Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0aI3HcQH8wZ0mmIDanUEFKaquVU.roa
File: 0aI3HcQH8wZ0mmIDanUEFKaquVU.roa (raw, json)
Hash identifier: LEKdSl5k2QHwDtt+qsYtuSpfsGgVmW75W334Lj1GZMM=
Subject key identifier: D1:A2:37:1D:C4:07:F3:06:74:9A:62:03:6A:75:04:14:A6:AA:B9:55
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 155D3F5E
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0aI3HcQH8wZ0mmIDanUEFKaquVU.roa
Signing time: Thu 16 Jun 2022 09:35:09 +0000
ROA not before: Thu 16 Jun 2022 09:35:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 85.8.164.0/22 maxlen: 24
45.146.240.0/23 maxlen: 24
45.146.242.0/23 maxlen: 24
82.115.0.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 358432606 (0x155d3f5e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jun 16 09:35:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d1a2371dc407f306749a62036a750414a6aab955
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:38:14:2b:b1:74:14:5c:aa:cb:67:dc:2f:67:
09:af:63:d0:84:cf:9c:37:d9:23:21:b3:57:67:13:
26:41:32:2d:92:b8:88:b3:5e:1d:46:7f:f1:c5:b6:
68:21:b0:7e:e5:67:68:f4:c0:0a:0b:a1:4b:17:36:
53:25:51:7a:d0:55:3b:fc:61:d0:36:db:e3:29:7d:
61:98:69:03:57:9d:1e:b3:cd:9e:f8:89:42:65:17:
b8:09:c4:7e:25:ed:c4:76:17:f3:5d:a3:d1:a2:ed:
45:dc:84:1b:f2:04:f6:9c:f6:25:5b:dd:d0:7a:1c:
e7:5f:52:8d:4f:2b:4c:14:84:22:b7:18:4e:cf:a9:
3a:4b:93:94:8d:bb:1a:14:d0:fe:7b:1e:3b:48:1f:
7b:99:70:47:55:d0:c0:f6:94:9d:51:6d:e6:c3:4c:
2c:d2:88:0c:55:da:5f:16:e9:e9:2f:25:dc:6d:28:
ce:69:34:fe:4c:fb:91:a4:4a:3b:9f:c2:54:fb:88:
2e:77:c1:84:aa:e6:ae:fa:85:48:b3:19:11:c9:19:
79:f9:38:39:2d:77:0c:94:7e:e4:75:82:2a:38:da:
a1:f0:c7:08:bf:55:b9:f2:8a:77:b4:fb:f8:b5:d8:
d1:86:f3:ab:b6:b0:76:47:d3:60:93:e1:d5:97:4c:
62:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:A2:37:1D:C4:07:F3:06:74:9A:62:03:6A:75:04:14:A6:AA:B9:55
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/0aI3HcQH8wZ0mmIDanUEFKaquVU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.240.0/22
82.115.0.0/21
85.8.164.0/22
Signature Algorithm: sha256WithRSAEncryption
19:f8:ee:5b:79:1a:75:0d:64:ac:0e:2a:58:87:91:da:38:53:
8e:83:56:5d:13:3a:ba:c6:2b:8d:fc:71:63:3a:e4:ec:e8:23:
4a:a0:25:94:b9:42:73:b6:76:98:34:5b:60:41:76:19:e1:c7:
50:ec:38:b8:ec:99:84:59:75:fc:7c:40:82:37:b2:2c:52:aa:
32:3e:3f:70:ca:ef:05:53:b5:54:f8:88:5b:8c:54:e0:7a:4c:
4e:dc:6c:e2:51:df:b1:5f:32:04:ea:b7:b0:58:a9:e9:a1:92:
df:72:41:e4:b6:e6:3c:31:97:46:04:4d:21:76:b0:fa:8d:76:
95:9c:17:ce:1e:af:38:63:28:be:fb:13:ed:7d:be:23:49:de:
a5:40:3f:b6:fb:2f:2a:fe:7f:95:0f:7c:92:64:d2:80:6d:79:
ed:37:48:3e:46:64:41:22:1c:5d:9a:af:8b:74:dd:52:e4:96:
51:67:35:ce:4c:3f:31:15:10:38:48:d8:13:8d:16:e9:b3:d7:
e6:7a:57:98:49:53:86:68:c3:c5:50:6b:d7:ce:23:3c:0c:3f:
ac:f6:b7:8d:81:37:92:47:28:99:21:64:4c:fe:3a:c7:81:00:
6b:54:4e:32:c9:d3:9d:39:7c:5c:7d:7d:aa:3e:0a:9b:43:e1:
08:62:99:01
-----BEGIN CERTIFICATE-----
MIIE+zCCA+OgAwIBAgIEFV0/XjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDYx
NjA5MzUwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDFhMjM3MWRjNDA3
ZjMwNjc0OWE2MjAzNmE3NTA0MTRhNmFhYjk1NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANc4FCuxdBRcqstn3C9nCa9j0ITPnDfZIyGzV2cTJkEyLZK4
iLNeHUZ/8cW2aCGwfuVnaPTACguhSxc2UyVRetBVO/xh0Dbb4yl9YZhpA1edHrPN
nviJQmUXuAnEfiXtxHYX812j0aLtRdyEG/IE9pz2JVvd0Hoc519SjU8rTBSEIrcY
Ts+pOkuTlI27GhTQ/nseO0gfe5lwR1XQwPaUnVFt5sNMLNKIDFXaXxbp6S8l3G0o
zmk0/kz7kaRKO5/CVPuILnfBhKrmrvqFSLMZEckZefk4OS13DJR+5HWCKjjaofDH
CL9VufKKd7T7+LXY0Ybzq7awdkfTYJPh1ZdMYuUCAwEAAaOCAhUwggIRMB0GA1Ud
DgQWBBTRojcdxAfzBnSaYgNqdQQUpqq5VTAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
LzBhSTNIY1FIOHdaMG1tSURhblVFRkthcXVWVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAr
BggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAi2S8AMEA1JzAAMEAlUIpDANBgkq
hkiG9w0BAQsFAAOCAQEAGfjuW3kadQ1krA4qWIeR2jhTjoNWXRM6usYrjfxxYzrk
7OgjSqAllLlCc7Z2mDRbYEF2GeHHUOw4uOyZhFl1/HxAgjeyLFKqMj4/cMrvBVO1
VPiIW4xU4HpMTtxs4lHfsV8yBOq3sFip6aGS33JB5LbmPDGXRgRNIXaw+o12lZwX
zh6vOGMovvsT7X2+I0nepUA/tvsvKv5/lQ98kmTSgG157TdIPkZkQSIcXZqvi3Td
UuSWUWc1zkw/MRUQOEjYE40W6bPX5npXmElThmjDxVBr184jPAw/rPa3jYE3kkco
mSFkTP46x4EAa1ROMsnTnTl8XH19qj4Km0PhCGKZAQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:24 2023 by rpki-client on console-ams.rpki-client.org