Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/1AAjgT3nIbv7jbHz90VUaTzk4RU.roa
File: 1AAjgT3nIbv7jbHz90VUaTzk4RU.roa (raw, json)
Hash identifier: AumOyEaQmE3K+K3jcL53KY1TVWMeYNVnxNkfIiVq66s=
Subject key identifier: D4:00:23:81:3D:E7:21:BB:FB:8D:B1:F3:F7:45:54:69:3C:E4:E1:15
Certificate issuer: /CN=74774b7b530edacf8fa73353a9014a5638949bfb
Certificate serial: 018CC725A96C978A39647D500FEDBF99EE9B
Authority key identifier: 74:77:4B:7B:53:0E:DA:CF:8F:A7:33:53:A9:01:4A:56:38:94:9B:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dHdLe1MO2s-PpzNTqQFKVjiUm_s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/1AAjgT3nIbv7jbHz90VUaTzk4RU.roa
Signing time: Mon 01 Jan 2024 22:29:43 +0000
ROA not before: Mon 01 Jan 2024 22:29:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201162
IP address blocks: 45.87.123.0/24 maxlen: 24
45.87.120.0/24 maxlen: 24
45.87.121.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:25:a9:6c:97:8a:39:64:7d:50:0f:ed:bf:99:ee:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74774b7b530edacf8fa73353a9014a5638949bfb
Validity
Not Before: Jan 1 22:29:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d40023813de721bbfb8db1f3f74554693ce4e115
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:2d:d9:e5:b4:14:05:ba:91:ab:47:70:d4:c4:
ef:f2:32:2e:38:8c:69:df:81:47:b4:25:d6:e6:c5:
6f:50:7a:95:b7:b2:ec:23:26:c3:90:39:40:78:10:
eb:3e:16:d6:10:a6:46:f0:d8:b3:3b:02:78:f1:8f:
b1:38:f0:94:75:b5:98:25:27:2f:0e:67:b7:1b:31:
67:5a:3e:ec:e8:b9:d6:49:d1:a5:aa:2d:0e:14:03:
88:61:38:a7:fc:77:37:22:ce:34:e8:8a:ee:93:3c:
83:f5:7f:77:3a:4b:54:85:8b:53:55:72:5d:ff:f0:
16:93:5b:fa:3a:40:8e:a1:49:f5:9b:84:dd:b0:3c:
4b:5a:9e:22:a1:05:9c:17:f3:06:2c:b1:8c:c7:8f:
f2:3f:1a:2d:98:1d:c6:59:b4:6f:88:5d:2f:e0:a4:
70:76:2f:14:01:89:cd:9b:c0:27:48:2a:a0:a3:4c:
ad:c5:a8:aa:92:94:8d:5e:4a:a9:e2:11:45:e4:70:
93:92:cd:a0:24:78:97:9f:39:05:68:bd:c6:78:7f:
5e:e9:85:0c:3c:17:e1:2b:dd:42:13:5d:c6:3e:a3:
51:3b:ba:de:7c:34:8a:3a:ad:d9:39:14:33:f2:ef:
b7:39:eb:47:71:b3:00:a5:ee:4d:0b:8b:64:69:00:
9b:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:00:23:81:3D:E7:21:BB:FB:8D:B1:F3:F7:45:54:69:3C:E4:E1:15
X509v3 Authority Key Identifier:
keyid:74:77:4B:7B:53:0E:DA:CF:8F:A7:33:53:A9:01:4A:56:38:94:9B:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHdLe1MO2s-PpzNTqQFKVjiUm_s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/1AAjgT3nIbv7jbHz90VUaTzk4RU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/dHdLe1MO2s-PpzNTqQFKVjiUm_s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.120.0/23
45.87.123.0/24
