:45:4e:29:77:e2:92:
1c:5f:67:0a:0e:6b:84:f4:1c:ee:d7:d5:47:cd:21:
e9:f1:06:3d:3f:c1:ff:3d:b0:7e:a1:bd:50:19:15:
30:3e:30:d2:5b:67:2f:0d:e7:20:73:e2:a2:38:c8:
9c:97:cd:3b:e2:50:84:45:8e:62:9a:28:55:f6:88:
dc:63:41:59:e6:b7:55:32:e1:61:34:c5:a9:9f:86:
a7:c5:c6:db:57:3f:c2:ae:b6:7b:6b:ca:99:d5:cd:
84:38:96:0a:7d:cb:6e:5c:61:b8:70:c4:8f:bd:17:
8a:03:1f:55:84:db:ed:2e:79:86:54:2d:47:8f:23:
53:7d:a3:bb:22:f2:75:9a:e5:e4:5b:b1:40:2b:41:
02:45:3b:20:39:ca:18:85:2b:bf:67:bc:d9:6d:f2:
8b:52:75:fa:4a:ff:a8:a3:c4:82:2a:bb:94:4e:ca:
1d:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:9C:44:A1:FA:0C:08:24:7C:D3:A1:E9:6F:C1:BF:23:94:78:62:F9
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/S5xEofoMCCR806Hpb8G_I5R4Yvk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.128.0/24
62.3.31.0/24
91.210.69.0/24
185.214.164.0/24
Signature Algorithm: sha256WithRSAEncryption
41:d2:f6:9c:c4:71:4c:a7:b2:50:3e:68:bb:18:fc:b2:3d:9b:
a1:93:8f:f8:67:4a:f6:7f:87:15:e0:43:c2:7b:38:38:c4:30:
78:30:0f:46:93:21:d5:6c:a7:7d:ec:63:17:bd:80:6f:ac:f2:
ee:20:82:07:3f:e7:bf:96:94:f7:ef:49:2b:4c:86:17:e6:e2:
63:66:2d:21:ee:50:9b:98:05:e7:b0:cb:5a:8b:df:d2:c0:8a:
b6:10:ee:1e:e4:f8:b4:bd:59:4d:99:6d:25:b9:81:eb:92:72:
39:be:b2:ad:d7:01:da:f6:4f:1d:d2:02:ed:ee:3b:65:fa:95:
8c:52:57:a4:2d:f2:82:13:fe:f0:a4:4a:20:42:95:02:30:fd:
68:4a:d5:f7:e0:a4:f9:83:ea:04:6c:eb:b4:c9:ee:0d:1b:3f:
05:df:a3:3c:c1:57:fd:34:9f:5e:ec:df:8c:5d:05:c1:dd:f6:
41:94:dd:f5:f2:05:ee:44:d1:59:ed:ef:86:0e:1e:70:98:a5:
58:55:84:44:e1:80:7d:14:bb:2e:0b:58:5c:d5:93:6a:47:3a:
a7:38:b8:e6:f7:15:c8:7d:2a:da:49:af:01:4e:ce:c5:0c:da:
c7:ae:21:e9:4b:7c:1f:62:38:d8:6d:8f:a4:f8:65:db:00:e9:
71:28:80:d8
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY4yQ8Lqt3yT13QMRyqbyTHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjljNDRhMWZhMGMwODI0N2NkM2ExZTk2ZmMxYmYyMzk0Nzg2MmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3vzdNoI/lISiLZwyAJxXcL6KJOi
+kPucNwImALHCIiJDvsS1HT0DGGzTzeu2J8FTYZCrPWBsblT88R0cbfIHk5VlV+2
JV1OuWVN5sJbQlZPRM5FTil34pIcX2cKDmuE9Bzu19VHzSHp8QY9P8H/PbB+ob1Q
GRUwPjDSW2cvDecgc+KiOMicl8074lCERY5imihV9ojcY0FZ5rdVMuFhNMWpn4an
xcbbVz/CrrZ7a8qZ1c2EOJYKfctuXGG4cMSPvReKAx9VhNvtLnmGVC1HjyNTfaO7
IvJ1muXkW7FAK0ECRTsgOcoYhSu/Z7zZbfKLUnX6Sv+oo8SCKruUTsodlwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEucRKH6DAgkfNOh6W/BvyOUeGL5MB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvUzV4RW9mb01DQ1I4MDZIcGI4R19JNVI0WXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALYCAAwQA
PgMfAwQAW9JFAwQAudakMA0GCSqGSIb3DQEBCwUAA4IBAQBB0vacxHFMp7JQPmi7
GPyyPZuhk4/4Z0r2f4cV4EPCezg4xDB4MA9GkyHVbKd97GMXvYBvrPLuIIIHP+e/
lpT370krTIYX5uJjZi0h7lCbmAXnsMtai9/SwIq2EO4e5Pi0vVlNmW0luYHrknI5
vrKt1wHa9k8d0gLt7jtl+pWMUlekLfKCE/7wpEogQpUCMP1oStX34KT5g+oEbOu0
ye4NGz8F36M8wVf9NJ9e7N+MXQXB3fZBlN318gXuRNFZ7e+GDh5wmKVYVYRE4YB9
FLsuC1hc1ZNqRzqnOLjm9xXIfSraSa8BTs7FDNrHriHpS3wfYjjYbY+k+GXbAOlx
KIDY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org