Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/oZIK9uamsGsoFUGPZRdswjHJS88.roa
File: oZIK9uamsGsoFUGPZRdswjHJS88.roa (raw, json)
Hash identifier: 7ElZ7FLeCYt13q4RaHqjMJa8cVz3HNNXzFpCkoSjovE=
Subject key identifier: A1:92:0A:F6:E6:A6:B0:6B:28:15:41:8F:65:17:6C:C2:31:C9:4B:CF
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 018D2D73AB4C7A99FA818DCC8EBC5780A402
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/oZIK9uamsGsoFUGPZRdswjHJS88.roa
Signing time: Sun 21 Jan 2024 19:16:11 +0000
ROA not before: Sun 21 Jan 2024 19:16:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12722
IP address blocks: 45.90.44.0/24 maxlen: 24
45.90.47.0/24 maxlen: 24
46.149.174.0/24 maxlen: 24
62.204.32.0/24 maxlen: 24
185.253.2.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2d:73:ab:4c:7a:99:fa:81:8d:cc:8e:bc:57:80:a4:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Jan 21 19:16:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a1920af6e6a6b06b2815418f65176cc231c94bcf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:77:6d:26:b8:41:33:a8:9c:10:d9:cc:67:f1:
40:e3:ed:34:84:ff:d3:a6:a7:82:54:4f:85:61:ab:
c9:ee:84:37:48:51:b5:20:84:53:91:42:b8:7d:96:
53:07:d8:94:33:c2:32:b1:48:5c:00:d8:79:a0:14:
d4:fa:bd:41:82:4c:74:25:4e:bd:9d:3f:5d:dd:20:
d1:76:c3:03:61:ce:d9:d0:7a:1f:98:4e:e1:7a:f5:
77:70:4e:dd:5b:7d:72:a0:8f:8d:a4:1a:e6:bc:64:
f8:af:18:a0:b3:eb:2d:18:b4:f1:85:a4:9c:39:ee:
c0:ff:f7:be:6d:01:13:c2:c9:9e:92:25:8c:20:8e:
ca:4c:62:08:4e:1b:e5:1a:2e:34:af:ea:06:6f:3f:
91:70:3c:22:85:95:41:c5:22:a4:3b:6f:07:db:c0:
bf:d6:86:9a:5f:63:1d:cf:95:71:b0:bc:f4:7a:61:
c3:b7:b5:0a:5b:40:e2:24:41:30:1d:b1:67:13:e2:
13:e4:fe:1c:bf:d0:05:25:2c:05:4f:33:8c:b4:eb:
8c:9a:41:56:86:2e:0d:33:ca:40:20:fd:91:4c:a5:
72:70:e7:34:3f:9e:98:1f:4d:ba:61:3c:38:65:2d:
c3:bd:af:3f:e9:ab:cc:ee:9e:27:d2:df:a4:7a:e1:
24:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:92:0A:F6:E6:A6:B0:6B:28:15:41:8F:65:17:6C:C2:31:C9:4B:CF
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/oZIK9uamsGsoFUGPZRdswjHJS88.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.44.0/24
45.90.47.0/24
46.149.174.0/24
62.204.32.0/24
185.253.2.0/24
Signature Algorithm: sha256WithRSAEncryption
c8:b1:13:a5:a4:63:1a:88:8a:4e:aa:ba:05:1a:b8:86:21:9c:
6e:79:fd:2a:0b:19:19:89:cb:eb:91:6b:a0:a8:ff:65:3d:48:
ba:84:ba:97:52:8e:1e:e1:29:8c:2d:26:90:c0:24:31:88:48:
3f:79:77:2e:34:3f:5b:22:f8:2e:cb:46:45:ec:56:8b:c5:94:
22:df:02:74:57:49:3d:1c:3f:ee:1b:4d:84:88:fb:ce:19:91:
c1:f1:28:b9:76:a9:cf:77:8e:20:0c:2d:dd:2f:f3:28:4a:57:
dc:a8:af:6e:69:81:98:b7:8b:b6:fe:0a:6b:e2:64:19:5e:75:
d8:22:e5:3c:f8:05:a0:23:a7:15:c0:67:83:34:22:c8:cd:50:
4c:b1:ba:86:db:c1:5a:be:e7:13:02:34:10:a9:86:bf:fb:50:
0c:20:62:5c:25:73:95:30:c3:1c:cd:98:98:ed:1b:52:c1:c6:
1a:ba:00:19:7b:b7:69:76:57:2a:cc:b8:1b:bc:72:f8:14:1d:
d4:d9:0d:b6:b3:7e:d2:3a:de:e3:0f:e8:91:bb:aa:28:53:b6:
e1:f5:96:1a:21:0e:ca:6c:f4:71:2e:1d:67:d0:76:00:6f:3d:
df:17:b4:56:8d:98:1a:d7:05:c7:c3:7b:58:3f:89:8f:68:c7:
26:4b:80:dd
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY0tc6tMepn6gY3MjrxXgKQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMTIxMTkxNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTkyMGFmNmU2YTZiMDZiMjgxNTQxOGY2NTE3NmNjMjMxYzk0YmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjndtJrhBM6icENnMZ/FA4+00hP/T
pqeCVE+FYavJ7oQ3SFG1IIRTkUK4fZZTB9iUM8IysUhcANh5oBTU+r1Bgkx0JU69
nT9d3SDRdsMDYc7Z0HofmE7hevV3cE7dW31yoI+NpBrmvGT4rxigs+stGLTxhaSc
Oe7A//e+bQETwsmekiWMII7KTGIIThvlGi40r+oGbz+RcDwihZVBxSKkO28H28C/
1oaaX2Mdz5VxsLz0emHDt7UKW0DiJEEwHbFnE+IT5P4cv9AFJSwFTzOMtOuMmkFW
hi4NM8pAIP2RTKVycOc0P56YH026YTw4ZS3Dva8/6avM7p4n0t+keuEk7QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKGSCvbmprBrKBVBj2UXbMIxyUvPMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvb1pJSzl1YW1zR3NvRlVHUFpSZHN3akhKUzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALVosAwQA
LVovAwQALpWuAwQAPswgAwQAuf0CMA0GCSqGSIb3DQEBCwUAA4IBAQDIsROlpGMa
iIpOqroFGriGIZxuef0qCxkZicvrkWugqP9lPUi6hLqXUo4e4SmMLSaQwCQxiEg/
eXcuND9bIvguy0ZF7FaLxZQi3wJ0V0k9HD/uG02EiPvOGZHB8Si5dqnPd44gDC3d
L/MoSlfcqK9uaYGYt4u2/gpr4mQZXnXYIuU8+AWgI6cVwGeDNCLIzVBMsbqG28Fa
vucTAjQQqYa/+1AMIGJcJXOVMMMczZiY7RtSwcYaugAZe7dpdlcqzLgbvHL4FB3U
2Q22s37SOt7jD+iRu6ooU7bh9ZYaIQ7KbPRxLh1n0HYAbz3fF7RWjZga1wXHw3tY
P4mPaMcmS4Dd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org