Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IFFluuj6qQhcrtRNF7b9cd0sE70.roa
File: IFFluuj6qQhcrtRNF7b9cd0sE70.roa (raw, json)
Hash identifier: /h4gXB1Yy8GB1Odnjzi2hDguWijvTNvzJUv0cNEaE+c=
Subject key identifier: 20:51:65:BA:E8:FA:A9:08:5C:AE:D4:4D:17:B6:FD:71:DD:2C:13:BD
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018964895B397BB12029A2B329ECE91E38FB
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IFFluuj6qQhcrtRNF7b9cd0sE70.roa
Signing time: Mon 17 Jul 2023 15:47:50 +0000
ROA not before: Mon 17 Jul 2023 15:47:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62240
IP address blocks: 45.87.124.0/24 maxlen: 24
45.87.125.0/24 maxlen: 24
45.87.127.0/24 maxlen: 24
84.252.69.0/24 maxlen: 24
45.128.124.0/24 maxlen: 24
194.59.222.0/24 maxlen: 24
194.60.76.0/24 maxlen: 24
212.107.25.0/24 maxlen: 24
2a0f:3101::/32 maxlen: 32
2a0d:3c46::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:64:89:5b:39:7b:b1:20:29:a2:b3:29:ec:e9:1e:38:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jul 17 15:47:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=205165bae8faa9085caed44d17b6fd71dd2c13bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:fb:3a:29:7d:63:93:b3:2e:81:8a:2c:b1:49:
ab:00:44:f8:c8:92:a3:7d:c7:dd:48:8b:e7:7d:6c:
63:0e:4a:5c:3f:4a:54:ff:71:8a:dc:ef:89:85:70:
fa:fd:43:2a:1e:c1:82:1e:77:2b:a2:5d:18:56:43:
42:80:b0:c8:ad:b7:93:bd:41:ba:cd:7c:16:1e:64:
e9:3c:4b:d8:5b:96:a4:e9:90:84:d2:01:a6:43:95:
3b:fc:12:14:d0:1e:8d:ec:97:d1:13:d4:25:a9:2e:
a5:57:5a:d2:7c:02:59:b8:08:3e:b4:d4:b6:af:da:
36:df:ef:65:52:46:b7:9b:bf:28:73:9e:50:29:43:
94:59:bb:d6:36:16:59:44:18:c1:93:4a:ac:23:94:
39:b9:a4:10:d1:8e:79:a4:6a:71:5f:19:92:97:4f:
78:7d:9a:70:64:97:e8:44:0a:4e:fb:86:3c:8c:76:
87:3f:83:f5:92:96:a0:05:9f:fb:9f:86:0b:98:c2:
56:17:eb:ca:c5:db:1e:6a:53:15:22:86:b6:d1:ec:
e1:b4:89:f3:61:54:62:0b:91:0f:0b:93:d0:0b:91:
66:dd:3d:d9:b1:f2:95:7a:40:bb:cb:ac:15:ff:db:
3c:8f:6f:6b:4d:da:2b:2d:d4:54:e8:62:67:5f:c9:
41:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:51:65:BA:E8:FA:A9:08:5C:AE:D4:4D:17:B6:FD:71:DD:2C:13:BD
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/IFFluuj6qQhcrtRNF7b9cd0sE70.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.124.0/23
45.87.127.0/24
45.128.124.0/24
84.252.69.0/24
194.59.222.0/24
194.60.76.0/24
212.107.25.0/24
IPv6:
2a0d:3c46::/32
2a0f:3101::/32
Signature Algorithm: sha256WithRSAEncryption
2f:43:a0:87:6c:1b:e9:72:2c:38:c1:3d:34:64:21:77:fa:23:
5e:1c:91:97:8e:43:4b:1a:75:dc:cf:f6:cd:8e:25:9d:97:63:
99:a6:88:51:53:93:0f:9a:f9:79:71:e4:e8:6f:33:57:0f:2f:
9f:13:63:4e:c3:41:9c:c9:b2:44:bd:aa:2b:13:be:e9:af:c6:
8d:c6:66:6a:b2:86:e0:fb:c0:b8:48:c8:64:d1:1f:33:98:ef:
90:9e:36:21:b2:15:93:16:c4:7d:c5:f3:14:81:24:42:e8:8b:
f5:bf:72:b3:17:0e:d8:cd:74:59:9a:f0:be:f4:71:f1:d5:b4:
51:9b:ca:c1:28:bb:d2:a8:a6:ee:cf:73:e9:19:3e:cc:86:6f:
19:c3:08:24:4d:c7:aa:2a:52:43:f6:84:42:ab:44:41:8e:24:
16:29:80:30:04:b4:bb:df:e3:1a:a1:5f:48:c0:81:33:78:c6:
7b:75:c5:0e:40:6c:00:85:36:80:a6:bb:57:c8:55:e9:7e:d5:
c7:ef:6c:d5:72:69:fd:b6:88:f8:03:35:61:eb:ee:22:5b:ae:
90:63:81:47:77:1c:d0:5a:52:ae:b2:02:1f:8e:4d:0f:be:95:
00:a3:65:6e:d3:81:7b:a3:a0:2b:b5:2e:f8:1a:07:f4:f8:24:
5c:37:81:92
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYlkiVs5e7EgKaKzKezpHjj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwNzE3MTU0NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDUxNjViYWU4ZmFhOTA4NWNhZWQ0NGQxN2I2ZmQ3MWRkMmMxM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvs6KX1jk7MugYossUmrAET4yJKj
fcfdSIvnfWxjDkpcP0pU/3GK3O+JhXD6/UMqHsGCHncrol0YVkNCgLDIrbeTvUG6
zXwWHmTpPEvYW5ak6ZCE0gGmQ5U7/BIU0B6N7JfRE9QlqS6lV1rSfAJZuAg+tNS2
r9o23+9lUka3m78oc55QKUOUWbvWNhZZRBjBk0qsI5Q5uaQQ0Y55pGpxXxmSl094
fZpwZJfoRApO+4Y8jHaHP4P1kpagBZ/7n4YLmMJWF+vKxdsealMVIoa20ezhtInz
YVRiC5EPC5PQC5Fm3T3ZsfKVekC7y6wV/9s8j29rTdorLdRU6GJnX8lBPQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFCBRZbro+qkIXK7UTRe2/XHdLBO9MB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvSUZGbHV1ajZxUWhjcnRSTkY3YjljZDBzRTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQBLVd8AwQA
LVd/AwQALYB8AwQAVPxFAwQAwjveAwQAwjxMAwQA1GsZMBQEAgACMA4DBQAqDTxG
AwUAKg8xATANBgkqhkiG9w0BAQsFAAOCAQEAL0Ogh2wb6XIsOME9NGQhd/ojXhyR
l45DSxp13M/2zY4lnZdjmaaIUVOTD5r5eXHk6G8zVw8vnxNjTsNBnMmyRL2qKxO+
6a/GjcZmarKG4PvAuEjIZNEfM5jvkJ42IbIVkxbEfcXzFIEkQuiL9b9ysxcO2M10
WZrwvvRx8dW0UZvKwSi70qim7s9z6Rk+zIZvGcMIJE3HqipSQ/aEQqtEQY4kFimA
MAS0u9/jGqFfSMCBM3jGe3XFDkBsAIU2gKa7V8hV6X7Vx+9s1XJp/baI+AM1Yevu
IluukGOBR3cc0FpSrrICH45ND76VAKNlbtOBe6OgK7Uu+BoH9PgkXDeBkg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org