Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/Ou0oIxa1oynkC41z8QZtWbMgF6M.roa
File: Ou0oIxa1oynkC41z8QZtWbMgF6M.roa (raw, json)
Hash identifier: kmo/gYqcp6yAcTnobwa9d6XGfm4Rxi/swIx+bQRjGTE=
Subject key identifier: 3A:ED:28:23:16:B5:A3:29:E4:0B:8D:73:F1:06:6D:59:B3:20:17:A3
Certificate issuer: /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial: 38C9F544
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/Ou0oIxa1oynkC41z8QZtWbMgF6M.roa
Signing time: Sat 01 Jan 2022 07:55:09 +0000
ROA not before: Sat 01 Jan 2022 07:55:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1136
IP address blocks: 145.119.0.0/18 maxlen: 18
145.15.111.0/24 maxlen: 24
145.15.110.0/24 maxlen: 24
145.15.109.0/24 maxlen: 24
145.15.108.0/24 maxlen: 24
145.15.108.0/22 maxlen: 22
145.15.115.0/24 maxlen: 24
145.15.114.0/24 maxlen: 24
145.119.160.0/19 maxlen: 19
145.43.0.0/16 maxlen: 16
145.119.199.0/24 maxlen: 24
145.119.192.0/18 maxlen: 18
145.15.208.0/21 maxlen: 21
145.4.224.0/20 maxlen: 20
145.119.128.0/18 maxlen: 18
145.119.64.0/19 maxlen: 19
145.119.64.0/18 maxlen: 18
145.78.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 952759620 (0x38c9f544)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Validity
Not Before: Jan 1 07:55:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3aed282316b5a329e40b8d73f1066d59b32017a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:ae:95:83:91:66:70:fc:d6:0e:08:a2:bd:de:
f0:24:1c:0d:ea:c3:06:33:f8:3f:e9:e8:16:a5:b5:
82:30:4f:4a:f0:f2:e6:2e:a8:6c:37:46:b5:89:bf:
f9:d4:cf:d6:df:1c:4e:42:18:ee:cb:18:8c:0a:33:
97:00:75:6d:f1:b8:a3:f0:ff:6d:91:09:14:2f:fb:
9f:78:49:70:9b:4f:97:2a:a3:f9:2d:58:d1:b0:fb:
95:ad:fa:02:a2:c0:5a:1c:61:3f:62:46:17:68:f2:
62:7c:4e:39:67:2e:25:72:72:76:f9:18:66:f7:c5:
ba:2f:47:38:3f:9f:90:8e:2d:92:06:8f:64:7b:1e:
d3:5b:55:3d:30:b8:9c:aa:57:95:2d:2b:66:ab:56:
3f:66:ef:0f:2f:c9:84:e5:81:c9:a1:a8:c8:ed:94:
74:63:34:4f:ee:4d:a6:04:79:c3:f2:a9:0d:21:f5:
a6:70:55:c3:49:2e:0f:f0:64:fa:33:3a:6c:71:49:
19:5e:ee:0a:37:84:d5:6f:69:c7:54:09:f6:52:c5:
49:2b:cb:42:57:06:77:0e:5e:fb:0e:5c:a9:48:15:
7b:a9:f9:34:6d:f2:e2:33:76:d2:d3:26:c8:f5:06:
09:be:bb:d2:39:e5:57:6b:f9:97:a2:28:dc:ab:b4:
66:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:ED:28:23:16:B5:A3:29:E4:0B:8D:73:F1:06:6D:59:B3:20:17:A3
X509v3 Authority Key Identifier:
keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/Ou0oIxa1oynkC41z8QZtWbMgF6M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.4.224.0/20
145.15.108.0/22
145.15.114.0/23
145.15.208.0/21
145.43.0.0/16
145.78.0.0/16
