Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/pnMXmpB67OhvrQZGprmJ6ymarz0.roa
File: pnMXmpB67OhvrQZGprmJ6ymarz0.roa (raw, json)
Hash identifier: SyCdG1F7MWi2xyxSznxQQ9eDhZY3TkO20Cm17msDaMY=
Subject key identifier: A6:73:17:9A:90:7A:EC:E8:6F:AD:06:46:A6:B9:89:EB:29:9A:AF:3D
Certificate issuer: /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial: 088CFAFA
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/pnMXmpB67OhvrQZGprmJ6ymarz0.roa
Signing time: Sat 01 Jan 2022 07:00:45 +0000
ROA not before: Sat 01 Jan 2022 07:00:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 205516
IP address blocks: 45.8.116.0/22 maxlen: 24
2a0e:6600::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 143457018 (0x88cfafa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Validity
Not Before: Jan 1 07:00:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a673179a907aece86fad0646a6b989eb299aaf3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:3b:32:43:9a:10:1f:7f:ca:5e:c3:f0:9e:35:
dd:49:c6:60:ba:d3:1e:b0:e5:00:62:ac:5e:2a:68:
ec:a6:eb:d3:b9:63:fc:ca:31:f1:39:d5:9f:e7:50:
e0:44:38:35:53:56:79:85:f5:2e:ab:0f:36:a6:e8:
91:cc:04:b4:c4:05:70:c0:05:ff:33:2c:06:80:41:
a3:3f:64:08:68:b7:09:10:ff:d1:23:12:61:80:91:
20:d0:b4:26:7b:82:da:fe:ae:66:15:6a:99:ab:1e:
04:11:99:42:32:b9:da:77:a7:54:af:35:f7:dd:ac:
00:7f:1d:1a:36:db:6e:e2:73:ab:d1:21:5f:51:0c:
e7:4e:f3:76:e9:3c:a8:5c:04:51:46:7b:e1:94:93:
bc:6f:66:31:e0:bd:6b:e8:12:fb:00:46:33:a4:da:
9d:41:aa:4b:2e:fd:06:ab:65:30:c1:bb:c0:8a:c9:
67:d2:c4:cb:c1:5b:d0:9b:ac:03:ce:02:70:b7:13:
b1:75:07:b8:fa:d4:e7:68:81:9a:73:97:85:72:fe:
cd:66:37:1d:fa:c5:58:f0:93:b5:60:d4:6f:66:3d:
ff:2b:14:8e:af:e4:2e:40:c4:40:a4:96:d0:79:ca:
7d:fa:a1:15:72:ed:09:a9:f2:33:9b:ba:77:b3:78:
f2:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:73:17:9A:90:7A:EC:E8:6F:AD:06:46:A6:B9:89:EB:29:9A:AF:3D
X509v3 Authority Key Identifier:
keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/pnMXmpB67OhvrQZGprmJ6ymarz0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.116.0/22
IPv6:
2a0e:6600::/29
Signature Algorithm: sha256WithRSAEncryption
78:83:dd:9c:9e:7a:9e:fa:89:eb:f7:b8:93:e0:23:c0:d5:8c:
49:21:1d:1d:ac:10:44:84:bd:9a:0b:f9:58:f8:50:cc:1e:a8:
3f:d3:31:bc:19:a9:79:08:d5:b6:98:0d:30:44:b4:cb:ad:26:
52:72:58:c9:d3:5f:f8:98:1e:6e:50:2a:ff:40:c1:29:20:d6:
a5:79:9b:10:ea:59:23:9b:3f:1e:47:d4:ee:2e:e0:16:e6:3c:
bd:9e:89:27:c2:72:30:cd:31:3a:22:4c:dc:ec:f8:03:93:5a:
b3:35:f1:0a:87:68:eb:9a:85:91:f9:fd:08:5e:9f:d8:ca:9c:
cc:c4:13:51:61:1b:9b:c5:fd:39:3d:80:9d:6c:9e:3f:84:9a:
64:bf:d1:f8:74:4c:91:bc:a1:94:a2:a0:0c:96:1b:67:1f:b1:
5f:55:f6:1b:ca:08:de:f2:64:21:4d:79:c2:8a:a9:7c:d6:7b:
a5:8a:e2:20:a1:91:6d:72:9e:b0:d0:af:72:15:b8:45:92:08:
05:51:d8:af:8c:53:a8:96:cb:4d:0f:3c:87:24:e2:3d:a2:21:
ba:eb:87:6c:02:5d:d5:f8:4a:35:0d:bf:1e:fa:f5:a3:bb:d7:
07:d0:40:3a:b2:cc:b1:41:82:77:8e:5f:6d:9f:53:23:84:40:
8f:cc:21:d8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIECIz6+jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
YTczMjc4MDVkZjIwZmI1YzFkNmY0ZTg5MDc0NzQzY2FlYjI0YWY3MB4XDTIyMDEw
MTA3MDA0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTY3MzE3OWE5MDdh
ZWNlODZmYWQwNjQ2YTZiOTg5ZWIyOTlhYWYzZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALE7MkOaEB9/yl7D8J413UnGYLrTHrDlAGKsXipo7Kbr07lj
/Mox8TnVn+dQ4EQ4NVNWeYX1LqsPNqbokcwEtMQFcMAF/zMsBoBBoz9kCGi3CRD/
0SMSYYCRINC0JnuC2v6uZhVqmaseBBGZQjK52nenVK81992sAH8dGjbbbuJzq9Eh
X1EM507zduk8qFwEUUZ74ZSTvG9mMeC9a+gS+wBGM6TanUGqSy79BqtlMMG7wIrJ
Z9LEy8Fb0JusA84CcLcTsXUHuPrU52iBmnOXhXL+zWY3HfrFWPCTtWDUb2Y9/ysU
jq/kLkDEQKSW0HnKffqhFXLtCanyM5u6d7N48jUCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSmcxeakHrs6G+tBkamuYnrKZqvPTAfBgNVHSMEGDAWgBQKcyeAXfIPtcHW
9OiQdHQ8rrJK9zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NuTW5nRjN5RDdYQjF2VG9rSFIwUEs2eVN2Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGEvOGIxZmFjLTVhMjEtNDg0OC1hNjZhLTEwYmI0NTc5ZDUyOC8x
L3BuTVhtcEI2N09odnJRWkdwcm1KNnltYXJ6MC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEv
OGIxZmFjLTVhMjEtNDg0OC1hNjZhLTEwYmI0NTc5ZDUyOC8xL0NuTW5nRjN5RDdY
QjF2VG9rSFIwUEs2eVN2Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi0IdDANBAIAAjAHAwUDKg5mADAN
BgkqhkiG9w0BAQsFAAOCAQEAeIPdnJ56nvqJ6/e4k+AjwNWMSSEdHawQRIS9mgv5
WPhQzB6oP9MxvBmpeQjVtpgNMES0y60mUnJYydNf+JgeblAq/0DBKSDWpXmbEOpZ
I5s/HkfU7i7gFuY8vZ6JJ8JyMM0xOiJM3Oz4A5NaszXxCodo65qFkfn9CF6f2Mqc
zMQTUWEbm8X9OT2AnWyeP4SaZL/R+HRMkbyhlKKgDJYbZx+xX1X2G8oI3vJkIU15
woqpfNZ7pYriIKGRbXKesNCvchW4RZIIBVHYr4xTqJbLTQ88hyTiPaIhuuuHbAJd
1fhKNQ2/Hvr1o7vXB9BAOrLMsUGCd45fbZ9TI4RAj8wh2A==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:41:31 2025 by rpki-client