Signature Algorithm: sha256WithRSAEncryption
87:6c:95:0e:8a:34:d0:8b:8f:11:cd:40:6e:cc:64:0e:2a:bb:
d8:d1:28:9f:3f:ca:6f:32:9a:8d:0c:df:2f:a3:a3:10:be:60:
dd:49:04:29:2a:d3:e9:21:11:a6:39:c2:7a:d2:93:bb:f8:08:
df:6e:93:c3:5e:61:4b:fe:f6:83:1b:05:5e:ef:48:d6:13:b1:
47:8a:0c:d6:ca:12:8d:93:2f:ca:84:40:68:3a:3c:09:f3:44:
87:a8:fa:40:cb:bc:a6:4c:cf:3f:5c:bf:b3:b1:c8:2a:cf:35:
dc:6b:c4:4f:4d:0b:46:fc:1b:93:0a:22:0a:e9:7b:b5:b6:f2:
a3:64:c7:77:5f:23:96:9b:94:56:61:cd:11:da:69:49:55:cb:
d5:c4:50:88:09:02:92:9f:f7:93:2b:59:d7:8f:03:d2:57:99:
ad:66:14:77:37:b6:6d:42:e9:5a:d1:fd:fa:fe:6a:61:a6:3a:
09:c6:ca:69:b4:55:9f:d3:40:43:62:60:ad:e5:fb:de:49:d1:
c2:fb:99:da:0a:08:e1:a7:bd:77:75:74:32:c2:41:dc:0d:29:
15:31:a2:e7:81:79:df:f2:a0:d9:d5:d6:2a:99:9d:c5:a3:95:
33:e1:d1:8e:f6:2c:a2:a6:a0:28:78:fd:fe:f3:c3:c2:98:81:
57:cb:31:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJalsl4o5ZH1QD+2/me6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0Nzc0YjdiNTMwZWRhY2Y4ZmE3MzM1M2E5MDE0YTU2Mzg5
NDliZmIwHhcNMjQwMTAxMjIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDAwMjM4MTNkZTcyMWJiZmI4ZGIxZjNmNzQ1NTQ2OTNjZTRlMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhy3Z5bQUBbqRq0dw1MTv8jIuOIxp
34FHtCXW5sVvUHqVt7LsIybDkDlAeBDrPhbWEKZG8NizOwJ48Y+xOPCUdbWYJScv
Dme3GzFnWj7s6LnWSdGlqi0OFAOIYTin/Hc3Is406IrukzyD9X93OktUhYtTVXJd
//AWk1v6OkCOoUn1m4TdsDxLWp4ioQWcF/MGLLGMx4/yPxotmB3GWbRviF0v4KRw
di8UAYnNm8AnSCqgo0ytxaiqkpSNXkqp4hFF5HCTks2gJHiXnzkFaL3GeH9e6YUM
PBfhK91CE13GPqNRO7refDSKOq3ZORQz8u+3OetHcbMApe5NC4tkaQCbQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNQAI4E95yG7+42x8/dFVGk85OEVMB8GA1UdIwQY
MBaAFHR3S3tTDtrPj6czU6kBSlY4lJv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhkTGUxTU8ycy1QcHpOVHFRRktWamlVbV9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8wZmI2OWQtY2VmYy00NmVjLWJlMzkt
ODViZDM0YmQ0ZTVhLzEvMUFBamdUM25JYnY3amJIejkwVlVhVHprNFJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8wZmI2OWQtY2VmYy00NmVjLWJlMzktODViZDM0YmQ0ZTVh
LzEvZEhkTGUxTU8ycy1QcHpOVHFRRktWamlVbV9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVd4AwQA
LVd7MA0GCSqGSIb3DQEBCwUAA4IBAQCHbJUOijTQi48RzUBuzGQOKrvY0SifP8pv
MpqNDN8vo6MQvmDdSQQpKtPpIRGmOcJ60pO7+AjfbpPDXmFL/vaDGwVe70jWE7FH
igzWyhKNky/KhEBoOjwJ80SHqPpAy7ymTM8/XL+zscgqzzXca8RPTQtG/BuTCiIK
6Xu1tvKjZMd3XyOWm5RWYc0R2mlJVcvVxFCICQKSn/eTK1nXjwPSV5mtZhR3N7Zt
Qula0f36/mphpjoJxspptFWf00BDYmCt5fveSdHC+5naCgjhp713dXQywkHcDSkV
MaLngXnf8qDZ1dYqmZ3Fo5Uz4dGO9iyipqAoeP3+88PCmIFXyzHn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:33 2024 by rpki-client on console-ams.rpki-client.org