Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/BkTsXkfSVd9WqOaAmPsqp-mAmMo.roa
File: BkTsXkfSVd9WqOaAmPsqp-mAmMo.roa (raw, json)
Hash identifier: IfMwO2PLURjxpWcCyNeuURvJ4gHr1fd8qfsRmmQ54lQ=
Subject key identifier: 06:44:EC:5E:47:D2:55:DF:56:A8:E6:80:98:FB:2A:A7:E9:80:98:CA
Certificate issuer: /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial: 01856F796D85785BCC22E78C7A981619FC93
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/BkTsXkfSVd9WqOaAmPsqp-mAmMo.roa
Signing time: Sun 01 Jan 2023 22:35:06 +0000
ROA not before: Sun 01 Jan 2023 22:35:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 45.139.48.0/22 maxlen: 22
45.133.88.0/22 maxlen: 22
45.132.136.0/22 maxlen: 22
45.128.197.0/24 maxlen: 24
45.132.140.0/22 maxlen: 22
91.206.169.0/24 maxlen: 24
45.137.196.0/22 maxlen: 22
193.176.244.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:79:6d:85:78:5b:cc:22:e7:8c:7a:98:16:19:fc:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Validity
Not Before: Jan 1 22:35:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0644ec5e47d255df56a8e68098fb2aa7e98098ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:3a:95:18:2f:23:ee:b6:b9:87:76:44:ee:56:
d6:9d:e2:1c:2b:07:80:af:a5:b7:51:21:a1:6c:4f:
66:42:30:c5:5f:e3:a4:ed:4e:8e:06:a8:1e:1d:98:
ad:e9:3a:7d:c4:e1:05:41:8e:f4:7d:01:30:b7:77:
f4:cc:64:d6:26:f2:ca:2d:65:08:10:82:f6:b3:88:
79:d1:78:14:33:dc:9c:5a:c8:8e:ee:1d:12:ff:4f:
95:c7:64:c3:11:d6:a3:d0:8d:77:45:59:6c:65:92:
04:02:80:36:9f:04:e9:64:b1:79:ef:86:1d:78:b3:
ad:eb:29:d9:e3:9f:0a:b8:aa:0c:c3:ad:9f:b0:64:
57:18:6a:af:54:8a:26:3a:ec:04:d7:e1:88:e1:5d:
20:de:c9:cf:80:84:9f:1a:63:10:6a:1b:1e:05:38:
e0:67:90:e5:3e:f8:bc:df:5b:c8:1e:f0:d3:db:b1:
6a:1e:8c:53:6e:86:2b:7e:e4:a6:94:ed:6b:41:44:
30:14:f8:1a:d6:38:36:93:b3:4a:09:71:30:f8:69:
b7:c1:33:da:d7:e8:d5:56:ea:c5:e5:38:b8:ba:8e:
65:f9:24:60:5b:d6:40:08:49:c6:13:5b:e3:9f:55:
e6:8e:b5:ff:4d:45:49:9f:3b:d4:23:09:6b:65:cb:
f0:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:44:EC:5E:47:D2:55:DF:56:A8:E6:80:98:FB:2A:A7:E9:80:98:CA
X509v3 Authority Key Identifier:
keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/BkTsXkfSVd9WqOaAmPsqp-mAmMo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.197.0/24
45.132.136.0/21
45.133.88.0/22
45.137.196.0/22
45.139.48.0/22
91.206.169.0/24
193.176.244.0/23
Signature Algorithm: sha256WithRSAEncryption
96:f1:36:d7:db:d6:e2:b8:ad:94:cf:da:09:d4:c5:c2:62:7c:
72:58:98:f7:9d:87:90:cd:fe:29:7b:a0:46:56:b4:5e:92:d9:
78:a5:2b:b9:3b:32:af:69:c3:32:13:b7:38:d2:b2:82:f6:a8:
af:6c:e2:07:87:3f:67:0a:9b:da:67:9d:8a:ff:b6:2c:7b:1c:
dd:b8:ec:f9:69:fe:f4:20:de:2f:41:80:36:34:1d:d6:52:d0:
41:21:96:22:66:a0:27:21:84:1e:5f:62:2f:be:70:ce:e9:8f:
63:a4:c4:90:30:b9:74:23:7a:99:47:5b:e9:ee:9f:f7:b1:da:
cc:b4:4a:ca:77:20:8c:0e:c7:4e:f6:78:d8:25:be:08:6f:b1:
6f:2e:e4:88:61:88:40:78:49:44:7e:32:c3:28:46:2c:b8:d8:
4b:7b:2d:5d:37:df:0c:88:10:cd:7e:91:1d:03:e1:36:4a:38:
19:3e:b6:1d:fe:af:da:8a:29:20:ac:51:13:76:88:67:a3:08:
c9:61:3f:89:2b:d1:bf:3f:f9:9b:74:41:bd:50:d7:17:d0:5a:
cf:d2:7f:0d:7f:f0:a1:75:44:3d:85:22:ab:f8:48:c9:2e:dd:
a3:ec:9a:42:e0:12:31:1d:1b:f7:64:73:9d:b2:a6:86:2d:b8:
ea:cc:cc:c8
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVveW2FeFvMIueMepgWGfyTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjMwMTAxMjIzNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ0ZWM1ZTQ3ZDI1NWRmNTZhOGU2ODA5OGZiMmFhN2U5ODA5OGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzqVGC8j7ra5h3ZE7lbWneIcKweA
r6W3USGhbE9mQjDFX+Ok7U6OBqgeHZit6Tp9xOEFQY70fQEwt3f0zGTWJvLKLWUI
EIL2s4h50XgUM9ycWsiO7h0S/0+Vx2TDEdaj0I13RVlsZZIEAoA2nwTpZLF574Yd
eLOt6ynZ458KuKoMw62fsGRXGGqvVIomOuwE1+GI4V0g3snPgISfGmMQahseBTjg
Z5DlPvi831vIHvDT27FqHoxTboYrfuSmlO1rQUQwFPga1jg2k7NKCXEw+Gm3wTPa
1+jVVurF5Ti4uo5l+SRgW9ZACEnGE1vjn1XmjrX/TUVJnzvUIwlrZcvwvQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFAZE7F5H0lXfVqjmgJj7KqfpgJjKMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvQmtUc1hrZlNWZDlXcU9hQW1Qc3FwLW1BbU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALYDFAwQD
LYSIAwQCLYVYAwQCLYnEAwQCLYswAwQAW86pAwQBwbD0MA0GCSqGSIb3DQEBCwUA
A4IBAQCW8TbX29biuK2Uz9oJ1MXCYnxyWJj3nYeQzf4pe6BGVrRektl4pSu5OzKv
acMyE7c40rKC9qivbOIHhz9nCpvaZ52K/7YsexzduOz5af70IN4vQYA2NB3WUtBB
IZYiZqAnIYQeX2IvvnDO6Y9jpMSQMLl0I3qZR1vp7p/3sdrMtErKdyCMDsdO9njY
Jb4Ib7FvLuSIYYhAeElEfjLDKEYsuNhLey1dN98MiBDNfpEdA+E2SjgZPrYd/q/a
iikgrFETdohnowjJYT+JK9G/P/mbdEG9UNcX0FrP0n8Nf/ChdUQ9hSKr+EjJLt2j
7JpC4BIxHRv3ZHOdsqaGLbjqzMzI
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:35:51 2024 by rpki-client on console-ams.rpki-client.org