Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/nMjzmEzJKA2rhShpJAvLofDWlvM.roa
File: nMjzmEzJKA2rhShpJAvLofDWlvM.roa (raw, json)
Hash identifier: U9Fq4jwT8W6xsGLcKt0EjTNyyrmjHjDtTWDoumG0IRY=
Subject key identifier: 9C:C8:F3:98:4C:C9:28:0D:AB:85:28:69:24:0B:CB:A1:F0:D6:96:F3
Certificate issuer: /CN=c8d5e37178d8524c72660a1d796165999e586622
Certificate serial: 018A79B7542FD5E54D897A9CC6CCE60602ED
Authority key identifier: C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/nMjzmEzJKA2rhShpJAvLofDWlvM.roa
Signing time: Sat 09 Sep 2023 11:32:52 +0000
ROA not before: Sat 09 Sep 2023 11:32:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 45.151.204.0/22 maxlen: 24
45.67.44.0/22 maxlen: 22
94.142.164.0/22 maxlen: 22
91.239.24.0/24 maxlen: 24
45.12.44.0/22 maxlen: 24
45.95.140.0/22 maxlen: 24
185.57.176.0/22 maxlen: 22
45.86.192.0/22 maxlen: 22
2.57.180.0/22 maxlen: 24
45.15.52.0/22 maxlen: 22
2.59.116.0/24 maxlen: 24
91.238.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:79:b7:54:2f:d5:e5:4d:89:7a:9c:c6:cc:e6:06:02:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8d5e37178d8524c72660a1d796165999e586622
Validity
Not Before: Sep 9 11:32:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9cc8f3984cc9280dab852869240bcba1f0d696f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:d0:1a:bf:5a:6a:f6:92:d2:53:63:9b:7e:53:
46:f4:e9:ff:74:27:a6:ac:ee:d3:f4:ae:1d:e9:25:
df:58:74:6d:51:91:2a:bb:86:aa:2c:7e:e6:f2:2e:
67:2d:12:9b:e7:df:5c:4e:f7:d9:b4:eb:45:16:6a:
4f:fc:90:15:ec:09:c7:0d:54:3a:23:cb:de:3c:6b:
3c:5e:7f:c3:01:c0:c7:65:be:28:b1:f3:61:9b:fc:
17:d6:83:ee:12:fe:e1:fa:94:4a:44:63:c5:d7:0a:
ac:ea:6f:01:03:31:66:54:7d:df:49:36:1e:3b:f8:
33:1a:91:c3:67:74:6d:30:24:fe:68:89:88:08:8a:
be:66:54:0d:3f:2d:78:a2:a2:5e:bc:a6:fa:c7:d8:
d3:97:1d:e0:98:1f:f6:29:bc:40:9b:2e:3d:76:60:
ce:4b:aa:9b:fc:98:d3:9e:f8:e1:b9:fc:83:17:c0:
af:39:f6:13:c8:23:41:0f:29:79:10:2d:0e:0b:8f:
fe:4d:6c:7f:e0:9a:d7:5c:11:d4:09:ac:86:fd:7c:
35:dc:87:4d:3d:d8:15:fb:27:81:93:19:ea:95:1c:
96:84:63:cb:9a:1d:6b:ff:05:e5:a8:f2:cf:f7:c6:
f0:40:c2:2a:99:ce:d2:85:a4:b3:c5:78:11:06:b9:
36:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:C8:F3:98:4C:C9:28:0D:AB:85:28:69:24:0B:CB:A1:F0:D6:96:F3
X509v3 Authority Key Identifier:
keyid:C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/nMjzmEzJKA2rhShpJAvLofDWlvM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.180.0/22
2.59.116.0/24
45.12.44.0/22
45.15.52.0/22
45.67.44.0/22
45.86.192.0/22
45.95.140.0/22
45.151.204.0/22
91.238.217.0/24
