Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/17jrH2H4iWwkF6wpmvwyrWwfYnk.roa
File: 17jrH2H4iWwkF6wpmvwyrWwfYnk.roa (raw, json)
Hash identifier: Dy8npj3nECAQnCJItaThLIBlhWx+pXXH93k1z5I+evs=
Subject key identifier: D7:B8:EB:1F:61:F8:89:6C:24:17:AC:29:9A:FC:32:AD:6C:1F:62:79
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018D2D6E2ED29B9008CDF69C2711E1F753C6
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/17jrH2H4iWwkF6wpmvwyrWwfYnk.roa
Signing time: Sun 21 Jan 2024 19:10:12 +0000
ROA not before: Sun 21 Jan 2024 19:10:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212667
IP address blocks: 45.86.3.0/24 maxlen: 24
194.156.127.0/24 maxlen: 24
212.60.6.0/24 maxlen: 24
212.107.24.0/24 maxlen: 24
213.166.92.0/24 maxlen: 24
213.166.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2d:6e:2e:d2:9b:90:08:cd:f6:9c:27:11:e1:f7:53:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jan 21 19:10:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d7b8eb1f61f8896c2417ac299afc32ad6c1f6279
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:f7:9b:8c:b6:c0:79:00:12:e6:43:1e:40:8e:
c7:95:29:12:ae:21:2b:31:b4:af:87:f0:29:52:40:
45:af:4b:c7:8b:ee:0a:8a:ca:5f:31:1a:a1:da:36:
7c:d1:ea:5b:d1:e3:eb:40:be:f4:a1:5c:76:57:a0:
9e:2e:7b:e6:20:f0:59:f2:12:18:62:0c:a6:89:cc:
c9:43:b1:b7:48:62:8f:d0:fc:3e:5a:27:51:e3:13:
b9:ed:f4:36:73:9d:5c:f2:7b:d2:e3:6b:3d:f3:fa:
e8:6e:f5:d3:41:b0:65:86:1a:26:71:a3:b3:d2:72:
7f:cc:bd:77:be:d5:37:f3:55:b7:dd:ef:9e:04:c4:
18:6f:b8:7e:82:34:4b:2b:bc:50:ac:31:f8:8b:24:
36:0f:13:89:8d:7c:8d:9f:55:54:96:7d:bb:d3:74:
03:06:08:aa:fa:44:39:7c:0f:d6:1f:1e:40:ac:d6:
f9:29:cb:f8:03:1f:a6:42:50:e3:d8:da:ff:84:d5:
a2:82:29:95:2e:67:ff:01:97:65:c4:0e:e0:e3:ad:
81:52:fb:29:b0:60:ce:3c:e8:05:69:4b:f7:2c:b6:
93:2f:6b:95:2a:e9:ee:b0:ed:a9:95:dc:b2:ce:38:
94:05:0d:38:08:ce:98:32:d8:29:29:4b:ed:69:6c:
9d:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:B8:EB:1F:61:F8:89:6C:24:17:AC:29:9A:FC:32:AD:6C:1F:62:79
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/17jrH2H4iWwkF6wpmvwyrWwfYnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.3.0/24
194.156.127.0/24
212.60.6.0/24
212.107.24.0/24
213.166.92.0/24
213.166.95.0/24
Signature Algorithm: sha256WithRSAEncryption
99:d2:aa:41:e3:9f:84:1a:ba:53:d1:07:d3:68:73:72:ef:48:
8b:b7:f5:f0:14:3a:bb:d8:c2:2b:14:44:f4:d2:df:8a:1a:61:
7e:39:c1:38:41:2e:fa:4d:4c:7b:0c:80:12:23:42:b9:0a:ab:
61:77:88:d4:5d:38:eb:22:4b:28:a7:9c:9e:27:33:78:6c:d6:
6a:1e:ea:3d:f9:49:e5:c8:81:35:7e:93:0b:39:a7:54:52:db:
13:d4:65:97:32:74:9a:eb:36:67:fb:b8:0d:84:ac:59:1a:ef:
63:66:b5:41:40:03:28:3f:74:f0:69:80:f4:62:5b:03:d4:0c:
80:7a:b9:70:40:13:9e:37:2f:34:0e:0f:74:90:ed:00:a2:0a:
24:e0:07:a2:b7:4c:fe:49:52:1a:17:91:85:93:1a:36:0a:0c:
15:c4:a3:4a:52:bf:6e:a2:cc:62:1a:22:80:1c:3c:09:3e:32:
d3:68:b6:f6:12:13:3d:dc:db:12:b0:68:d1:d6:61:7b:80:07:
7d:0c:df:39:a9:10:ae:b7:dc:9e:f5:27:45:dc:42:c2:6e:05:
99:75:e2:79:4e:8f:5d:ca:38:b9:57:e0:65:21:e2:bd:4b:42:
fa:9d:3f:52:af:4a:c1:af:a6:59:de:72:c1:1e:73:19:0d:31:
37:40:be:58
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY0tbi7Sm5AIzfacJxHh91PGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTIxMTkxMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2I4ZWIxZjYxZjg4OTZjMjQxN2FjMjk5YWZjMzJhZDZjMWY2Mjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPebjLbAeQAS5kMeQI7HlSkSriEr
MbSvh/ApUkBFr0vHi+4KispfMRqh2jZ80epb0ePrQL70oVx2V6CeLnvmIPBZ8hIY
YgymiczJQ7G3SGKP0Pw+WidR4xO57fQ2c51c8nvS42s98/robvXTQbBlhhomcaOz
0nJ/zL13vtU381W33e+eBMQYb7h+gjRLK7xQrDH4iyQ2DxOJjXyNn1VUln2703QD
Bgiq+kQ5fA/WHx5ArNb5Kcv4Ax+mQlDj2Nr/hNWigimVLmf/AZdlxA7g462BUvsp
sGDOPOgFaUv3LLaTL2uVKunusO2pldyyzjiUBQ04CM6YMtgpKUvtaWydTwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNe46x9h+IlsJBesKZr8Mq1sH2J5MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvMTdqckgySDRpV3drRjZ3cG12d3lyV3dmWW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALVYDAwQA
wpx/AwQA1DwGAwQA1GsYAwQA1aZcAwQA1aZfMA0GCSqGSIb3DQEBCwUAA4IBAQCZ
0qpB45+EGrpT0QfTaHNy70iLt/XwFDq72MIrFET00t+KGmF+OcE4QS76TUx7DIAS
I0K5Cqthd4jUXTjrIksop5yeJzN4bNZqHuo9+UnlyIE1fpMLOadUUtsT1GWXMnSa
6zZn+7gNhKxZGu9jZrVBQAMoP3TwaYD0YlsD1AyAerlwQBOeNy80Dg90kO0Aogok
4Aeit0z+SVIaF5GFkxo2CgwVxKNKUr9uosxiGiKAHDwJPjLTaLb2EhM93NsSsGjR
1mF7gAd9DN85qRCut9ye9SdF3ELCbgWZdeJ5To9dyji5V+BlIeK9S0L6nT9Sr0rB
r6ZZ3nLBHnMZDTE3QL5Y
-----END CERTIFICATE-----
Generated at Thu Mar 28 19:00:54 2024 by rpki-client on console-fra.rpki-client.org