Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/p9FryXQ4QfK81_aqu2rmzY_uiLI.roa
File: p9FryXQ4QfK81_aqu2rmzY_uiLI.roa (raw, json)
Hash identifier: LDeHXoMcmUAl9L1iDyiV/Fo5Px6C6z4OcoxCb4GUWWk=
Subject key identifier: A7:D1:6B:C9:74:38:41:F2:BC:D7:F6:AA:BB:6A:E6:CD:8F:EE:88:B2
Certificate issuer: /CN=74774b7b530edacf8fa73353a9014a5638949bfb
Certificate serial: 01853F57E01FBA4E7BCA65115E5BBACE2809
Authority key identifier: 74:77:4B:7B:53:0E:DA:CF:8F:A7:33:53:A9:01:4A:56:38:94:9B:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dHdLe1MO2s-PpzNTqQFKVjiUm_s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/p9FryXQ4QfK81_aqu2rmzY_uiLI.roa
Signing time: Fri 23 Dec 2022 14:16:41 +0000
ROA not before: Fri 23 Dec 2022 14:16:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 201162
IP address blocks: 45.87.123.0/24 maxlen: 24
45.87.120.0/24 maxlen: 24
45.87.121.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:3f:57:e0:1f:ba:4e:7b:ca:65:11:5e:5b:ba:ce:28:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74774b7b530edacf8fa73353a9014a5638949bfb
Validity
Not Before: Dec 23 14:16:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a7d16bc9743841f2bcd7f6aabb6ae6cd8fee88b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:5e:b0:fa:f6:d6:dc:3e:64:fa:ac:73:d6:b6:
7e:24:97:ed:db:38:d0:88:ca:38:87:4d:6b:ac:39:
39:a2:c7:6d:d5:65:a0:44:26:64:97:13:43:41:c5:
3e:7c:ff:b9:13:d5:a9:91:23:b0:3b:61:d5:7c:24:
32:bc:08:df:ea:49:e8:1d:03:77:d0:b3:1b:9b:94:
8d:e3:ba:40:ee:55:25:05:3c:95:e5:7f:cc:0c:23:
d1:64:7f:26:2c:4b:bc:86:fb:17:04:24:a6:5f:2e:
f3:44:86:4d:f9:9c:ee:ce:07:d8:cd:17:3f:68:1d:
f2:53:9e:dd:c3:61:79:b5:e7:91:9e:e7:7e:22:2e:
19:d8:e3:a9:83:29:52:68:9e:10:79:45:2d:e8:bc:
f8:fe:3f:5b:a8:5b:76:b1:21:5b:7a:28:b6:c8:eb:
91:3f:fa:b5:4a:e2:a0:cc:69:66:62:e8:59:82:ad:
4e:e7:ab:13:ee:c0:76:a5:2e:05:cf:96:09:a2:ba:
24:42:d2:f6:d8:9d:8b:b7:91:68:9d:e4:d5:c8:e6:
16:a5:95:5f:17:40:a4:26:75:16:21:f2:f2:d0:bc:
9f:a7:c5:9d:3a:e3:7f:0a:71:4b:d1:16:46:5f:f8:
83:f4:d2:14:66:04:05:5c:c1:a3:f9:3c:9f:33:a1:
1c:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:D1:6B:C9:74:38:41:F2:BC:D7:F6:AA:BB:6A:E6:CD:8F:EE:88:B2
X509v3 Authority Key Identifier:
keyid:74:77:4B:7B:53:0E:DA:CF:8F:A7:33:53:A9:01:4A:56:38:94:9B:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHdLe1MO2s-PpzNTqQFKVjiUm_s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/p9FryXQ4QfK81_aqu2rmzY_uiLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/0fb69d-cefc-46ec-be39-85bd34bd4e5a/1/dHdLe1MO2s-PpzNTqQFKVjiUm_s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.120.0/23
