Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/SPDa_3s2nfrsDtXAXNQtRGEo8yo.roa
File: SPDa_3s2nfrsDtXAXNQtRGEo8yo.roa (raw, json)
Hash identifier: Bu/jZk58hPHyOmlwrFD4gekj7uNrWq0vDEuLr8RpjZM=
Subject key identifier: 48:F0:DA:FF:7B:36:9D:FA:EC:0E:D5:C0:5C:D4:2D:44:61:28:F3:2A
Certificate issuer: /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial: 0184AA6A5A8307784E05E178CED32C37B402
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/SPDa_3s2nfrsDtXAXNQtRGEo8yo.roa
Signing time: Thu 24 Nov 2022 16:13:27 +0000
ROA not before: Thu 24 Nov 2022 16:13:27 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29470
IP address blocks: 87.245.192.0/20 maxlen: 20
139.45.216.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:aa:6a:5a:83:07:78:4e:05:e1:78:ce:d3:2c:37:b4:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
Validity
Not Before: Nov 24 16:13:27 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=48f0daff7b369dfaec0ed5c05cd42d446128f32a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:e3:54:a9:65:57:e1:2b:35:93:23:37:e9:e7:
dd:3d:f9:9d:65:63:2d:77:8f:ab:44:17:95:ca:bf:
fa:8d:91:c5:c5:b0:a7:f3:69:bd:2d:c4:36:50:0d:
34:e5:1e:ea:8c:c5:2e:a9:7a:e3:14:41:74:e7:fa:
59:6d:73:ec:b1:87:2f:ac:af:00:73:0d:5d:07:64:
67:7a:9a:c6:13:6f:d4:28:92:c5:dd:2b:18:25:bf:
1e:71:5e:31:f3:1a:13:cc:d4:c4:bd:0f:36:eb:64:
c7:80:57:1c:a2:20:59:b1:c2:34:1b:9f:59:6a:89:
b5:ac:2e:3e:ec:2a:28:32:ac:df:fb:6c:e6:f6:58:
36:6f:90:fd:96:7e:9b:6f:39:d0:de:a6:c1:bb:49:
a9:cf:6e:12:a1:57:aa:91:dc:e0:48:a4:4d:aa:d3:
55:97:a6:42:37:e3:0f:c8:e2:62:89:36:4f:be:a0:
95:16:ae:ea:2c:fa:0c:61:ca:e3:62:08:13:da:a3:
7b:fd:09:6b:04:e1:8f:dc:83:c1:7e:c7:51:51:8e:
86:d7:e9:93:fa:67:84:6b:e4:2e:2c:04:45:e0:9a:
b0:38:fd:c0:e0:79:de:35:70:8c:ad:aa:35:28:e2:
a0:e6:2e:b7:49:a0:1c:9b:ed:c1:a9:c9:27:82:36:
f5:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:F0:DA:FF:7B:36:9D:FA:EC:0E:D5:C0:5C:D4:2D:44:61:28:F3:2A
X509v3 Authority Key Identifier:
keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/SPDa_3s2nfrsDtXAXNQtRGEo8yo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.245.192.0/20
139.45.216.0/21
Signature Algorithm: sha256WithRSAEncryption
75:8f:81:1e:9f:bd:7f:3c:13:81:55:aa:83:1a:0f:62:46:4b:
9c:74:64:bf:6c:26:7d:1e:1f:1b:60:d6:fd:29:1d:7a:d0:8c:
1f:21:9a:82:03:5e:74:98:f3:af:78:cd:cb:ff:e3:3d:7d:5d:
01:97:18:cf:0f:ff:55:f3:0e:c4:67:09:8e:d4:b9:eb:f5:a5:
b0:1b:cf:39:f2:81:00:43:a1:b7:d8:46:13:60:34:28:57:1d:
0a:05:b0:d6:77:a4:e5:41:8e:76:d2:9a:ce:d2:35:12:06:05:
2b:8f:09:18:02:f8:4e:d3:03:77:82:56:17:51:d7:46:b4:72:
49:bd:b2:8c:52:e9:4f:70:f4:05:5f:5f:94:c9:4c:50:f9:4e:
9c:5a:b6:b1:0d:8e:50:76:78:8e:98:e0:e7:f5:6b:8b:0f:b7:
aa:a5:72:e9:91:fc:a3:fa:4f:9a:51:5f:53:90:2b:49:30:86:
c5:e7:af:26:5e:f8:15:5a:e7:b9:db:ab:75:8f:57:0d:5c:c6:
a7:3f:00:1c:d6:e1:47:df:44:26:9c:56:63:1e:0c:27:54:f4:
44:bf:f1:13:b6:a8:fc:ec:98:92:29:96:56:fe:d6:de:74:0a:
41:70:74:b2:84:17:ad:9f:0c:a4:09:fc:a1:a5:dc:6e:29:72:
6f:c0:29:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYSqalqDB3hOBeF4ztMsN7QCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjIxMTI0MTYxMzI3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGYwZGFmZjdiMzY5ZGZhZWMwZWQ1YzA1Y2Q0MmQ0NDYxMjhmMzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruNUqWVX4Ss1kyM36efdPfmdZWMt
d4+rRBeVyr/6jZHFxbCn82m9LcQ2UA005R7qjMUuqXrjFEF05/pZbXPssYcvrK8A
cw1dB2RneprGE2/UKJLF3SsYJb8ecV4x8xoTzNTEvQ8262THgFccoiBZscI0G59Z
aom1rC4+7CooMqzf+2zm9lg2b5D9ln6bbznQ3qbBu0mpz24SoVeqkdzgSKRNqtNV
l6ZCN+MPyOJiiTZPvqCVFq7qLPoMYcrjYggT2qN7/QlrBOGP3IPBfsdRUY6G1+mT
+meEa+QuLARF4JqwOP3A4HneNXCMrao1KOKg5i63SaAcm+3Bqckngjb16QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEjw2v97Np367A7VwFzULURhKPMqMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvU1BEYV8zczJuZnJzRHRYQVhOUXRSR0VvOHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEV/XAAwQD
iy3YMA0GCSqGSIb3DQEBCwUAA4IBAQB1j4Een71/PBOBVaqDGg9iRkucdGS/bCZ9
Hh8bYNb9KR160IwfIZqCA150mPOveM3L/+M9fV0BlxjPD/9V8w7EZwmO1Lnr9aWw
G8858oEAQ6G32EYTYDQoVx0KBbDWd6TlQY520prO0jUSBgUrjwkYAvhO0wN3glYX
UddGtHJJvbKMUulPcPQFX1+UyUxQ+U6cWraxDY5QdniOmODn9WuLD7eqpXLpkfyj
+k+aUV9TkCtJMIbF568mXvgVWue526t1j1cNXManPwAc1uFH30QmnFZjHgwnVPRE
v/ETtqj87JiSKZZW/tbedApBcHSyhBetnwykCfyhpdxuKXJvwCmt
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:09 2024 by rpki-client on console-ams.rpki-client.org