Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/U1Od3VeIsdMeRus2hJqtzG3vyjE.roa
File: U1Od3VeIsdMeRus2hJqtzG3vyjE.roa (raw, json)
Hash identifier: zcySBwdca9B1jQDHKeiatqz618tqbCv8uswnQjyIGrA=
Subject key identifier: 53:53:9D:DD:57:88:B1:D3:1E:46:EB:36:84:9A:AD:CC:6D:EF:CA:31
Certificate issuer: /CN=74774b7b530edacf8fa73353a9014a5638949bfb
Certificate serial: 0185706738B972F1322E00F80EF929C98657
Authority key identifier: 74:77:4B:7B:53:0E:DA:CF:8F:A7:33:53:A9:01:4A:56:38:94:9B:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dHdLe1MO2s-PpzNTqQFKVjiUm_s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/U1Od3VeIsdMeRus2hJqtzG3vyjE.roa
Signing time: Mon 02 Jan 2023 02:54:50 +0000
ROA not before: Mon 02 Jan 2023 02:54:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201162
IP address blocks: 45.87.123.0/24 maxlen: 24
45.87.120.0/24 maxlen: 24
45.87.121.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:67:38:b9:72:f1:32:2e:00:f8:0e:f9:29:c9:86:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74774b7b530edacf8fa73353a9014a5638949bfb
Validity
Not Before: Jan 2 02:54:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=53539ddd5788b1d31e46eb36849aadcc6defca31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:b3:ca:6d:04:a6:09:18:4c:d2:ce:e7:91:73:
57:0e:fd:d3:9d:88:ff:cc:39:79:2f:3b:1d:13:87:
9c:90:4f:7c:48:73:8e:04:5b:59:a6:9e:75:22:4b:
f8:5f:5e:85:08:06:3d:b6:65:c6:da:f6:d8:e8:5a:
62:c8:06:ab:f9:0d:a5:8d:28:76:11:51:8a:40:cf:
00:23:b5:10:af:a6:67:2b:8d:9c:53:ed:43:87:80:
49:7b:d2:28:ca:17:79:74:20:e5:66:b2:7f:6f:04:
4c:db:39:6d:d0:ae:10:4b:78:f6:bf:a3:5a:2c:1b:
1d:9a:f7:ac:38:8a:f0:9e:5c:37:ba:7d:63:29:df:
de:23:9e:35:95:2e:c2:93:15:32:70:a6:e8:71:f1:
81:f7:26:54:7b:19:68:f0:57:cc:2d:4d:75:d2:c7:
81:32:7e:14:27:58:e2:01:9c:f1:34:20:5a:3a:1c:
4a:df:38:b9:7d:a3:db:85:b8:1a:ac:ff:29:7a:da:
fa:b2:8f:d6:31:3a:6e:1b:b6:9d:9d:27:da:ac:d5:
c2:7e:b5:ef:c9:09:e6:e2:7f:02:14:8f:f3:eb:5b:
34:52:61:89:30:c0:dd:8c:91:39:69:b0:c1:10:ed:
b2:8b:7f:f2:2d:26:01:18:23:15:1d:8f:ef:1c:d0:
99:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:53:9D:DD:57:88:B1:D3:1E:46:EB:36:84:9A:AD:CC:6D:EF:CA:31
X509v3 Authority Key Identifier:
keyid:74:77:4B:7B:53:0E:DA:CF:8F:A7:33:53:A9:01:4A:56:38:94:9B:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHdLe1MO2s-PpzNTqQFKVjiUm_s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/U1Od3VeIsdMeRus2hJqtzG3vyjE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/dHdLe1MO2s-PpzNTqQFKVjiUm_s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.120.0/23
45.87.123.0/24
