Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/NCcDmruTrhFOO5vTA1Bc14SM1WQ.roa
File: NCcDmruTrhFOO5vTA1Bc14SM1WQ.roa (raw, json)
Hash identifier: vmamXZC8z1MfHFdqzGjIGajYeptWBEMpEqDQVT4JKI8=
Subject key identifier: 34:27:03:9A:BB:93:AE:11:4E:3B:9B:D3:03:50:5C:D7:84:8C:D5:64
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018B164BEA1F1268702447A1A22F33D6C165
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/NCcDmruTrhFOO5vTA1Bc14SM1WQ.roa
Signing time: Mon 09 Oct 2023 21:15:55 +0000
ROA not before: Mon 09 Oct 2023 21:15:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44477
IP address blocks: 45.91.238.0/24 maxlen: 24
45.91.237.0/24 maxlen: 24
45.91.236.0/24 maxlen: 24
212.107.27.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:16:4b:ea:1f:12:68:70:24:47:a1:a2:2f:33:d6:c1:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Oct 9 21:15:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3427039abb93ae114e3b9bd303505cd7848cd564
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:b5:a0:96:0e:c0:2b:97:00:5b:5b:e7:23:78:
3d:16:2d:2d:93:7d:01:01:cb:99:ea:2a:72:e2:78:
8d:6c:86:b1:98:de:ac:22:3a:28:47:ea:98:63:0a:
01:d2:23:7f:e4:bb:28:b1:a7:fe:de:94:9a:73:41:
74:af:af:ea:58:51:0f:25:56:6b:5b:13:cb:d8:5c:
8f:44:57:af:43:60:65:2b:63:8b:c2:26:5b:1f:fc:
c9:7e:7a:db:bc:52:1c:49:65:01:ab:74:2f:7e:37:
d9:7b:67:2a:3a:fb:5c:c3:6e:8b:6a:b6:65:20:75:
c1:03:fe:04:5a:a3:cc:7c:ac:d1:69:d8:59:95:a8:
77:5f:e9:ad:50:77:8d:ff:8f:37:c6:f1:4a:01:3c:
fc:ba:67:c6:db:da:53:ae:9c:3e:8a:93:86:10:00:
e3:7f:85:2c:aa:5e:ec:10:f7:43:6d:31:53:bb:53:
0b:59:92:ae:45:8b:50:57:b1:70:da:60:90:1e:f3:
c2:78:37:e7:6a:09:d2:15:a9:96:19:b8:3c:ff:8e:
4a:1f:86:ab:58:d2:7d:b3:9e:2b:9d:40:c6:0b:3d:
c3:ef:bd:64:0b:65:09:35:6b:b6:7b:03:42:ff:a0:
00:a1:9c:c6:b1:7c:ee:ec:67:1d:e5:38:e1:08:1d:
44:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:27:03:9A:BB:93:AE:11:4E:3B:9B:D3:03:50:5C:D7:84:8C:D5:64
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/NCcDmruTrhFOO5vTA1Bc14SM1WQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.236.0-45.91.238.255
212.107.27.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:8b:4a:62:56:9d:8b:e2:91:de:36:fb:ff:ab:f7:32:b4:94:
bf:5d:59:dd:c4:34:3c:37:bf:a5:10:e0:de:a2:d8:ca:55:97:
bb:bf:d9:70:26:fd:2d:5e:c6:5d:b2:93:97:e7:5e:62:4b:1c:
11:88:f1:f5:e2:65:48:15:49:25:4b:3c:f2:8e:ed:2c:73:27:
e3:23:fe:35:4f:52:3d:a0:74:98:96:b9:3a:27:be:a5:a1:3e:
9d:95:c7:68:e8:2d:ea:2f:11:eb:d9:3e:7c:b5:04:e9:19:14:
b7:02:ca:1d:4a:d0:7b:af:c4:3f:a5:f3:c6:7a:4b:c4:bc:75:
88:63:6c:00:75:8d:77:ff:d1:9c:86:7d:92:e3:07:35:24:d9:
e8:ae:6d:76:89:2f:41:7e:3d:1f:9d:9c:fc:80:1a:76:6d:7e:
a1:9e:29:7b:6e:ab:ae:75:1e:7a:88:ed:f3:c7:1d:7b:bc:95:
39:2f:99:62:6f:51:8a:54:9f:51:bc:65:b1:17:a6:6e:f3:18:
bb:0a:f4:12:13:94:0a:2e:7e:5c:a8:8e:06:35:95:47:71:ef:
53:4a:25:e8:33:20:f4:a6:57:18:a1:ab:25:a2:99:fd:b5:5a:
a8:ba:7e:25:62:de:e5:80:38:df:46:bd:04:9a:3c:39:13:fa:
45:10:46:43
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYsWS+ofEmhwJEehoi8z1sFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMxMDA5MjExNTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDI3MDM5YWJiOTNhZTExNGUzYjliZDMwMzUwNWNkNzg0OGNkNTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bWglg7AK5cAW1vnI3g9Fi0tk30B
AcuZ6ipy4niNbIaxmN6sIjooR+qYYwoB0iN/5Lsosaf+3pSac0F0r6/qWFEPJVZr
WxPL2FyPRFevQ2BlK2OLwiZbH/zJfnrbvFIcSWUBq3QvfjfZe2cqOvtcw26LarZl
IHXBA/4EWqPMfKzRadhZlah3X+mtUHeN/483xvFKATz8umfG29pTrpw+ipOGEADj
f4Usql7sEPdDbTFTu1MLWZKuRYtQV7Fw2mCQHvPCeDfnagnSFamWGbg8/45KH4ar
WNJ9s54rnUDGCz3D771kC2UJNWu2ewNC/6AAoZzGsXzu7Gcd5TjhCB1EiwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDQnA5q7k64RTjub0wNQXNeEjNVkMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvTkNjRG1ydVRyaEZPTzV2VEExQmMxNFNNMVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAItW+wD
BAAtW+4DBADUaxswDQYJKoZIhvcNAQELBQADggEBAA6LSmJWnYvikd42+/+r9zK0
lL9dWd3ENDw3v6UQ4N6i2MpVl7u/2XAm/S1exl2yk5fnXmJLHBGI8fXiZUgVSSVL
PPKO7SxzJ+Mj/jVPUj2gdJiWuTonvqWhPp2Vx2joLeovEevZPny1BOkZFLcCyh1K
0HuvxD+l88Z6S8S8dYhjbAB1jXf/0ZyGfZLjBzUk2eiubXaJL0F+PR+dnPyAGnZt
fqGeKXtuq651HnqI7fPHHXu8lTkvmWJvUYpUn1G8ZbEXpm7zGLsK9BITlAouflyo
jgY1lUdx71NKJegzIPSmVxihqyWimf21Wqi6fiVi3uWAON9GvQSaPDkT+kUQRkM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org