Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/hXZ3nSt596-sg2M5WvWU4OfR1BQ.roa
File: hXZ3nSt596-sg2M5WvWU4OfR1BQ.roa (raw, json)
Hash identifier: 2LPgzHLwnXMTHLI733REmFqQSnV6PjiUv75/53T5WSI=
Subject key identifier: 85:76:77:9D:2B:79:F7:AF:AC:83:63:39:5A:F5:94:E0:E7:D1:D4:14
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 018D13D7F1E2EB38090154856706335DD737
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/hXZ3nSt596-sg2M5WvWU4OfR1BQ.roa
Signing time: Tue 16 Jan 2024 19:55:35 +0000
ROA not before: Tue 16 Jan 2024 19:55:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12722
IP address blocks: 45.90.44.0/24 maxlen: 24
45.90.47.0/24 maxlen: 24
46.149.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:f1:e2:eb:38:09:01:54:85:67:06:33:5d:d7:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Jan 16 19:55:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8576779d2b79f7afac8363395af594e0e7d1d414
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:73:1f:47:3b:19:5c:38:32:44:2e:a3:ec:33:
9c:78:13:94:54:f1:6d:f2:3d:ce:c8:ba:b7:10:5a:
76:d2:b6:e7:a7:07:ae:ef:09:a7:79:76:1a:a3:46:
bc:57:48:62:e3:9b:e9:6e:72:30:55:cd:31:22:30:
9a:87:17:7a:5a:0c:3e:7a:f2:9c:64:1b:8f:a2:5f:
0e:95:87:e6:e5:83:e8:91:bb:3d:8a:f8:ad:28:6f:
e6:e6:29:4f:fe:01:ee:ec:c6:eb:92:2d:b1:e5:48:
06:b6:dc:0b:48:8f:ce:93:ec:ea:1d:6f:ef:04:f6:
a4:b3:f5:1b:37:58:06:86:03:a0:dd:23:a0:f3:5c:
0e:40:17:80:df:d6:73:e4:55:69:15:d5:c2:e0:1f:
61:d0:2e:c2:58:ce:0f:ad:c7:e8:5f:5d:7c:d6:1f:
ce:5a:ac:b6:2f:2c:de:ac:c2:09:02:76:7e:2a:0d:
ba:d3:ea:eb:e7:c3:73:00:83:59:73:e1:3a:9f:10:
07:15:49:4f:2a:be:a2:9e:2d:45:cc:58:9d:4f:24:
20:c3:ce:9e:56:b9:ae:aa:b4:f1:aa:54:65:cf:f0:
8e:6a:24:e0:cc:9c:79:38:d9:18:72:5b:11:a7:06:
e3:8a:48:8d:2a:12:95:99:ad:8c:8d:be:a6:fe:1c:
1f:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:76:77:9D:2B:79:F7:AF:AC:83:63:39:5A:F5:94:E0:E7:D1:D4:14
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/hXZ3nSt596-sg2M5WvWU4OfR1BQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.44.0/24
45.90.47.0/24
46.149.174.0/24
Signature Algorithm: sha256WithRSAEncryption
7c:a1:fa:97:fb:f3:3d:d2:28:8c:b5:6e:f6:1f:2d:5e:e6:58:
27:92:a5:b8:5c:f3:7e:a7:55:dc:fa:32:ba:99:34:e3:1c:f2:
a2:71:1a:17:d5:c0:f9:07:01:a5:a1:3c:1d:da:8a:4e:a6:6a:
01:1a:dc:8c:09:c4:85:7b:02:73:4e:30:47:8c:93:50:9e:2f:
2f:c9:e6:fc:7a:0a:df:8e:c6:56:16:7b:2c:24:74:99:52:15:
7d:6f:37:ce:9f:4b:3d:f4:03:cd:57:44:fb:d6:2b:6b:37:44:
30:4d:14:99:26:72:2c:c8:8b:64:95:60:15:a1:43:33:e7:df:
d5:a9:99:83:db:1a:15:c3:c9:f3:ff:11:95:50:b9:6f:48:be:
fc:e3:9d:34:87:aa:bc:e4:ba:d9:22:c2:70:b4:b5:29:a1:3c:
b6:f8:71:f5:3f:3e:63:a8:fd:a4:d4:f5:26:e8:50:5c:67:1c:
57:cd:00:1f:84:54:d7:21:c7:d4:cf:28:2a:34:b0:a8:3b:d6:
74:08:e8:c3:22:cf:02:7e:af:15:d2:13:ba:e7:cb:f4:8b:55:
04:19:19:52:a6:c8:da:e1:e1:51:06:c9:a3:04:23:ae:7d:ac:
62:5c:0e:5d:83:d2:3c:02:53:29:f2:2f:8a:a7:de:f9:ee:56:
03:04:24:9b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0T1/Hi6zgJAVSFZwYzXdc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTc2Nzc5ZDJiNzlmN2FmYWM4MzYzMzk1YWY1OTRlMGU3ZDFkNDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnMfRzsZXDgyRC6j7DOceBOUVPFt
8j3OyLq3EFp20rbnpweu7wmneXYao0a8V0hi45vpbnIwVc0xIjCahxd6Wgw+evKc
ZBuPol8OlYfm5YPokbs9ivitKG/m5ilP/gHu7Mbrki2x5UgGttwLSI/Ok+zqHW/v
BPaks/UbN1gGhgOg3SOg81wOQBeA39Zz5FVpFdXC4B9h0C7CWM4PrcfoX1181h/O
Wqy2LyzerMIJAnZ+Kg260+rr58NzAINZc+E6nxAHFUlPKr6ini1FzFidTyQgw86e
VrmuqrTxqlRlz/COaiTgzJx5ONkYclsRpwbjikiNKhKVma2Mjb6m/hwfnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIV2d50refevrINjOVr1lODn0dQUMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvaFhaM25TdDU5Ni1zZzJNNVd2V1U0T2ZSMUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVosAwQA
LVovAwQALpWuMA0GCSqGSIb3DQEBCwUAA4IBAQB8ofqX+/M90iiMtW72Hy1e5lgn
kqW4XPN+p1Xc+jK6mTTjHPKicRoX1cD5BwGloTwd2opOpmoBGtyMCcSFewJzTjBH
jJNQni8vyeb8egrfjsZWFnssJHSZUhV9bzfOn0s99APNV0T71itrN0QwTRSZJnIs
yItklWAVoUMz59/VqZmD2xoVw8nz/xGVULlvSL784500h6q85LrZIsJwtLUpoTy2
+HH1Pz5jqP2k1PUm6FBcZxxXzQAfhFTXIcfUzygqNLCoO9Z0COjDIs8Cfq8V0hO6
58v0i1UEGRlSpsja4eFRBsmjBCOufaxiXA5dg9I8AlMp8i+Kp9757lYDBCSb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org