45.87.123.0/24
Signature Algorithm: sha256WithRSAEncryption
07:9f:8b:6c:ac:15:95:d5:9b:8b:64:8c:38:cd:51:b8:a3:9e:
b9:98:1f:db:a7:d8:c4:e4:42:0b:67:82:82:1b:1c:d0:25:fb:
82:81:24:9a:f7:da:e3:16:82:d4:dd:10:60:4a:44:3a:3f:56:
6d:33:f5:bc:65:e2:36:a0:2b:2e:c5:14:6f:5d:45:50:1e:3f:
ca:66:79:19:4b:ca:0f:64:46:15:0f:60:b7:75:7a:4c:2a:71:
e7:3a:d6:1a:82:8e:9d:19:f1:3c:d7:d9:15:6f:fe:bf:99:ec:
ee:29:6a:f9:94:c7:dc:15:90:d7:1f:81:6e:2b:7e:61:90:b4:
82:22:8d:f5:eb:4a:f4:74:4b:66:ba:0a:ab:b5:fa:d9:b4:06:
b8:f8:ee:47:65:8e:a1:36:8d:19:87:25:85:f6:10:04:29:0f:
f2:83:88:84:1b:8f:8f:33:94:23:0f:db:55:fb:27:3e:9f:24:
d2:d5:0e:82:64:49:2c:08:2e:22:b7:32:50:5e:3c:65:69:35:
95:c8:60:03:a4:15:0a:2d:d5:f1:b1:ae:dd:cb:61:1e:56:45:
49:60:45:c5:d7:41:26:ff:9f:0c:bc:7b:3a:07:c3:f3:40:57:
f3:0f:4b:8a:9c:02:51:1f:69:e4:f3:e4:42:a7:16:1c:b7:df:
e0:82:94:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYU/V+Afuk57ymURXlu6zigJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0Nzc0YjdiNTMwZWRhY2Y4ZmE3MzM1M2E5MDE0YTU2Mzg5
NDliZmIwHhcNMjIxMjIzMTQxNjQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2QxNmJjOTc0Mzg0MWYyYmNkN2Y2YWFiYjZhZTZjZDhmZWU4OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxl6w+vbW3D5k+qxz1rZ+JJft2zjQ
iMo4h01rrDk5osdt1WWgRCZklxNDQcU+fP+5E9WpkSOwO2HVfCQyvAjf6knoHQN3
0LMbm5SN47pA7lUlBTyV5X/MDCPRZH8mLEu8hvsXBCSmXy7zRIZN+ZzuzgfYzRc/
aB3yU57dw2F5teeRnud+Ii4Z2OOpgylSaJ4QeUUt6Lz4/j9bqFt2sSFbeii2yOuR
P/q1SuKgzGlmYuhZgq1O56sT7sB2pS4Fz5YJorokQtL22J2Lt5FoneTVyOYWpZVf
F0CkJnUWIfLy0Lyfp8WdOuN/CnFL0RZGX/iD9NIUZgQFXMGj+TyfM6EcIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKfRa8l0OEHyvNf2qrtq5s2P7oiyMB8GA1UdIwQY
MBaAFHR3S3tTDtrPj6czU6kBSlY4lJv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhkTGUxTU8ycy1QcHpOVHFRRktWamlVbV9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8wZmI2OWQtY2VmYy00NmVjLWJlMzkt
ODViZDM0YmQ0ZTVhLzEvcDlGcnlYUTRRZks4MV9hcXUycm16WV91aUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8wZmI2OWQtY2VmYy00NmVjLWJlMzktODViZDM0YmQ0ZTVh
LzEvZEhkTGUxTU8ycy1QcHpOVHFRRktWamlVbV9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVd4AwQA
LVd7MA0GCSqGSIb3DQEBCwUAA4IBAQAHn4tsrBWV1ZuLZIw4zVG4o565mB/bp9jE
5EILZ4KCGxzQJfuCgSSa99rjFoLU3RBgSkQ6P1ZtM/W8ZeI2oCsuxRRvXUVQHj/K
ZnkZS8oPZEYVD2C3dXpMKnHnOtYago6dGfE819kVb/6/mezuKWr5lMfcFZDXH4Fu
K35hkLSCIo3160r0dEtmugqrtfrZtAa4+O5HZY6hNo0ZhyWF9hAEKQ/yg4iEG4+P
M5QjD9tV+yc+nyTS1Q6CZEksCC4itzJQXjxlaTWVyGADpBUKLdXxsa7dy2EeVkVJ
YEXF10Em/58MvHs6B8PzQFfzD0uKnAJRH2nk8+RCpxYct9/ggpRj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:23 2024 by rpki-client on console-fra.rpki-client.org