Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/_HbFyb090lPaOz3bZE5_JP2riH0.roa
File: _HbFyb090lPaOz3bZE5_JP2riH0.roa (raw, json)
Hash identifier: /ZZFEJH/ze3uyBdfOse5BoCZol4aXsRHYvXNpNLzt1s=
Subject key identifier: FC:76:C5:C9:BD:3D:D2:53:DA:3B:3D:DB:64:4E:7F:24:FD:AB:88:7D
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 018E3243C34EFACA3939D3A891D4430E3DE1
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/_HbFyb090lPaOz3bZE5_JP2riH0.roa
Signing time: Tue 12 Mar 2024 10:44:45 +0000
ROA not before: Tue 12 Mar 2024 10:44:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202656
IP address blocks: 45.128.128.0/24 maxlen: 24
176.116.2.0/24 maxlen: 24
193.28.178.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:32:43:c3:4e:fa:ca:39:39:d3:a8:91:d4:43:0e:3d:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Mar 12 10:44:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fc76c5c9bd3dd253da3b3ddb644e7f24fdab887d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:8c:ec:4d:4e:7a:3a:b4:5e:cf:16:ff:b6:05:
5d:f3:e9:f4:c4:b9:77:d9:80:e5:44:db:ad:35:cd:
be:82:4c:4d:79:10:91:8d:ee:a8:14:bb:58:d7:e8:
26:28:ed:da:2e:c5:85:67:60:41:e6:0a:20:67:ab:
23:97:e5:8e:f1:96:d4:13:8e:cb:7f:9a:1c:37:57:
a5:f5:eb:42:06:fe:1c:0b:c3:46:19:a1:eb:ef:a3:
2e:21:35:c9:03:f2:60:49:bf:de:0d:17:41:9c:1d:
38:7b:6f:90:65:f4:74:75:71:e1:30:7b:95:42:51:
33:0e:f3:d9:82:6b:e9:14:42:03:cc:e6:e2:fb:62:
76:d3:6f:2b:c5:a9:6b:51:5a:fd:ac:be:59:77:8d:
5d:3c:78:f0:74:b1:fc:96:e4:f9:ab:92:f2:84:8e:
4c:75:19:b6:60:83:2a:23:18:ad:0b:07:e3:f3:fe:
4a:90:c1:bc:ec:82:0e:55:76:8a:da:26:ba:db:01:
ac:35:84:a3:75:3f:0f:87:22:d8:d7:52:18:12:93:
bb:38:b0:45:2c:48:0b:20:fa:dd:3a:a5:dd:88:7b:
0f:16:b1:d5:10:d9:8a:1d:a9:ef:9f:38:f7:3d:b0:
64:5a:64:6e:2e:b1:65:ee:21:ec:ce:cf:47:6f:42:
9b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:76:C5:C9:BD:3D:D2:53:DA:3B:3D:DB:64:4E:7F:24:FD:AB:88:7D
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/_HbFyb090lPaOz3bZE5_JP2riH0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.128.0/24
176.116.2.0/24
193.28.178.0/24
Signature Algorithm: sha256WithRSAEncryption
68:10:40:c7:5c:a6:c9:fc:78:a5:44:17:5c:0b:75:d1:79:d8:
31:f2:4d:c8:48:d2:e9:c1:d8:a5:99:17:d2:8a:c4:ce:d9:61:
a0:4a:e0:bc:28:af:29:6f:55:04:36:bf:30:25:29:5b:94:29:
15:6e:a2:af:8d:f4:94:c0:d5:ab:e2:03:48:5b:3c:9e:29:d7:
48:35:e8:25:b8:45:11:dc:9f:d3:c5:70:74:ee:f3:9c:34:e9:
94:17:d9:7c:73:16:00:d8:fd:63:8f:a1:bb:ec:b5:15:e8:5c:
0b:2d:a7:6b:fd:91:2e:a0:4c:79:b9:a7:1d:6b:20:7b:47:92:
94:ae:c5:16:76:36:89:7c:c8:6b:1c:1e:6a:14:e2:68:6d:15:
30:bc:eb:ea:d2:2a:bb:21:1b:bb:dc:71:ec:94:e7:53:88:cc:
c9:fd:1b:79:d7:46:65:13:ae:5a:c4:8c:1a:28:d8:9d:1a:ee:
3a:85:4c:a7:1d:80:e0:c9:44:75:49:c8:dd:93:67:40:ef:ab:
08:19:77:51:d3:a2:cc:70:85:8b:36:e3:58:46:d3:07:af:6e:
0d:37:50:7c:e1:ac:0f:d9:f2:e8:bb:35:a4:69:38:53:ec:4a:
19:8d:8c:55:ff:b8:07:a1:26:d8:28:fc:af:45:58:f3:fe:0a:
59:58:87:03
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY4yQ8NO+so5OdOokdRDDj3hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzc2YzVjOWJkM2RkMjUzZGEzYjNkZGI2NDRlN2YyNGZkYWI4ODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIzsTU56OrRezxb/tgVd8+n0xLl3
2YDlRNutNc2+gkxNeRCRje6oFLtY1+gmKO3aLsWFZ2BB5gogZ6sjl+WO8ZbUE47L
f5ocN1el9etCBv4cC8NGGaHr76MuITXJA/JgSb/eDRdBnB04e2+QZfR0dXHhMHuV
QlEzDvPZgmvpFEIDzObi+2J2028rxalrUVr9rL5Zd41dPHjwdLH8luT5q5LyhI5M
dRm2YIMqIxitCwfj8/5KkMG87IIOVXaK2ia62wGsNYSjdT8PhyLY11IYEpO7OLBF
LEgLIPrdOqXdiHsPFrHVENmKHanvnzj3PbBkWmRuLrFl7iHszs9Hb0KbdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPx2xcm9PdJT2js922ROfyT9q4h9MB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvX0hiRnliMDkwbFBhT3ozYlpFNV9KUDJyaUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYCAAwQA
sHQCAwQAwRyyMA0GCSqGSIb3DQEBCwUAA4IBAQBoEEDHXKbJ/HilRBdcC3XRedgx
8k3ISNLpwdilmRfSisTO2WGgSuC8KK8pb1UENr8wJSlblCkVbqKvjfSUwNWr4gNI
WzyeKddINegluEUR3J/TxXB07vOcNOmUF9l8cxYA2P1jj6G77LUV6FwLLadr/ZEu
oEx5uacdayB7R5KUrsUWdjaJfMhrHB5qFOJobRUwvOvq0iq7IRu73HHslOdTiMzJ
/Rt510ZlE65axIwaKNidGu46hUynHYDgyUR1Scjdk2dA76sIGXdR06LMcIWLNuNY
RtMHr24NN1B84awP2fLouzWkaThT7EoZjYxV/7gHoSbYKPyvRVjz/gpZWIcD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org