Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/3_MzmqDyo8YIACdauxu0C0xkdSA.roa
File: 3_MzmqDyo8YIACdauxu0C0xkdSA.roa (raw, json)
Hash identifier: JSHNXZwWHDbHAmJXbfHy+Sxu+Z3gSLojPn7aRRvZb4A=
Subject key identifier: DF:F3:33:9A:A0:F2:A3:C6:08:00:27:5A:BB:1B:B4:0B:4C:64:75:20
Certificate issuer: /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial: 018529184DDE51D0004752CDAE9D21A4C26B
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/3_MzmqDyo8YIACdauxu0C0xkdSA.roa
Signing time: Mon 19 Dec 2022 06:35:36 +0000
ROA not before: Mon 19 Dec 2022 06:35:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 45.146.192.0/22 maxlen: 22
45.146.60.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:29:18:4d:de:51:d0:00:47:52:cd:ae:9d:21:a4:c2:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Validity
Not Before: Dec 19 06:35:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dff3339aa0f2a3c60800275abb1bb40b4c647520
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:49:36:1f:fd:f5:e7:fd:f7:27:ac:b2:ba:c9:
d9:e4:ef:f0:7b:e6:65:03:1e:7b:e3:0c:0d:aa:cd:
9d:ca:2f:11:80:ab:a7:d5:21:1e:16:5c:cd:7d:2d:
ef:12:49:e9:ed:4b:aa:5e:f8:56:97:13:31:72:d2:
0c:3e:e0:72:cd:91:d7:df:6e:b8:4c:78:8d:27:8d:
41:94:d4:8b:8e:af:51:d3:83:4d:22:cf:4e:37:e8:
ac:4b:e6:b9:49:8f:1e:9c:f6:12:a3:9c:b0:22:b6:
30:74:5f:dc:f1:c2:2e:72:8a:01:27:06:31:5e:3b:
08:03:a3:e0:bc:be:ba:fa:f7:d0:6b:18:6e:c2:ab:
9d:4e:0f:67:10:89:6c:4a:2b:63:9c:10:3d:1b:38:
b3:1d:ca:2e:6b:14:38:a0:a0:76:cc:db:78:4a:79:
47:e4:51:6e:fd:3b:0f:ea:3e:16:86:c5:8a:14:e9:
a4:a2:5d:e0:d6:fc:19:c8:f2:d8:57:a5:4f:06:dc:
d4:8d:ef:f6:dd:0b:c7:45:bb:08:91:20:24:ad:02:
c7:d3:0a:5c:98:81:eb:d4:88:08:6d:5f:0c:17:ac:
7e:ec:64:bd:9f:5a:11:f9:29:48:70:7d:29:e1:39:
06:1c:e2:05:10:08:13:08:76:0b:bf:d9:f8:cf:c8:
31:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:F3:33:9A:A0:F2:A3:C6:08:00:27:5A:BB:1B:B4:0B:4C:64:75:20
X509v3 Authority Key Identifier:
keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/3_MzmqDyo8YIACdauxu0C0xkdSA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.60.0/22
45.146.192.0/22
Signature Algorithm: sha256WithRSAEncryption
49:9e:16:c3:92:2f:6e:30:36:ac:73:4b:63:b9:b5:17:49:14:
f9:f6:b6:27:e8:15:27:7b:81:70:fa:53:12:58:f0:97:2b:96:
24:b4:89:0d:38:23:80:ae:d5:f1:92:a1:7a:eb:02:28:a9:da:
00:62:36:31:17:bb:47:59:cc:23:79:0e:27:17:1d:d5:0e:ea:
2b:33:a5:b6:54:cb:df:2b:19:f5:21:91:59:5e:b5:49:21:14:
6f:3c:fe:04:12:d9:95:7a:69:3d:3a:cb:b8:86:28:55:64:59:
d5:66:85:b8:7c:a0:c9:5c:05:fd:90:4f:02:6a:5d:6d:5f:85:
e4:c5:df:4a:5e:29:19:90:1b:eb:5f:00:6b:29:26:3c:42:a2:
5e:f1:45:fb:83:33:77:8d:78:0e:2c:dd:94:92:76:8b:58:49:
06:47:43:42:b3:eb:23:22:dc:e9:4b:61:86:e6:88:78:87:77:
b4:16:0c:e1:7d:b0:6c:4e:3b:d9:30:52:99:7b:ce:6e:5f:14:
92:67:2b:2a:7c:21:ab:3a:ab:6b:7c:54:17:53:bc:49:35:18:
e1:71:2f:8b:ea:1e:61:95:a2:2a:45:37:79:a7:e9:25:00:67:
24:e3:8b:e2:3b:bd:73:63:b7:af:45:7f:06:87:80:7a:82:dc:
f5:ed:e6:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYUpGE3eUdAAR1LNrp0hpMJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjIxMjE5MDYzNTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmYzMzM5YWEwZjJhM2M2MDgwMDI3NWFiYjFiYjQwYjRjNjQ3NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0k2H/315/33J6yyusnZ5O/we+Zl
Ax574wwNqs2dyi8RgKun1SEeFlzNfS3vEknp7UuqXvhWlxMxctIMPuByzZHX3264
THiNJ41BlNSLjq9R04NNIs9ON+isS+a5SY8enPYSo5ywIrYwdF/c8cIucooBJwYx
XjsIA6PgvL66+vfQaxhuwqudTg9nEIlsSitjnBA9GzizHcouaxQ4oKB2zNt4SnlH
5FFu/TsP6j4WhsWKFOmkol3g1vwZyPLYV6VPBtzUje/23QvHRbsIkSAkrQLH0wpc
mIHr1IgIbV8MF6x+7GS9n1oR+SlIcH0p4TkGHOIFEAgTCHYLv9n4z8gxVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN/zM5qg8qPGCAAnWrsbtAtMZHUgMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvM19Nem1xRHlvOFlJQUNkYXV4dTBDMHhrZFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZI8AwQC
LZLAMA0GCSqGSIb3DQEBCwUAA4IBAQBJnhbDki9uMDasc0tjubUXSRT59rYn6BUn
e4Fw+lMSWPCXK5YktIkNOCOArtXxkqF66wIoqdoAYjYxF7tHWcwjeQ4nFx3VDuor
M6W2VMvfKxn1IZFZXrVJIRRvPP4EEtmVemk9Osu4hihVZFnVZoW4fKDJXAX9kE8C
al1tX4Xkxd9KXikZkBvrXwBrKSY8QqJe8UX7gzN3jXgOLN2UknaLWEkGR0NCs+sj
ItzpS2GG5oh4h3e0FgzhfbBsTjvZMFKZe85uXxSSZysqfCGrOqtrfFQXU7xJNRjh
cS+L6h5hlaIqRTd5p+klAGck44viO71zY7evRX8Gh4B6gtz17eYI
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:02 2023 by rpki-client on console-fra.rpki-client.org