Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/jI89NfGwKaMEBQS9khrn5g3dxB8.roa
File: jI89NfGwKaMEBQS9khrn5g3dxB8.roa (raw, json)
Hash identifier: zGf457iGNA9h33AMAbZdJudPufQbChmjnJ1N7tjf2rI=
Subject key identifier: 8C:8F:3D:35:F1:B0:29:A3:04:05:04:BD:92:1A:E7:E6:0D:DD:C4:1F
Certificate issuer: /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial: 19C6E5C1
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/jI89NfGwKaMEBQS9khrn5g3dxB8.roa
Signing time: Sat 01 Jan 2022 15:56:34 +0000
ROA not before: Sat 01 Jan 2022 15:56:34 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 45.139.48.0/22 maxlen: 22
45.133.88.0/22 maxlen: 22
45.132.136.0/22 maxlen: 22
45.128.197.0/24 maxlen: 24
45.132.140.0/22 maxlen: 22
91.206.169.0/24 maxlen: 24
45.137.196.0/22 maxlen: 22
193.176.244.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 432465345 (0x19c6e5c1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Validity
Not Before: Jan 1 15:56:34 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8c8f3d35f1b029a3040504bd921ae7e60dddc41f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:9d:b2:e0:4a:fe:95:e0:e9:79:1f:26:d5:45:
81:1c:0a:82:72:bb:43:b1:97:24:5b:24:c8:34:50:
ec:f6:d9:b9:67:ab:02:7b:93:2f:6d:4b:9a:57:c4:
c7:c1:c2:a0:2c:94:54:04:a3:c1:b4:9b:22:52:dd:
c3:73:2d:17:92:0f:0e:98:b2:46:e1:8c:85:b2:68:
24:3f:32:09:eb:b9:08:1e:7c:4d:b2:f3:a8:2d:cc:
9c:47:61:d9:b5:04:06:c3:e0:03:26:09:8e:0b:13:
68:5d:4c:3e:f9:8d:76:ae:9c:88:a4:bf:02:0d:f3:
d6:c6:52:ea:3b:66:99:8e:65:e2:9b:f1:62:f8:84:
0d:aa:fb:51:27:10:5f:a9:04:a0:77:dd:3d:bb:81:
24:af:eb:03:d6:e7:f9:2b:1e:c5:b7:7d:d5:fa:29:
b4:74:7b:a6:7f:e2:4e:9f:4d:a6:0c:64:44:94:a4:
8a:d3:ac:35:6c:d9:08:4c:7c:0c:92:7d:9c:97:2e:
0f:35:e8:4e:c5:7c:39:c5:5c:0c:4d:58:65:22:41:
8e:26:8d:af:84:57:7d:85:ef:86:50:a9:8b:97:b2:
00:5e:49:41:ea:a7:71:94:cd:b6:4b:64:35:fe:57:
a2:e9:09:86:1a:a2:4b:5d:07:2b:ec:2b:b2:bd:d4:
29:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:8F:3D:35:F1:B0:29:A3:04:05:04:BD:92:1A:E7:E6:0D:DD:C4:1F
X509v3 Authority Key Identifier:
keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/jI89NfGwKaMEBQS9khrn5g3dxB8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.197.0/24
45.132.136.0/21
45.133.88.0/22
45.137.196.0/22
45.139.48.0/22
91.206.169.0/24
193.176.244.0/23
Signature Algorithm: sha256WithRSAEncryption
6b:45:24:52:a1:77:29:88:93:11:84:36:a9:02:60:17:a5:b8:
19:6f:9a:ad:9b:86:c6:39:ba:fe:af:19:d3:9d:29:6b:dc:5a:
