Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/o_lYthf8dajFFxgnkPct0aPyIUg.roa
File: o_lYthf8dajFFxgnkPct0aPyIUg.roa (raw, json)
Hash identifier: KNULRy3dolYTG3Yw1iQN29GxHvMeBfqJku/ecLslONA=
Subject key identifier: A3:F9:58:B6:17:FC:75:A8:C5:17:18:27:90:F7:2D:D1:A3:F2:21:48
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 01896499DB2A9674EB4E22D423E4374D4CE0
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/o_lYthf8dajFFxgnkPct0aPyIUg.roa
Signing time: Mon 17 Jul 2023 16:05:51 +0000
ROA not before: Mon 17 Jul 2023 16:05:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34665
IP address blocks: 45.81.138.0/24 maxlen: 24
91.188.245.0/24 maxlen: 24
45.95.31.0/24 maxlen: 24
176.119.143.0/24 maxlen: 24
193.187.104.0/24 maxlen: 24
193.187.107.0/24 maxlen: 24
45.91.239.0/24 maxlen: 24
78.142.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:64:99:db:2a:96:74:eb:4e:22:d4:23:e4:37:4d:4c:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jul 17 16:05:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a3f958b617fc75a8c517182790f72dd1a3f22148
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:20:69:fa:a6:dd:29:1d:7a:6b:57:eb:f1:3d:
4f:a3:05:49:34:71:9d:bf:74:61:33:86:df:c9:42:
d4:4a:24:69:a1:d9:be:7d:b2:6a:d1:73:65:94:81:
a4:0c:db:90:52:b6:6b:a5:ee:f0:8f:f7:fb:c9:9b:
6d:8e:b4:2e:3b:41:e5:13:b0:ad:b0:eb:ec:99:e1:
dc:ea:1c:fc:e5:92:41:e9:a1:7a:2d:64:f0:dc:f1:
d2:af:1c:5b:dd:39:36:0d:8e:b3:db:5d:d9:c5:65:
97:b2:db:89:88:fa:b8:97:84:27:42:d7:b9:e7:60:
05:ad:f6:cc:87:76:d4:c1:62:cc:5e:52:47:92:7e:
6f:a0:e5:0c:c2:88:a0:2a:92:fb:ff:b7:d6:44:7f:
52:f1:56:d6:eb:84:84:cd:36:27:eb:3d:9c:4d:64:
84:a9:74:72:3d:be:40:14:1b:4b:28:b1:99:5a:d0:
81:9d:e7:c4:5d:fd:de:a5:a8:7c:fe:6e:7b:0b:21:
3f:2f:cb:9f:98:a6:24:50:27:65:9e:ca:eb:75:7e:
0a:6a:d7:a1:e0:89:e6:b3:43:49:63:a1:18:48:a6:
49:b5:b3:bd:84:25:4e:c9:07:0c:46:91:96:80:95:
1c:c0:76:a8:1a:54:21:05:db:2b:d4:bc:8a:f7:1e:
0f:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:F9:58:B6:17:FC:75:A8:C5:17:18:27:90:F7:2D:D1:A3:F2:21:48
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/o_lYthf8dajFFxgnkPct0aPyIUg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.138.0/24
45.91.239.0/24
45.95.31.0/24
78.142.239.0/24
91.188.245.0/24
176.119.143.0/24
193.187.104.0/24
193.187.107.0/24
Signature Algorithm: sha256WithRSAEncryption
44:c8:d9:24:4a:04:ac:b5:b4:d7:54:fb:8b:b6:c9:8f:68:cd:
60:f5:87:9a:d5:f5:04:cd:c1:e4:8e:3f:6d:bd:ef:01:9b:dd:
f0:ab:3a:25:bb:a9:6c:0e:4b:35:55:10:b7:02:cf:2c:3d:c8:
0c:20:8e:15:97:cc:f1:0c:75:71:93:39:d4:55:b7:52:fe:fc:
5b:73:74:cb:b8:23:2d:d2:ba:d8:a1:f8:d9:68:85:4e:34:a6:
a7:8f:a0:1e:e7:48:d5:4c:c7:5c:a1:61:16:4e:18:8e:57:d0:
19:d1:64:8c:12:52:a6:14:84:2f:f2:39:b7:1c:0c:bd:f1:c1:
b8:cf:4b:46:80:0a:a4:a6:78:04:8c:a1:30:60:b6:95:82:1d:
51:73:69:e4:b5:a2:33:a6:00:5e:5e:4f:b6:bf:a8:3a:65:62:
b1:de:0d:0b:da:c2:ad:24:63:74:65:93:0b:26:2a:ea:17:92:
e6:a5:40:33:78:a6:3a:ae:f4:d1:8e:6a:8f:ef:21:ec:c0:af:
c2:15:53:eb:28:2d:4c:9f:ee:00:44:12:e5:8a:dd:30:22:69:
92:6e:47:cc:13:95:df:1b:4c:ec:4d:18:4a:66:af:95:28:bb:
7c:7f:9a:ee:91:ac:c9:7c:5b:e5:f0:1c:58:a9:d1:f9:79:24:
37:af:24:50
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYlkmdsqlnTrTiLUI+Q3TUzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwNzE3MTYwNTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Y5NThiNjE3ZmM3NWE4YzUxNzE4Mjc5MGY3MmRkMWEzZjIyMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8SBp+qbdKR16a1fr8T1PowVJNHGd
v3RhM4bfyULUSiRpodm+fbJq0XNllIGkDNuQUrZrpe7wj/f7yZttjrQuO0HlE7Ct
sOvsmeHc6hz85ZJB6aF6LWTw3PHSrxxb3Tk2DY6z213ZxWWXstuJiPq4l4QnQte5
52AFrfbMh3bUwWLMXlJHkn5voOUMwoigKpL7/7fWRH9S8VbW64SEzTYn6z2cTWSE
qXRyPb5AFBtLKLGZWtCBnefEXf3epah8/m57CyE/L8ufmKYkUCdlnsrrdX4Kateh
4Inms0NJY6EYSKZJtbO9hCVOyQcMRpGWgJUcwHaoGlQhBdsr1LyK9x4P4wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKP5WLYX/HWoxRcYJ5D3LdGj8iFIMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvb19sWXRoZjhkYWpGRnhnbmtQY3QwYVB5SVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVGKAwQA
LVvvAwQALV8fAwQATo7vAwQAW7z1AwQAsHePAwQAwbtoAwQAwbtrMA0GCSqGSIb3
DQEBCwUAA4IBAQBEyNkkSgSstbTXVPuLtsmPaM1g9Yea1fUEzcHkjj9tve8Bm93w
qzolu6lsDks1VRC3As8sPcgMII4Vl8zxDHVxkznUVbdS/vxbc3TLuCMt0rrYofjZ
aIVONKanj6Ae50jVTMdcoWEWThiOV9AZ0WSMElKmFIQv8jm3HAy98cG4z0tGgAqk
pngEjKEwYLaVgh1Rc2nktaIzpgBeXk+2v6g6ZWKx3g0L2sKtJGN0ZZMLJirqF5Lm
pUAzeKY6rvTRjmqP7yHswK/CFVPrKC1Mn+4ARBLlit0wImmSbkfME5XfG0zsTRhK
Zq+VKLt8f5rukazJfFvl8BxYqdH5eSQ3ryRQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org