Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/s47qGTQYKvN0lufeO47McFG3c04.roa
File: s47qGTQYKvN0lufeO47McFG3c04.roa (raw, json)
Hash identifier: gRSmzeofypzHwFKviHfoDRE0ImR+gZE65weBbAqHPK4=
Subject key identifier: B3:8E:EA:19:34:18:2A:F3:74:96:E7:DE:3B:8E:CC:70:51:B7:73:4E
Certificate issuer: /CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Certificate serial: 018CC26D09208BE5FCD7C384D968236AE3FE
Authority key identifier: 26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/s47qGTQYKvN0lufeO47McFG3c04.roa
Signing time: Mon 01 Jan 2024 00:29:34 +0000
ROA not before: Mon 01 Jan 2024 00:29:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 45.128.128.0/24 maxlen: 24
91.210.69.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:09:20:8b:e5:fc:d7:c3:84:d9:68:23:6a:e3:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=260b2bc45477c81d774daa0c28ab44b774ba0920
Validity
Not Before: Jan 1 00:29:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b38eea1934182af37496e7de3b8ecc7051b7734e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:97:51:20:0c:94:6e:4f:73:cc:66:85:99:3e:
9c:5d:47:87:4f:79:a2:56:45:49:1a:ef:d3:e8:d0:
0e:bf:1b:21:79:53:76:f8:ce:fd:6f:8f:fe:88:01:
b1:8b:e4:17:3c:a9:9b:2a:36:04:4e:29:36:78:e2:
8b:d8:96:6d:85:8c:40:43:92:f2:4c:41:1f:e5:65:
a0:be:85:5f:c6:7f:f2:dc:cf:d9:84:69:4d:4c:77:
d0:62:43:0f:66:12:59:fe:38:76:30:49:37:2d:78:
a9:a4:39:c4:ce:79:ae:2d:45:99:d3:38:c8:dc:7e:
65:4f:81:39:ed:f6:69:d6:68:30:29:2a:ca:cc:12:
48:32:84:2d:79:85:cd:49:11:3f:b5:ab:0b:f8:79:
de:26:07:0f:c3:41:ef:cd:3c:03:38:56:8d:48:fa:
70:e8:bb:8f:ea:56:50:2d:0d:0a:e3:ed:5d:13:6e:
9e:84:f5:97:11:1b:8c:75:f5:75:b6:30:92:51:de:
ca:aa:fd:42:fb:a5:5a:b2:ae:81:48:ea:3a:64:4e:
b6:f3:34:7e:3d:ac:d9:80:e5:e6:36:6f:38:ee:19:
a1:e4:90:70:da:c4:18:95:96:e2:c2:07:e4:e6:28:
9f:c3:68:9e:33:8a:78:a7:09:30:a2:9a:c6:93:d6:
fc:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:8E:EA:19:34:18:2A:F3:74:96:E7:DE:3B:8E:CC:70:51:B7:73:4E
X509v3 Authority Key Identifier:
keyid:26:0B:2B:C4:54:77:C8:1D:77:4D:AA:0C:28:AB:44:B7:74:BA:09:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JgsrxFR3yB13TaoMKKtEt3S6CSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/s47qGTQYKvN0lufeO47McFG3c04.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7b1205-3450-4e90-8b14-17e66c1fd3d1/1/JgsrxFR3yB13TaoMKKtEt3S6CSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.128.0/24
91.210.69.0/24
