Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/cBwjrmm3mh-JSnwh2900knvdwl0.roa
File: cBwjrmm3mh-JSnwh2900knvdwl0.roa (raw, json)
Hash identifier: m+4QLnke80kNwXxogckRG3/tbHz8/g/f1bvWA0iWlJg=
Subject key identifier: 70:1C:23:AE:69:B7:9A:1F:89:4A:7C:21:DB:DD:34:92:7B:DD:C2:5D
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018D13D7EBA075E655B20C9F5CE1185D5F22
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/cBwjrmm3mh-JSnwh2900knvdwl0.roa
Signing time: Tue 16 Jan 2024 19:55:34 +0000
ROA not before: Tue 16 Jan 2024 19:55:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12722
IP address blocks: 45.86.3.0/24 maxlen: 24
46.150.248.0/24 maxlen: 24
46.150.249.0/24 maxlen: 24
91.195.21.0/24 maxlen: 24
194.156.127.0/24 maxlen: 24
212.60.6.0/24 maxlen: 24
212.107.24.0/24 maxlen: 24
213.166.92.0/24 maxlen: 24
213.166.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:eb:a0:75:e6:55:b2:0c:9f:5c:e1:18:5d:5f:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jan 16 19:55:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=701c23ae69b79a1f894a7c21dbdd34927bddc25d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:76:f1:5d:f2:b3:29:cf:f8:54:fe:49:2b:93:
ba:03:c9:3f:af:21:bd:24:08:d3:1c:89:a0:80:f9:
0e:68:d3:26:8f:83:5c:51:71:a2:67:02:a0:ef:4d:
58:00:6a:3b:0d:3e:a8:58:1e:dc:cf:f1:32:37:e5:
0d:f8:2b:a2:cc:86:93:9d:bd:ea:98:06:5a:52:9e:
cb:82:53:83:14:42:ae:0d:0f:17:6a:2f:fc:48:c9:
6e:cc:5f:1b:c5:57:82:7c:4f:ed:30:2b:d7:89:16:
cd:05:cb:8d:cf:a5:b9:7e:e9:e2:a2:41:08:8b:49:
3d:09:d3:8a:c3:16:8c:52:f7:c2:60:6a:91:44:ae:
94:20:41:8e:8d:90:c7:7d:e2:46:02:a6:1d:30:a9:
e8:de:53:bd:11:df:6d:0c:c8:c9:40:d3:14:46:7a:
52:75:af:52:9c:07:c9:e4:aa:04:43:55:68:c7:20:
6b:46:64:2c:7a:c1:8c:c1:ad:e6:3e:fd:a6:f6:47:
7f:1e:38:71:bb:b8:e3:24:f3:da:1c:19:5a:cd:e2:
f7:e5:16:2a:48:4a:7d:c8:d0:8f:26:dc:07:3b:3e:
44:92:fa:94:d8:96:e7:f8:9d:5e:9b:65:81:17:60:
b4:05:1a:b7:82:d3:89:46:34:d0:7c:1c:eb:43:28:
a8:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:1C:23:AE:69:B7:9A:1F:89:4A:7C:21:DB:DD:34:92:7B:DD:C2:5D
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/cBwjrmm3mh-JSnwh2900knvdwl0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.3.0/24
46.150.248.0/23
91.195.21.0/24
194.156.127.0/24
212.60.6.0/24
212.107.24.0/24
213.166.92.0/24
213.166.95.0/24
Signature Algorithm: sha256WithRSAEncryption
ca:72:af:c9:34:2d:cf:3f:85:41:f3:c3:5d:2d:11:29:4d:fc:
78:5d:7e:5c:c7:45:80:a7:c7:85:c0:05:64:df:0b:f5:21:8f:
08:b0:31:58:ec:e1:2f:2c:7c:92:cf:e2:2c:b2:f1:5a:46:44:
ed:38:49:01:3e:a1:bd:d7:d6:8c:d4:dd:27:8f:ef:29:30:1f:
c3:93:6f:63:3d:13:64:a6:5f:4a:bd:55:e8:a2:ea:da:bc:af:
da:4c:b7:13:b2:15:68:a8:97:43:c5:e9:6b:d3:fe:f2:48:dc:
9f:42:f5:94:b0:2b:20:0c:39:5b:7d:d9:74:fc:9f:7e:c6:1e:
b7:a1:3c:96:a3:e2:70:91:20:cf:0b:27:45:9e:5d:cc:c3:71:
6b:cb:32:60:e9:92:68:95:63:29:b7:4d:8b:33:c5:b3:0c:72:
aa:64:95:41:db:13:5e:c1:e5:2b:e1:24:2f:6d:65:ce:14:d1:
50:0c:5b:72:23:58:e9:8a:c5:f8:9a:05:60:48:b2:c7:4e:7c:
65:f6:6d:a4:a7:cd:67:79:ea:9b:c1:32:5d:eb:49:19:d2:24:
af:78:e5:53:4d:8f:6f:d7:0a:88:ee:87:5f:23:7c:e7:fa:ac:
bd:47:c0:06:7d:b0:33:70:31:52:e2:05:74:6d:37:49:4a:54:
5b:10:e7:b9
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY0T1+ugdeZVsgyfXOEYXV8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDFjMjNhZTY5Yjc5YTFmODk0YTdjMjFkYmRkMzQ5MjdiZGRjMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXbxXfKzKc/4VP5JK5O6A8k/ryG9
JAjTHImggPkOaNMmj4NcUXGiZwKg701YAGo7DT6oWB7cz/EyN+UN+CuizIaTnb3q
mAZaUp7LglODFEKuDQ8Xai/8SMluzF8bxVeCfE/tMCvXiRbNBcuNz6W5funiokEI
i0k9CdOKwxaMUvfCYGqRRK6UIEGOjZDHfeJGAqYdMKno3lO9Ed9tDMjJQNMURnpS
da9SnAfJ5KoEQ1VoxyBrRmQsesGMwa3mPv2m9kd/Hjhxu7jjJPPaHBlazeL35RYq
SEp9yNCPJtwHOz5EkvqU2Jbn+J1em2WBF2C0BRq3gtOJRjTQfBzrQyiowwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHAcI65pt5ofiUp8IdvdNJJ73cJdMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvY0J3anJtbTNtaC1KU253aDI5MDBrbnZkd2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVYDAwQB
Lpb4AwQAW8MVAwQAwpx/AwQA1DwGAwQA1GsYAwQA1aZcAwQA1aZfMA0GCSqGSIb3
DQEBCwUAA4IBAQDKcq/JNC3PP4VB88NdLREpTfx4XX5cx0WAp8eFwAVk3wv1IY8I
sDFY7OEvLHySz+IssvFaRkTtOEkBPqG919aM1N0nj+8pMB/Dk29jPRNkpl9KvVXo
ouravK/aTLcTshVoqJdDxelr0/7ySNyfQvWUsCsgDDlbfdl0/J9+xh63oTyWo+Jw
kSDPCydFnl3Mw3FryzJg6ZJolWMpt02LM8WzDHKqZJVB2xNeweUr4SQvbWXOFNFQ
DFtyI1jpisX4mgVgSLLHTnxl9m2kp81neeqbwTJd60kZ0iSveOVTTY9v1wqI7odf
I3zn+qy9R8AGfbAzcDFS4gV0bTdJSlRbEOe5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org