Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/snjQC8i5I_rnW2pwbfJdvPtSndY.roa
File: snjQC8i5I_rnW2pwbfJdvPtSndY.roa (raw, json)
Hash identifier: 8XgjqAp47rq6oVK+IjIbf74Z+ozuH1eq/VCai9z3MtQ=
Subject key identifier: B2:78:D0:0B:C8:B9:23:FA:E7:5B:6A:70:6D:F2:5D:BC:FB:52:9D:D6
Certificate issuer: /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial: 018AD6692FF57CC97B0F3EB71D4D2F955E58
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/snjQC8i5I_rnW2pwbfJdvPtSndY.roa
Signing time: Wed 27 Sep 2023 11:32:12 +0000
ROA not before: Wed 27 Sep 2023 11:32:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49289
IP address blocks: 185.63.132.0/23 maxlen: 23
159.255.136.0/22 maxlen: 22
185.63.135.0/24 maxlen: 24
185.63.134.0/24 maxlen: 24
159.255.144.0/24 maxlen: 24
188.94.120.0/21 maxlen: 21
171.22.233.0/24 maxlen: 24
171.22.232.0/24 maxlen: 24
171.22.235.0/24 maxlen: 24
171.22.234.0/24 maxlen: 24
93.185.112.0/20 maxlen: 20
178.239.32.0/20 maxlen: 20
2a00:c50::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:d6:69:2f:f5:7c:c9:7b:0f:3e:b7:1d:4d:2f:95:5e:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Validity
Not Before: Sep 27 11:32:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b278d00bc8b923fae75b6a706df25dbcfb529dd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:b2:df:a0:da:96:44:ff:df:5c:0e:e0:98:58:
ee:a9:a6:d1:99:0b:41:84:2c:b1:31:07:16:d7:12:
4a:9c:87:f0:c0:d0:29:95:ab:80:1b:19:bd:dc:00:
e8:98:bc:60:15:ba:ba:17:6e:b1:c0:49:ac:68:51:
e8:6c:45:f4:9a:73:29:17:cb:bb:f4:3f:90:4d:bd:
9a:4b:2d:cd:41:4e:05:bf:cb:b2:b8:a7:22:81:45:
c1:3d:e6:4f:94:78:91:2d:b2:1c:39:72:7b:1c:f9:
4b:7f:62:66:cc:e3:f7:05:89:51:be:4e:b1:bf:fd:
11:6a:f4:63:ce:32:77:53:43:86:cf:ae:30:bb:3e:
8e:3f:65:17:11:d2:f6:5d:e8:c8:76:ed:1d:7e:9f:
95:3f:f7:54:f7:03:79:ee:03:ee:c6:f3:4b:2c:60:
17:0e:c4:1b:06:01:40:93:13:93:da:77:52:2c:d5:
ae:30:a9:09:79:02:6e:28:99:92:d5:f9:2a:3a:86:
d8:8f:aa:5c:b3:76:df:79:ed:87:d8:70:4d:62:29:
3a:ac:cf:4d:f4:bd:e3:7b:10:c2:7b:0e:67:6e:cc:
31:49:30:a3:b6:52:c7:6c:d4:f9:c0:e6:3c:55:72:
36:49:80:bc:c6:46:81:90:b8:19:30:93:a5:91:9f:
60:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:78:D0:0B:C8:B9:23:FA:E7:5B:6A:70:6D:F2:5D:BC:FB:52:9D:D6
X509v3 Authority Key Identifier:
keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/snjQC8i5I_rnW2pwbfJdvPtSndY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.185.112.0/20