Signature Algorithm: sha256WithRSAEncryption
56:22:c5:a0:7c:77:c8:b5:6b:9c:08:31:48:e5:97:57:35:00:
de:16:8c:8f:4d:6a:ec:b4:a3:9c:6d:2e:d9:0b:4f:89:be:4e:
53:cc:0e:18:a4:af:a2:ea:10:74:f6:7f:cb:7a:5c:6c:30:be:
60:bc:06:c1:63:6b:7b:33:d8:de:e1:12:0a:c3:a5:1e:0e:5e:
fb:e7:ce:e5:93:1d:d1:58:cc:b4:05:f4:7b:ca:fe:f4:ec:e9:
29:3a:49:67:5a:df:bf:52:09:cf:d4:ee:85:76:8c:8b:b5:7c:
4c:f8:33:8a:8e:38:2d:56:4f:e3:9d:b6:4b:27:43:5f:13:74:
45:a7:8a:d5:3d:ff:95:59:d1:6e:79:8e:61:a4:99:5d:d2:55:
56:a5:54:9b:38:80:4e:ff:38:dc:3b:b5:94:09:3b:72:e6:ff:
2a:a5:4a:0f:4b:52:43:fd:ea:45:dc:e5:f3:bd:7a:80:19:67:
d1:ad:f8:53:3d:89:80:e3:ce:22:5f:22:70:5e:bf:0e:bc:cb:
53:bc:22:1c:c4:61:d1:95:20:cb:93:b3:22:c1:44:9f:1f:a7:
c8:9f:0f:e5:5b:f6:07:37:44:11:a6:d0:3c:dc:d2:69:35:bc:
00:c0:56:b9:5d:3f:f7:37:38:b4:9d:8b:15:5e:ee:43:b0:cb:
a0:fb:2e:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbQkgi+X818OE2WgjauP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MGIyYmM0NTQ3N2M4MWQ3NzRkYWEwYzI4YWI0NGI3NzRi
YTA5MjAwHhcNMjQwMTAxMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzhlZWExOTM0MTgyYWYzNzQ5NmU3ZGUzYjhlY2M3MDUxYjc3MzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpdRIAyUbk9zzGaFmT6cXUeHT3mi
VkVJGu/T6NAOvxsheVN2+M79b4/+iAGxi+QXPKmbKjYETik2eOKL2JZthYxAQ5Ly
TEEf5WWgvoVfxn/y3M/ZhGlNTHfQYkMPZhJZ/jh2MEk3LXippDnEznmuLUWZ0zjI
3H5lT4E57fZp1mgwKSrKzBJIMoQteYXNSRE/tasL+HneJgcPw0HvzTwDOFaNSPpw
6LuP6lZQLQ0K4+1dE26ehPWXERuMdfV1tjCSUd7Kqv1C+6Vasq6BSOo6ZE628zR+
PazZgOXmNm847hmh5JBw2sQYlZbiwgfk5iifw2ieM4p4pwkwoprGk9b85QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLOO6hk0GCrzdJbn3juOzHBRt3NOMB8GA1UdIwQY
MBaAFCYLK8RUd8gdd02qDCirRLd0ugkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQt
MTdlNjZjMWZkM2QxLzEvczQ3cUdUUVlLdk4wbHVmZU80N01jRkczYzA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YjEyMDUtMzQ1MC00ZTkwLThiMTQtMTdlNjZjMWZkM2Qx
LzEvSmdzcnhGUjN5QjEzVGFvTUtLdEV0M1M2Q1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYCAAwQA
W9JFMA0GCSqGSIb3DQEBCwUAA4IBAQBWIsWgfHfItWucCDFI5ZdXNQDeFoyPTWrs
tKOcbS7ZC0+Jvk5TzA4YpK+i6hB09n/LelxsML5gvAbBY2t7M9je4RIKw6UeDl77
587lkx3RWMy0BfR7yv707OkpOklnWt+/UgnP1O6FdoyLtXxM+DOKjjgtVk/jnbZL
J0NfE3RFp4rVPf+VWdFueY5hpJld0lVWpVSbOIBO/zjcO7WUCTty5v8qpUoPS1JD
/epF3OXzvXqAGWfRrfhTPYmA484iXyJwXr8OvMtTvCIcxGHRlSDLk7MiwUSfH6fI
nw/lW/YHN0QRptA83NJpNbwAwFa5XT/3Nzi0nYsVXu5DsMug+y6I
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:55 2024 by rpki-client on console-ams.rpki-client.org