91.239.24.0/24
94.142.164.0/22
185.57.176.0/22
Signature Algorithm: sha256WithRSAEncryption
10:87:d4:eb:3c:8a:fb:4c:26:09:da:fe:99:6e:c0:7c:b4:5a:
e9:c8:4a:32:c7:50:44:a8:81:6f:9d:5a:85:b2:aa:10:42:a9:
40:04:b0:f0:ea:a2:75:4e:aa:bd:6e:25:db:67:ef:b5:b5:90:
93:11:8f:bd:cc:dc:30:0a:46:89:7e:9e:ae:3e:d5:1a:e7:e4:
9e:7e:54:ca:ec:ff:cd:ae:6a:73:f3:84:82:10:90:31:66:a6:
de:8d:13:7b:07:f3:d8:02:fc:17:4b:02:c7:81:e6:94:da:5d:
60:a0:7a:ce:76:b1:85:45:25:90:ae:87:3a:5e:c0:ba:2b:6e:
c1:49:bf:93:a0:74:af:ee:30:89:cf:e3:cf:ff:ea:b2:55:ef:
ad:cd:d5:8c:58:6a:f6:88:b2:5d:37:bf:57:3a:df:d3:6b:f7:
f6:5c:36:f7:ea:8c:35:99:17:5f:ec:7e:04:34:44:c7:12:eb:
2c:99:94:26:69:30:d9:da:8c:6d:2b:fc:d1:f4:24:04:70:29:
cc:e7:1f:c3:d2:f0:08:11:b6:77:3d:d4:e9:f0:71:f0:b0:95:
c5:10:9f:b0:03:ad:00:7b:48:c8:83:81:59:5b:6f:57:95:b0:
ce:ca:96:cb:67:94:ce:dc:d5:fc:1e:47:52:c5:59:e1:5e:22:
d5:dd:1f:62
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYp5t1Qv1eVNiXqcxszmBgLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVlMzcxNzhkODUyNGM3MjY2MGExZDc5NjE2NTk5OWU1
ODY2MjIwHhcNMjMwOTA5MTEzMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2M4ZjM5ODRjYzkyODBkYWI4NTI4NjkyNDBiY2JhMWYwZDY5NmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdAav1pq9pLSU2ObflNG9On/dCem
rO7T9K4d6SXfWHRtUZEqu4aqLH7m8i5nLRKb599cTvfZtOtFFmpP/JAV7AnHDVQ6
I8vePGs8Xn/DAcDHZb4osfNhm/wX1oPuEv7h+pRKRGPF1wqs6m8BAzFmVH3fSTYe
O/gzGpHDZ3RtMCT+aImICIq+ZlQNPy14oqJevKb6x9jTlx3gmB/2KbxAmy49dmDO
S6qb/JjTnvjhufyDF8CvOfYTyCNBDyl5EC0OC4/+TWx/4JrXXBHUCayG/Xw13IdN
PdgV+yeBkxnqlRyWhGPLmh1r/wXlqPLP98bwQMIqmc7ShaSzxXgRBrk2uQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJzI85hMySgNq4UoaSQLy6Hw1pbzMB8GA1UdIwQY
MBaAFMjV43F42FJMcmYKHXlhZZmeWGYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODIt
OWUwYWVkMmZiOGVjLzEvbk1qem1FekpLQTJyaFNocEpBdkxvZkRXbHZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODItOWUwYWVkMmZiOGVj
LzEveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQCAjm0AwQA
Ajt0AwQCLQwsAwQCLQ80AwQCLUMsAwQCLVbAAwQCLV+MAwQCLZfMAwQAW+7ZAwQA
W+8YAwQCXo6kAwQCuTmwMA0GCSqGSIb3DQEBCwUAA4IBAQAQh9TrPIr7TCYJ2v6Z
bsB8tFrpyEoyx1BEqIFvnVqFsqoQQqlABLDw6qJ1Tqq9biXbZ++1tZCTEY+9zNww
CkaJfp6uPtUa5+SeflTK7P/Nrmpz84SCEJAxZqbejRN7B/PYAvwXSwLHgeaU2l1g
oHrOdrGFRSWQroc6XsC6K27BSb+ToHSv7jCJz+PP/+qyVe+tzdWMWGr2iLJdN79X
Ot/Ta/f2XDb36ow1mRdf7H4ENETHEussmZQmaTDZ2oxtK/zR9CQEcCnM5x/D0vAI
EbZ3PdTp8HHwsJXFEJ+wA60Ae0jIg4FZW29XlbDOypbLZ5TO3NX8HkdSxVnhXiLV
3R9i
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:31 2024 by rpki-client on console-fra.rpki-client.org