Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/4nK3g12RbCcfxqgFVnykcf0J91g.roa
File: 4nK3g12RbCcfxqgFVnykcf0J91g.roa (raw, json)
Hash identifier: nqu9NRsefj+e1CBrnu2+ZU15INPeCPoNXklPW5IEcXE=
Subject key identifier: E2:72:B7:83:5D:91:6C:27:1F:C6:A8:05:56:7C:A4:71:FD:09:F7:58
Certificate issuer: /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial: 018CC2DB077C18D1DB11255CCFF052DA0AD5
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/4nK3g12RbCcfxqgFVnykcf0J91g.roa
Signing time: Mon 01 Jan 2024 02:29:43 +0000
ROA not before: Mon 01 Jan 2024 02:29:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201691
IP address blocks: 194.26.195.0/24 maxlen: 24
45.159.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:db:07:7c:18:d1:db:11:25:5c:cf:f0:52:da:0a:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Validity
Not Before: Jan 1 02:29:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e272b7835d916c271fc6a805567ca471fd09f758
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:be:e2:c4:d9:6e:df:29:2e:c7:84:79:1c:34:
82:f4:a1:21:0e:00:79:42:26:c8:06:72:61:31:57:
73:56:74:70:d9:9a:7c:96:6c:d0:b1:d1:cf:8f:45:
d3:d8:eb:0d:40:46:af:58:25:25:73:b4:37:49:b6:
b5:39:dd:f4:46:dc:a3:b6:9c:6d:e5:5f:2f:15:50:
95:d8:0d:f1:12:d6:37:61:ac:a2:6e:b7:46:c5:6c:
92:ac:4d:9a:d6:5c:e9:0a:2b:ff:23:10:a7:de:55:
ac:56:3b:d3:76:47:bb:dd:69:59:5e:08:d5:87:65:
35:60:54:26:19:05:37:81:9c:fd:79:99:f3:22:a8:
56:d0:cf:67:e9:00:90:79:3a:07:5a:57:19:01:b7:
ff:f1:08:10:cc:dd:b1:f1:c1:2a:6c:9f:1d:60:99:
13:fa:ed:b7:a3:43:b9:a8:f4:5a:90:44:5e:9b:af:
8d:1f:0b:b2:65:84:1c:2d:dc:b0:cf:ca:18:1d:c2:
6b:ca:d3:ec:91:ab:7c:c3:d4:cd:17:0b:2a:fe:23:
f6:3a:78:bc:c0:18:ec:fb:1f:63:af:df:2a:8b:c1:
b0:2d:21:3b:c2:a6:ca:b7:9b:58:3e:84:73:2a:48:
19:50:9e:d5:25:88:bf:77:fd:a7:85:b3:30:84:e6:
c2:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:72:B7:83:5D:91:6C:27:1F:C6:A8:05:56:7C:A4:71:FD:09:F7:58
X509v3 Authority Key Identifier:
keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/4nK3g12RbCcfxqgFVnykcf0J91g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.151.0/24
194.26.195.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:e8:5a:9a:44:15:a1:33:4f:06:f2:3e:4a:32:e4:9a:9c:11:
55:89:87:85:34:cf:80:4d:1d:15:54:68:e4:59:5d:f7:4c:51:
10:d1:fc:23:8f:fe:5b:6b:0d:9c:5c:c1:61:2f:07:98:e2:70:
5e:6a:51:ce:b2:30:f2:32:0c:09:5b:ff:a6:91:42:c6:9e:f4:
20:f8:03:6b:06:86:bf:6b:df:f5:36:6d:93:d7:10:4a:fb:68:
58:51:3b:5f:14:a8:47:c5:7f:44:cf:11:c8:34:6a:98:2d:b5:
c1:23:03:df:6a:07:38:59:4e:1d:e1:74:b9:38:1a:be:da:27:
60:a6:75:c3:44:bc:69:9a:da:9f:95:8a:dc:62:0b:aa:25:d2:
40:5f:6c:d3:bb:50:cc:c0:2d:ba:a1:3a:7f:e0:e1:d3:36:07:
86:51:5c:80:66:03:34:30:13:14:52:1d:3b:4a:24:23:85:c6:
12:c5:60:33:41:8a:5a:b8:e6:a3:66:09:fd:65:af:2d:cb:f2:
5e:84:6a:28:7f:9b:51:71:87:8f:a5:c4:60:7f:92:87:0b:ee:
ba:2f:02:d0:ff:3c:ad:49:99:ad:fc:06:eb:8a:3d:6b:f3:00:
7c:0b:e7:a4:99:dd:ee:6f:12:c9:22:c8:09:d5:47:58:3e:28:
43:ee:8c:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2wd8GNHbESVcz/BS2grVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjcyYjc4MzVkOTE2YzI3MWZjNmE4MDU1NjdjYTQ3MWZkMDlmNzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiL7ixNlu3ykux4R5HDSC9KEhDgB5
QibIBnJhMVdzVnRw2Zp8lmzQsdHPj0XT2OsNQEavWCUlc7Q3Sba1Od30Rtyjtpxt
5V8vFVCV2A3xEtY3YayibrdGxWySrE2a1lzpCiv/IxCn3lWsVjvTdke73WlZXgjV
h2U1YFQmGQU3gZz9eZnzIqhW0M9n6QCQeToHWlcZAbf/8QgQzN2x8cEqbJ8dYJkT
+u23o0O5qPRakERem6+NHwuyZYQcLdywz8oYHcJrytPskat8w9TNFwsq/iP2Oni8
wBjs+x9jr98qi8GwLSE7wqbKt5tYPoRzKkgZUJ7VJYi/d/2nhbMwhObCcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOJyt4NdkWwnH8aoBVZ8pHH9CfdYMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvNG5LM2cxMlJiQ2NmeHFnRlZueWtjZjBKOTFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ+XAwQA
whrDMA0GCSqGSIb3DQEBCwUAA4IBAQAd6FqaRBWhM08G8j5KMuSanBFViYeFNM+A
TR0VVGjkWV33TFEQ0fwjj/5baw2cXMFhLweY4nBealHOsjDyMgwJW/+mkULGnvQg
+ANrBoa/a9/1Nm2T1xBK+2hYUTtfFKhHxX9EzxHINGqYLbXBIwPfagc4WU4d4XS5
OBq+2idgpnXDRLxpmtqflYrcYguqJdJAX2zTu1DMwC26oTp/4OHTNgeGUVyAZgM0
MBMUUh07SiQjhcYSxWAzQYpauOajZgn9Za8ty/JehGoof5tRcYePpcRgf5KHC+66
LwLQ/zytSZmt/Abrij1r8wB8C+ekmd3ubxLJIsgJ1UdYPihD7oxc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:19 2024 by rpki-client on console-ams.rpki-client.org