Signature Algorithm: sha256WithRSAEncryption
41:97:ad:bd:ce:2f:4e:ff:a6:6c:75:21:a2:a8:e0:ee:de:77:
ee:7c:ba:d8:d3:9b:6e:35:6a:ba:30:07:e4:d3:bf:a3:a8:e5:
a5:75:11:c6:32:48:b9:cd:a6:ef:99:02:cd:83:2c:3c:3f:fb:
a0:16:e5:c3:0b:63:f0:c1:38:96:f5:51:b6:96:6f:ce:77:2f:
5b:b4:94:a7:15:ac:b1:2e:bb:2c:9e:18:38:4d:b2:8e:16:03:
56:7f:ef:be:a2:5a:09:ad:d2:1f:fa:32:fa:42:36:99:fa:ff:
42:e6:a8:fd:94:8d:b2:53:53:ef:3c:a2:7d:1a:f9:a8:bb:52:
c3:7b:da:6f:61:e9:a4:02:32:c7:13:b3:be:8e:21:89:67:fd:
9f:f6:e3:9b:3d:c9:c2:5c:33:ff:ec:bf:e7:9f:6b:ef:d2:95:
cb:ba:9e:35:c4:d9:93:8f:3f:dd:be:76:40:96:37:05:f6:6b:
82:3c:9c:c6:f8:4d:f9:78:e5:9d:15:c6:ad:fb:63:c4:7e:fb:
12:e7:21:2f:3b:86:c0:4e:61:dd:51:28:7e:01:5b:e3:2a:fe:
a0:f7:f3:10:c9:be:3c:53:f4:81:a9:24:c3:70:17:2a:fc:5c:
cc:55:21:d5:25:d1:56:b9:99:68:11:d2:fd:a0:2c:fe:0f:de:
db:96:17:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwZzi5cvEyLgD4DvkpyYZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0Nzc0YjdiNTMwZWRhY2Y4ZmE3MzM1M2E5MDE0YTU2Mzg5
NDliZmIwHhcNMjMwMTAyMDI1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzUzOWRkZDU3ODhiMWQzMWU0NmViMzY4NDlhYWRjYzZkZWZjYTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7PKbQSmCRhM0s7nkXNXDv3TnYj/
zDl5LzsdE4eckE98SHOOBFtZpp51Ikv4X16FCAY9tmXG2vbY6FpiyAar+Q2ljSh2
EVGKQM8AI7UQr6ZnK42cU+1Dh4BJe9Ioyhd5dCDlZrJ/bwRM2zlt0K4QS3j2v6Na
LBsdmvesOIrwnlw3un1jKd/eI541lS7CkxUycKbocfGB9yZUexlo8FfMLU110seB
Mn4UJ1jiAZzxNCBaOhxK3zi5faPbhbgarP8petr6so/WMTpuG7adnSfarNXCfrXv
yQnm4n8CFI/z61s0UmGJMMDdjJE5abDBEO2yi3/yLSYBGCMVHY/vHNCZuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFNTnd1XiLHTHkbrNoSarcxt78oxMB8GA1UdIwQY
MBaAFHR3S3tTDtrPj6czU6kBSlY4lJv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhkTGUxTU8ycy1QcHpOVHFRRktWamlVbV9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8wZmI2OWQtY2VmYy00NmVjLWJlMzkt
ODViZDM0YmQ0ZTVhLzEvVTFPZDNWZUlzZE1lUnVzMmhKcXR6RzN2eWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8wZmI2OWQtY2VmYy00NmVjLWJlMzktODViZDM0YmQ0ZTVh
LzEvZEhkTGUxTU8ycy1QcHpOVHFRRktWamlVbV9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVd4AwQA
LVd7MA0GCSqGSIb3DQEBCwUAA4IBAQBBl629zi9O/6ZsdSGiqODu3nfufLrY05tu
NWq6MAfk07+jqOWldRHGMki5zabvmQLNgyw8P/ugFuXDC2PwwTiW9VG2lm/Ody9b
tJSnFayxLrssnhg4TbKOFgNWf+++oloJrdIf+jL6QjaZ+v9C5qj9lI2yU1PvPKJ9
Gvmou1LDe9pvYemkAjLHE7O+jiGJZ/2f9uObPcnCXDP/7L/nn2vv0pXLup41xNmT
jz/dvnZAljcF9muCPJzG+E35eOWdFcat+2PEfvsS5yEvO4bATmHdUSh+AVvjKv6g
9/MQyb48U/SBqSTDcBcq/FzMVSHVJdFWuZloEdL9oCz+D97blhdD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:33 2024 by rpki-client on console-ams.rpki-client.org