Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Onqvxtchly1hHQHQFW-LXS50F-o.roa
File: Onqvxtchly1hHQHQFW-LXS50F-o.roa (raw, json)
Hash identifier: bUYTLY7UyX/EZy7UQNXfAx267QxvJxxF31DJhqJXWHY=
Subject key identifier: 3A:7A:AF:C6:D7:21:97:2D:61:1D:01:D0:15:6F:8B:5D:2E:74:17:EA
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 01859F2066687211F16FE920FC427E8C8AF6
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Onqvxtchly1hHQHQFW-LXS50F-o.roa
Signing time: Wed 11 Jan 2023 04:39:38 +0000
ROA not before: Wed 11 Jan 2023 04:39:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 26636
IP address blocks: 194.5.92.0/24 maxlen: 24
91.200.84.0/24 maxlen: 24
45.66.116.0/24 maxlen: 24
5.44.44.0/24 maxlen: 24
109.236.58.0/24 maxlen: 24
92.118.114.0/23 maxlen: 23
195.80.51.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:9f:20:66:68:72:11:f1:6f:e9:20:fc:42:7e:8c:8a:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Jan 11 04:39:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3a7aafc6d721972d611d01d0156f8b5d2e7417ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:23:34:7e:2b:91:4f:3a:7b:fb:42:2c:96:c6:
a6:06:76:56:ff:10:f8:fb:f8:5c:d9:77:88:a3:d3:
97:5c:2b:1d:fd:7e:3f:db:3f:b6:81:c6:d4:e8:14:
23:ac:7c:a2:a6:b7:6a:f8:8c:a8:de:37:19:e8:51:
fe:f3:30:bb:70:af:4f:83:53:42:34:52:e4:13:f9:
38:e8:f2:33:c1:ed:80:4d:a5:96:11:e9:79:e8:da:
e6:6e:4d:6e:78:f0:34:55:a0:4e:2e:6a:32:18:c8:
87:63:4d:ee:0e:e0:f1:aa:f9:0f:be:58:57:59:19:
ca:7e:6d:b4:20:79:aa:53:8b:41:00:f0:b7:85:aa:
f0:0d:26:86:90:3d:b9:64:7a:18:9d:d6:2e:cd:77:
5e:80:3c:2a:5d:57:b5:d5:82:6a:37:96:eb:0b:ff:
f9:f5:b3:b7:6b:b0:8d:c4:01:c1:44:a0:a0:04:70:
2f:3e:fe:dc:79:f3:6f:c1:be:02:5b:50:68:29:aa:
13:6f:59:6c:6f:47:8a:92:c4:ae:3a:28:92:0d:85:
2a:27:77:14:35:56:cb:59:82:5c:71:87:d2:28:59:
b8:7c:24:91:c8:51:af:b8:0a:b7:d5:f0:79:ba:53:
fe:d0:9d:05:03:cb:da:fc:5c:5e:83:e1:23:19:46:
19:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:7A:AF:C6:D7:21:97:2D:61:1D:01:D0:15:6F:8B:5D:2E:74:17:EA
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/Onqvxtchly1hHQHQFW-LXS50F-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.44.0/24
45.66.116.0/24
91.200.84.0/24
92.118.114.0/23
109.236.58.0/24
194.5.92.0/24
195.80.51.0/24
Signature Algorithm: sha256WithRSAEncryption
95:cb:9e:34:b4:49:20:2e:c2:1e:30:ee:ad:68:ea:27:09:40:
65:26:dc:09:50:50:7a:7d:90:dd:d3:ea:a9:d1:7f:d2:d0:46:
cf:1b:a7:de:32:51:78:f2:7c:e5:36:12:79:37:da:f7:a5:e7:
1f:33:8f:87:c3:30:0e:e1:fe:a9:e6:85:26:ba:a6:b6:7f:d3:
4a:bc:ff:5b:9c:75:f0:4e:5a:51:61:33:0f:9a:ff:81:45:11:
75:bc:f8:2f:dd:40:9f:b3:ca:00:d9:2c:b9:82:46:a0:10:e2:
88:e9:46:17:c1:93:41:86:4b:7d:a3:ec:d5:58:6e:47:84:19:
19:e6:4c:ff:10:c5:65:e5:a3:65:df:df:b1:2b:31:58:56:de:
ab:2d:77:50:e3:18:2c:a2:b0:6d:95:f6:3a:4e:58:c3:22:5d:
67:06:ff:77:79:d4:61:1c:36:92:49:2a:76:d8:c6:77:57:c3:
a1:f6:5c:3f:ba:d1:fc:b9:38:b6:83:b9:61:e4:53:07:2d:f1:
fe:64:cb:b9:6b:0f:08:e6:7d:41:55:82:a9:c1:90:0a:b3:3e:
e9:f6:0e:91:a5:d1:db:cd:98:79:4a:34:55:75:d9:66:b3:25:
ab:18:c7:e2:58:63:e4:e4:70:9e:7e:77:1e:06:ed:6c:a4:91:
6d:6a:95:0b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYWfIGZochHxb+kg/EJ+jIr2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjMwMTExMDQzOTM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdhYWZjNmQ3MjE5NzJkNjExZDAxZDAxNTZmOGI1ZDJlNzQxN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyM0fiuRTzp7+0IslsamBnZW/xD4
+/hc2XeIo9OXXCsd/X4/2z+2gcbU6BQjrHyiprdq+Iyo3jcZ6FH+8zC7cK9Pg1NC
NFLkE/k46PIzwe2ATaWWEel56Nrmbk1uePA0VaBOLmoyGMiHY03uDuDxqvkPvlhX
WRnKfm20IHmqU4tBAPC3harwDSaGkD25ZHoYndYuzXdegDwqXVe11YJqN5brC//5
9bO3a7CNxAHBRKCgBHAvPv7cefNvwb4CW1BoKaoTb1lsb0eKksSuOiiSDYUqJ3cU
NVbLWYJccYfSKFm4fCSRyFGvuAq31fB5ulP+0J0FA8va/Fxeg+EjGUYZ+wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDp6r8bXIZctYR0B0BVvi10udBfqMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvT25xdnh0Y2hseTFoSFFIUUZXLUxYUzUwRi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjctNDkwNTI0M2JjODI4
LzEvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQABSwsAwQA
LUJ0AwQAW8hUAwQBXHZyAwQAbew6AwQAwgVcAwQAw1AzMA0GCSqGSIb3DQEBCwUA
A4IBAQCVy540tEkgLsIeMO6taOonCUBlJtwJUFB6fZDd0+qp0X/S0EbPG6feMlF4
8nzlNhJ5N9r3pecfM4+HwzAO4f6p5oUmuqa2f9NKvP9bnHXwTlpRYTMPmv+BRRF1
vPgv3UCfs8oA2Sy5gkagEOKI6UYXwZNBhkt9o+zVWG5HhBkZ5kz/EMVl5aNl39+x
KzFYVt6rLXdQ4xgsorBtlfY6TljDIl1nBv93edRhHDaSSSp22MZ3V8Oh9lw/utH8
uTi2g7lh5FMHLfH+ZMu5aw8I5n1BVYKpwZAKsz7p9g6RpdHbzZh5SjRVddlmsyWr
GMfiWGPk5HCefnceBu1spJFtapUL
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:15 2024 by rpki-client on console-ams.rpki-client.org