159.255.136.0/22
159.255.144.0/24
171.22.232.0/22
178.239.32.0/20
185.63.132.0/22
188.94.120.0/21
IPv6:
2a00:c50::/29
Signature Algorithm: sha256WithRSAEncryption
7b:8f:1e:80:92:84:33:3c:10:c8:b7:05:bf:07:3a:b9:2e:39:
9f:f9:de:06:a1:7f:93:d0:5b:1b:dd:15:f9:1a:13:4c:76:81:
a2:ca:6e:00:5f:ab:ec:fc:b2:c5:9e:47:8a:35:d8:92:fb:15:
a7:73:08:f4:66:63:36:a4:dc:ea:84:95:1c:df:94:31:50:a9:
d6:8f:29:f0:ea:23:e4:20:45:fa:a0:5d:77:cb:b2:9e:95:d3:
82:01:70:e8:0f:f1:66:45:35:46:41:c6:9e:8b:d6:fd:9b:eb:
b0:20:56:92:d5:89:81:e8:d5:05:4d:f1:a3:b6:26:b2:2e:75:
94:dd:d7:14:37:84:02:5c:ba:0c:58:b8:4f:3c:bc:c0:71:ce:
1a:02:80:ac:f5:57:4a:ad:67:ce:0c:29:9a:42:38:5e:8c:31:
5d:d4:bf:f6:ad:ff:c1:15:77:bd:a2:cf:ed:d6:89:f7:73:a1:
54:c7:a4:ab:1f:8b:20:26:b6:a6:7a:93:7a:00:30:d6:64:d1:
b5:fe:4b:b5:19:c8:64:04:38:0a:74:7f:7c:a6:f1:e4:85:b4:
0f:fc:c5:9a:e4:67:75:bb:28:62:2d:da:c9:0f:eb:f1:02:67:
f1:7a:47:e5:d3:45:43:a4:4d:49:3a:be:6c:85:82:a7:69:1a:
f0:76:07:5e
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYrWaS/1fMl7Dz63HU0vlV5YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjMwOTI3MTEzMjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjc4ZDAwYmM4YjkyM2ZhZTc1YjZhNzA2ZGYyNWRiY2ZiNTI5ZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLLfoNqWRP/fXA7gmFjuqabRmQtB
hCyxMQcW1xJKnIfwwNAplauAGxm93ADomLxgFbq6F26xwEmsaFHobEX0mnMpF8u7
9D+QTb2aSy3NQU4Fv8uyuKcigUXBPeZPlHiRLbIcOXJ7HPlLf2JmzOP3BYlRvk6x
v/0RavRjzjJ3U0OGz64wuz6OP2UXEdL2XejIdu0dfp+VP/dU9wN57gPuxvNLLGAX
DsQbBgFAkxOT2ndSLNWuMKkJeQJuKJmS1fkqOobYj6pcs3bfee2H2HBNYik6rM9N
9L3jexDCew5nbswxSTCjtlLHbNT5wOY8VXI2SYC8xkaBkLgZMJOlkZ9gbQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFLJ40AvIuSP651tqcG3yXbz7Up3WMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvc25qUUM4aTVJX3JuVzJwd2JmSmR2UHRTbmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEXblwAwQC
n/+IAwQAn/+QAwQCqxboAwQEsu8gAwQCuT+EAwQDvF54MA0EAgACMAcDBQMqAAxQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB7jx6AkoQzPBDItwW/Bzq5Ljmf+d4GoX+T0Fsb
3RX5GhNMdoGiym4AX6vs/LLFnkeKNdiS+xWncwj0ZmM2pNzqhJUc35QxUKnWjynw
6iPkIEX6oF13y7KeldOCAXDoD/FmRTVGQcaei9b9m+uwIFaS1YmB6NUFTfGjtiay
LnWU3dcUN4QCXLoMWLhPPLzAcc4aAoCs9VdKrWfODCmaQjhejDFd1L/2rf/BFXe9
os/t1on3c6FUx6SrH4sgJramepN6ADDWZNG1/ku1GchkBDgKdH98pvHkhbQP/MWa
5Gd1uyhiLdrJD+vxAmfxekfl00VDpE1JOr5shYKnaRrwdgde
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:05 2024 by rpki-client on console-ams.rpki-client.org