Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/nxC6HWWPB9irIL63aKGKAMLJzEI.roa
File: nxC6HWWPB9irIL63aKGKAMLJzEI.roa (raw, json)
Hash identifier: klpoiwLl3myABPcaSuvpWrVmqvxXsHzCQSqt/Vb8s3w=
Subject key identifier: 9F:10:BA:1D:65:8F:07:D8:AB:20:BE:B7:68:A1:8A:00:C2:C9:CC:42
Certificate issuer: /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial: 0182EFBE4E1F77E58FF7ABD76C28BEC437E5
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/nxC6HWWPB9irIL63aKGKAMLJzEI.roa
Signing time: Tue 30 Aug 2022 17:13:22 +0000
ROA not before: Tue 30 Aug 2022 17:13:22 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 201364
IP address blocks: 185.77.3.0/24 maxlen: 24
45.10.56.0/24 maxlen: 24
2a11:1800::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:ef:be:4e:1f:77:e5:8f:f7:ab:d7:6c:28:be:c4:37:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Validity
Not Before: Aug 30 17:13:22 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9f10ba1d658f07d8ab20beb768a18a00c2c9cc42
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:0c:54:e7:3c:d8:a1:8f:ac:13:1c:d8:f8:42:
1e:ea:4c:cd:9f:ec:5a:31:9e:95:99:16:e6:0d:62:
bf:21:da:a8:a6:19:fe:9b:2d:8f:c2:66:cc:b1:67:
68:33:9f:86:14:3e:16:b9:46:28:3f:ad:e3:2e:a8:
4d:9c:d7:2e:6a:81:f5:a4:8a:22:d2:db:d3:78:ea:
d5:00:63:05:31:2f:8e:ec:9d:fe:95:8c:46:0e:ae:
4d:65:0c:93:1e:02:e5:72:b7:44:7b:a6:2b:9c:73:
7a:2e:aa:f8:73:42:dd:c6:91:8f:95:4d:7a:79:6f:
61:91:6e:fc:b4:c5:25:be:62:3d:38:15:f0:8b:02:
00:7a:93:ae:df:5c:0e:c2:e1:14:ce:c9:a2:cf:30:
87:70:07:aa:fd:09:8a:d6:3e:c3:38:58:fc:d1:11:
98:25:85:7c:a0:f0:e0:66:53:cf:49:6e:03:67:6e:
e8:b2:11:af:97:92:ca:db:8c:d4:fb:fa:d2:e4:19:
fe:7d:2d:73:4b:9e:67:a3:f6:e4:ff:2a:6b:35:5c:
69:f7:50:53:56:d6:24:aa:1e:da:53:24:bf:4f:bb:
70:a8:2e:1f:c1:0b:c6:c9:ab:f5:7a:ca:08:56:95:
e6:f8:7f:02:b2:e8:83:2a:9a:cd:c6:66:c3:ea:8a:
5c:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:10:BA:1D:65:8F:07:D8:AB:20:BE:B7:68:A1:8A:00:C2:C9:CC:42
X509v3 Authority Key Identifier:
keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/nxC6HWWPB9irIL63aKGKAMLJzEI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.56.0/24
185.77.3.0/24
IPv6:
2a11:1800::/29
Signature Algorithm: sha256WithRSAEncryption
3f:7e:e3:44:d7:fe:39:55:5e:55:e6:0f:9a:b5:51:3a:a0:fd:
50:2b:03:07:99:b3:59:4c:8a:bf:10:cd:af:6e:f1:d4:4d:98:
d8:52:db:bb:bd:70:3e:d5:3c:88:f5:64:31:82:5d:af:0d:92:
65:a6:86:71:fc:d7:f8:54:d2:b7:42:95:82:2b:91:63:0c:7e:
74:71:7a:64:4b:0f:b2:e5:d8:08:71:63:31:eb:2f:fb:98:06:
54:04:0f:d3:f9:ce:b0:44:fc:1b:09:a2:1f:5c:b9:b1:6b:a1:
01:fb:ef:6d:05:c7:09:11:a8:6f:ea:20:08:85:4a:ba:e9:b8:
f8:4d:70:ff:67:17:a1:16:ad:0f:70:f9:85:c1:1d:62:93:67:
ca:2f:c9:89:8b:07:53:76:c2:94:92:66:a3:2f:c0:ef:02:9b:
08:c4:2b:46:b0:a6:dc:48:0f:2f:2e:f7:6f:f0:97:a5:0d:d1:
fe:cb:d6:04:3a:5b:f4:01:f0:96:d0:4e:43:c9:d9:ec:e0:f5:
cd:6d:16:d5:07:6b:ab:6b:66:6e:29:f5:7f:54:cf:99:7a:37:
8d:9a:a7:32:7e:6d:5c:00:51:fd:b2:56:e8:13:e4:ed:fd:0d:
53:eb:42:41:ff:c8:f5:32:8d:c1:82:49:1c:e2:77:b3:42:54:
da:9c:bc:17
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYLvvk4fd+WP96vXbCi+xDflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjIwODMwMTcxMzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjEwYmExZDY1OGYwN2Q4YWIyMGJlYjc2OGExOGEwMGMyYzljYzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQxU5zzYoY+sExzY+EIe6kzNn+xa
MZ6VmRbmDWK/Idqophn+my2PwmbMsWdoM5+GFD4WuUYoP63jLqhNnNcuaoH1pIoi
0tvTeOrVAGMFMS+O7J3+lYxGDq5NZQyTHgLlcrdEe6YrnHN6Lqr4c0LdxpGPlU16
eW9hkW78tMUlvmI9OBXwiwIAepOu31wOwuEUzsmizzCHcAeq/QmK1j7DOFj80RGY
JYV8oPDgZlPPSW4DZ27oshGvl5LK24zU+/rS5Bn+fS1zS55no/bk/yprNVxp91BT
VtYkqh7aUyS/T7twqC4fwQvGyav1esoIVpXm+H8CsuiDKprNxmbD6opclQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ8Quh1ljwfYqyC+t2ihigDCycxCMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvbnhDNkhXV1BCOWlySUw2M2FLR0tBTUxKekVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALQo4AwQA
uU0DMA0EAgACMAcDBQMqERgAMA0GCSqGSIb3DQEBCwUAA4IBAQA/fuNE1/45VV5V
5g+atVE6oP1QKwMHmbNZTIq/EM2vbvHUTZjYUtu7vXA+1TyI9WQxgl2vDZJlpoZx
/Nf4VNK3QpWCK5FjDH50cXpkSw+y5dgIcWMx6y/7mAZUBA/T+c6wRPwbCaIfXLmx
a6EB++9tBccJEahv6iAIhUq66bj4TXD/ZxehFq0PcPmFwR1ik2fKL8mJiwdTdsKU
kmajL8DvApsIxCtGsKbcSA8vLvdv8JelDdH+y9YEOlv0AfCW0E5Dydns4PXNbRbV
B2ura2ZuKfV/VM+ZejeNmqcyfm1cAFH9slboE+Tt/Q1T60JB/8j1Mo3Bgkkc4nez
QlTanLwX
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:00 2023 by rpki-client on console-fra.rpki-client.org