145.119.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:cf:39:34:d6:e6:29:34:c3:01:ea:c0:52:ef:92:38:9d:a7:
4e:df:e7:f4:fb:5c:9e:4d:08:b2:8a:89:41:cc:cc:55:ac:df:
99:36:cd:d0:dc:3a:6b:6c:fa:a7:a4:cb:34:d2:bd:98:c9:84:
df:95:17:44:59:a9:7b:13:ac:2e:6a:d2:74:f1:5e:d9:d4:0a:
85:e3:a8:dd:c9:c2:d8:4f:ed:0b:81:b9:cf:7e:fe:cd:3a:e3:
6a:e6:5b:b0:13:e4:9f:f2:b8:50:c8:fe:89:ec:2d:5b:c3:b7:
1a:79:69:39:00:39:fe:93:e4:05:7b:a2:2e:23:8e:94:6d:45:
3e:55:60:b6:c7:d3:09:83:41:0d:fd:ec:dc:a8:da:ad:8e:75:
1d:ed:a4:4b:aa:27:12:c4:ca:86:5e:47:19:18:9c:be:58:90:
78:d3:a0:81:24:47:15:26:97:57:ce:38:07:64:a0:3b:7a:6e:
24:13:62:9c:92:13:04:52:bc:2e:48:46:5f:ec:c1:01:05:17:
a9:6e:29:0a:56:ac:d3:03:7b:69:6f:a5:a0:69:5f:82:47:f7:
1d:4a:7c:b7:28:e5:b2:25:62:ec:a2:04:ae:88:57:3a:81:aa:
ea:3f:19:9a:c0:d4:18:aa:c7:fa:6c:0c:40:88:9c:a4:b8:48:
55:1d:91:b7
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEOMn1RDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
NzczZGIxNzc5NWQyYmYxYjRiNTM0NWM1YjI5MzkwZGJhZjQ1MjNlMB4XDTIyMDEw
MTA3NTUwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2FlZDI4MjMxNmI1
YTMyOWU0MGI4ZDczZjEwNjZkNTliMzIwMTdhMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALeulYORZnD81g4Ior3e8CQcDerDBjP4P+noFqW1gjBPSvDy
5i6obDdGtYm/+dTP1t8cTkIY7ssYjAozlwB1bfG4o/D/bZEJFC/7n3hJcJtPlyqj
+S1Y0bD7la36AqLAWhxhP2JGF2jyYnxOOWcuJXJydvkYZvfFui9HOD+fkI4tkgaP
ZHse01tVPTC4nKpXlS0rZqtWP2bvDy/JhOWByaGoyO2UdGM0T+5NpgR5w/KpDSH1
pnBVw0kuD/Bk+jM6bHFJGV7uCjeE1W9px1QJ9lLFSSvLQlcGdw5e+w5cqUgVe6n5
NG3y4jN20tMmyPUGCb670jnlV2v5l6Io3Ku0ZlkCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBQ67SgjFrWjKeQLjXPxBm1ZsyAXozAfBgNVHSMEGDAWgBQXc9sXeV0r8bS1
NFxbKTkNuvRSPjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0YzUGJGM2xkS19HMHRUUmNXeWs1RGJyMFVqNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmQvZjc3Y2JkLTg5M2ItNDYxNi05ZDc2LTU0ODYxZjIzMjQ5ZC8x
L091MG9JeGExb3lua0M0MXo4UVp0V2JNZ0Y2TS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQv
Zjc3Y2JkLTg5M2ItNDYxNi05ZDc2LTU0ODYxZjIzMjQ5ZC8xL0YzUGJGM2xkS19H
MHRUUmNXeWs1RGJyMFVqNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wLQQCAAEwJwMEBJEE4AMEApEPbAMEAZEPcgMEA5EP
0AMDAJErAwMAkU4DAwCRdzANBgkqhkiG9w0BAQsFAAOCAQEAhM85NNbmKTTDAerA
Uu+SOJ2nTt/n9Ptcnk0IsoqJQczMVazfmTbN0Nw6a2z6p6TLNNK9mMmE35UXRFmp
exOsLmrSdPFe2dQKheOo3cnC2E/tC4G5z37+zTrjauZbsBPkn/K4UMj+iewtW8O3
GnlpOQA5/pPkBXuiLiOOlG1FPlVgtsfTCYNBDf3s3KjarY51He2kS6onEsTKhl5H
GRicvliQeNOggSRHFSaXV844B2SgO3puJBNinJITBFK8LkhGX+zBAQUXqW4pClas
0wN7aW+loGlfgkf3HUp8tyjlsiVi7KIErohXOoGq6j8ZmsDUGKrH+mwMQIicpLhI
VR2Rtw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:09 2024 by rpki-client on console-fra.rpki-client.org