d8:17:04:6f:50:39:1e:6f:24:0c:17:d4:40:bb:bd:ba:cb:91:
35:0d:23:d4:cb:df:c9:51:63:06:15:10:e4:6e:a4:4a:c0:ff:
36:ac:e3:2a:8d:da:1e:d7:17:f8:81:f5:a4:52:74:82:e7:e4:
4e:45:f5:3f:cb:9b:78:b8:18:ad:d0:1d:a2:72:ee:6a:c8:cb:
76:53:23:e5:b6:bd:d0:ca:ea:b9:ef:80:df:4b:8b:d9:65:19:
ce:0f:38:67:3d:82:a2:9c:c2:e3:78:12:f1:47:23:2b:47:53:
93:1d:1e:88:f2:b2:11:8a:1a:55:da:20:18:8a:f5:5f:98:89:
34:80:0e:94:f1:60:83:72:4b:59:98:ee:27:1c:0e:a2:8f:11:
c0:72:53:e8:a0:8a:6d:68:65:35:9f:e8:fc:3f:04:e5:b3:da:
65:23:28:21:b1:f7:9e:4a:84:28:6d:ae:50:26:54:c7:0f:97:
95:8d:94:29:6f:b7:20:37:43:32:26:86:88:a4:b1:b5:f9:0d:
d0:31:4f:d8:4c:9e:be:d7:ca:79:26:20:47:40:ea:ab:cc:ca:
03:28:90:63
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIEGcblwTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MTU1MDA5YzNkZTQyMWNjNGU2N2I5YTlhZTQyM2JiMzVkZTBiOTI2MB4XDTIyMDEw
MTE1NTYzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGM4ZjNkMzVmMWIw
MjlhMzA0MDUwNGJkOTIxYWU3ZTYwZGRkYzQxZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL6dsuBK/pXg6XkfJtVFgRwKgnK7Q7GXJFskyDRQ7PbZuWer
AnuTL21LmlfEx8HCoCyUVASjwbSbIlLdw3MtF5IPDpiyRuGMhbJoJD8yCeu5CB58
TbLzqC3MnEdh2bUEBsPgAyYJjgsTaF1MPvmNdq6ciKS/Ag3z1sZS6jtmmY5l4pvx
YviEDar7UScQX6kEoHfdPbuBJK/rA9bn+Ssexbd91foptHR7pn/iTp9NpgxkRJSk
itOsNWzZCEx8DJJ9nJcuDzXoTsV8OcVcDE1YZSJBjiaNr4RXfYXvhlCpi5eyAF5J
QeqncZTNtktkNf5XoukJhhqiS10HK+wrsr3UKYcCAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBSMjz018bApowQFBL2SGufmDd3EHzAfBgNVHSMEGDAWgBSxVQCcPeQhzE5n
uamuQjuzXeC5JjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NWVUFuRDNrSWN4T1o3bXBya0k3czEzZ3VTWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTAvZGU5MDJjLTNkMTMtNDdkMS1hNWU2LTczODU2YWY0OWYzZS8x
L2pJODlOZkd3S2FNRUJRUzlraHJuNWczZHhCOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAv
ZGU5MDJjLTNkMTMtNDdkMS1hNWU2LTczODU2YWY0OWYzZS8xL3NWVUFuRDNrSWN4
T1o3bXBya0k3czEzZ3VTWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAC2AxQMEAy2EiAMEAi2FWAMEAi2J
xAMEAi2LMAMEAFvOqQMEAcGw9DANBgkqhkiG9w0BAQsFAAOCAQEAa0UkUqF3KYiT
EYQ2qQJgF6W4GW+arZuGxjm6/q8Z050pa9xa2BcEb1A5Hm8kDBfUQLu9usuRNQ0j
1MvfyVFjBhUQ5G6kSsD/NqzjKo3aHtcX+IH1pFJ0gufkTkX1P8ubeLgYrdAdonLu
asjLdlMj5ba90Mrque+A30uL2WUZzg84Zz2CopzC43gS8UcjK0dTkx0eiPKyEYoa
VdogGIr1X5iJNIAOlPFgg3JLWZjuJxwOoo8RwHJT6KCKbWhlNZ/o/D8E5bPaZSMo
IbH3nkqEKG2uUCZUxw+XlY2UKW+3IDdDMiaGiKSxtfkN0DFP2EyevtfKeSYgR0Dq
q8zKAyiQYw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:52 2024 by rpki-client on console-fra.rpki-client.org