Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/saN4wjMbtj70cEMxhWLIhiQ0-ss.roa
File: saN4wjMbtj70cEMxhWLIhiQ0-ss.roa (raw, json)
Hash identifier: SdHTgXae5ALi+1+cgDT+uibfQk5+pF6rpF1COUXX3Dc=
Subject key identifier: B1:A3:78:C2:33:1B:B6:3E:F4:70:43:31:85:62:C8:86:24:34:FA:CB
Certificate issuer: /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial: 0182F0547311B09138EF6888A0E448531CBF
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/saN4wjMbtj70cEMxhWLIhiQ0-ss.roa
Signing time: Tue 30 Aug 2022 19:57:22 +0000
ROA not before: Tue 30 Aug 2022 19:57:22 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 201364
IP address blocks: 185.77.3.0/24 maxlen: 24
45.10.56.0/24 maxlen: 24
2a11:1806::/32 maxlen: 32
2a11:1804::/32 maxlen: 32
2a11:1802::/32 maxlen: 32
2a11:1800::/32 maxlen: 32
2a11:1803::/32 maxlen: 32
2a11:1805::/32 maxlen: 32
2a11:1807::/32 maxlen: 32
2a11:1801::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:f0:54:73:11:b0:91:38:ef:68:88:a0:e4:48:53:1c:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Validity
Not Before: Aug 30 19:57:22 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b1a378c2331bb63ef47043318562c8862434facb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:7e:ae:a0:bd:7f:d5:23:2b:3b:b2:3f:4b:a6:
ff:6d:59:a6:28:88:01:34:a3:a7:f1:6e:f9:6d:60:
c4:fd:b3:64:da:5b:01:53:98:99:a1:f1:d2:10:22:
23:8d:d6:f3:f2:29:33:c0:4c:3e:fb:a7:68:aa:36:
97:d7:9e:ba:6c:ca:bc:c5:31:1d:59:7c:0c:a0:0a:
3c:27:5e:d1:99:62:a6:9f:18:7c:3a:a4:dd:b6:54:
4c:c2:ce:c1:79:c5:e2:86:05:84:dd:e7:bc:2d:c1:
1a:92:84:e7:89:65:c3:e4:0f:f9:51:68:63:e2:e0:
d0:28:05:b8:60:c1:f4:ac:bf:e4:94:51:9c:66:6e:
30:0c:92:a2:57:7d:68:58:c2:97:c8:04:08:82:43:
7d:47:c2:30:c7:21:3f:47:a2:39:b2:38:8c:b8:91:
b9:42:7a:a9:24:6c:d3:da:4d:93:74:98:91:68:10:
44:8c:ea:42:86:13:4a:e9:b0:82:a2:1b:96:7a:36:
71:b4:fd:a8:ae:7a:78:86:17:97:da:66:35:16:9f:
b7:09:9c:c7:18:53:ae:c6:fd:a2:ad:c4:52:37:f4:
c5:e1:b8:09:86:6d:ba:09:6b:f6:2e:c9:43:2f:35:
0d:d5:d4:d5:bd:8e:e7:35:23:20:0d:f9:3b:86:54:
b4:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:A3:78:C2:33:1B:B6:3E:F4:70:43:31:85:62:C8:86:24:34:FA:CB
X509v3 Authority Key Identifier:
keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/saN4wjMbtj70cEMxhWLIhiQ0-ss.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.56.0/24
185.77.3.0/24
IPv6:
2a11:1800::/29
Signature Algorithm: sha256WithRSAEncryption
36:02:b4:84:b9:0a:eb:d4:6d:37:1d:a8:f8:0d:82:bc:97:90:
3a:65:ff:fc:85:ce:5d:cd:8b:c4:c8:4b:73:5a:f1:bd:3a:8a:
1f:fb:67:83:b0:84:0e:b0:a1:63:38:96:7b:5f:cd:09:13:bc:
dd:d4:e8:f3:cc:fc:83:21:f8:38:62:b3:59:5c:0d:9c:98:2a:
85:b0:ee:96:58:78:d7:e8:5d:92:65:81:5d:1c:46:d9:8f:f1:
05:f1:2f:bb:a9:82:64:ce:97:91:66:bf:65:9f:b6:43:c6:cd:
69:51:ec:a0:4e:88:26:9b:5e:31:5e:aa:13:55:23:0d:18:a1:
f7:6a:7f:b6:cf:46:3c:6a:6a:e0:bc:06:db:00:d2:4e:27:26:
9e:cb:bd:6b:8a:0d:92:a8:ce:e7:00:2c:66:52:5b:b8:90:ab:
ba:16:2f:1a:96:f9:d1:66:ab:3e:3a:36:05:bd:e5:0f:a4:31:
c3:1a:60:04:c3:11:76:89:77:4a:71:1f:f2:0e:54:b5:00:22:
23:c7:ab:59:68:4f:e8:bd:a2:6e:6f:85:fc:13:c1:13:26:c8:
94:87:4e:d9:5f:85:71:0d:09:3b:84:6a:e2:dc:f1:4d:cf:e4:
52:cc:67:b5:72:ed:66:35:da:52:3f:4f:d3:e8:93:e5:73:dd:
4b:46:2f:c1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYLwVHMRsJE472iIoORIUxy/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjIwODMwMTk1NzIyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWEzNzhjMjMzMWJiNjNlZjQ3MDQzMzE4NTYyYzg4NjI0MzRmYWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln6uoL1/1SMrO7I/S6b/bVmmKIgB
NKOn8W75bWDE/bNk2lsBU5iZofHSECIjjdbz8ikzwEw++6doqjaX1566bMq8xTEd
WXwMoAo8J17RmWKmnxh8OqTdtlRMws7BecXihgWE3ee8LcEakoTniWXD5A/5UWhj
4uDQKAW4YMH0rL/klFGcZm4wDJKiV31oWMKXyAQIgkN9R8IwxyE/R6I5sjiMuJG5
QnqpJGzT2k2TdJiRaBBEjOpChhNK6bCCohuWejZxtP2ornp4hheX2mY1Fp+3CZzH
GFOuxv2ircRSN/TF4bgJhm26CWv2LslDLzUN1dTVvY7nNSMgDfk7hlS0YQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLGjeMIzG7Y+9HBDMYViyIYkNPrLMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvc2FONHdqTWJ0ajcwY0VNeGhXTEloaVEwLXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALQo4AwQA
uU0DMA0EAgACMAcDBQMqERgAMA0GCSqGSIb3DQEBCwUAA4IBAQA2ArSEuQrr1G03
Haj4DYK8l5A6Zf/8hc5dzYvEyEtzWvG9Ooof+2eDsIQOsKFjOJZ7X80JE7zd1Ojz
zPyDIfg4YrNZXA2cmCqFsO6WWHjX6F2SZYFdHEbZj/EF8S+7qYJkzpeRZr9ln7ZD
xs1pUeygTogmm14xXqoTVSMNGKH3an+2z0Y8amrgvAbbANJOJyaey71rig2SqM7n
ACxmUlu4kKu6Fi8alvnRZqs+OjYFveUPpDHDGmAEwxF2iXdKcR/yDlS1ACIjx6tZ
aE/ovaJub4X8E8ETJsiUh07ZX4VxDQk7hGri3PFNz+RSzGe1cu1mNdpSP0/T6JPl
c91LRi/B
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:00 2023 by rpki-client on console-fra.rpki-client.org