Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/CudD0BtAlfWjlp75jouY2vXYcPI.roa
File: CudD0BtAlfWjlp75jouY2vXYcPI.roa (raw, json)
Hash identifier: GW7Q4CiIkmKs3Akdzm69ZFI4Oou6EIkl1eOd+/B83Zs=
Subject key identifier: 0A:E7:43:D0:1B:40:95:F5:A3:96:9E:F9:8E:8B:98:DA:F5:D8:70:F2
Certificate issuer: /CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
Certificate serial: 0185715538A42B6187DA24DDC1555CB2844F
Authority key identifier: 9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/CudD0BtAlfWjlp75jouY2vXYcPI.roa
Signing time: Mon 02 Jan 2023 07:14:48 +0000
ROA not before: Mon 02 Jan 2023 07:14:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48678
IP address blocks: 45.11.98.0/24 maxlen: 24
45.11.97.0/24 maxlen: 24
45.11.96.0/24 maxlen: 24
45.11.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:55:38:a4:2b:61:87:da:24:dd:c1:55:5c:b2:84:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
Validity
Not Before: Jan 2 07:14:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0ae743d01b4095f5a3969ef98e8b98daf5d870f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:57:4f:f4:9f:de:56:7a:d0:41:2d:da:19:f5:
b2:3d:35:21:91:f0:0b:77:cd:4d:5b:9d:a6:fb:f0:
e0:ad:da:2c:4c:7a:26:f6:97:98:02:15:45:7d:5d:
cb:7c:89:da:45:b7:f0:04:77:63:0b:79:fd:e6:60:
de:6c:47:a8:a1:eb:a0:47:19:0d:e6:3e:72:db:29:
7f:02:8d:70:71:4e:b4:bf:14:17:26:90:60:06:6f:
ab:88:ff:67:4d:a1:5f:42:c3:29:8d:93:f3:9e:98:
77:de:7a:59:25:53:12:ad:f3:80:7c:50:89:6b:d2:
6d:70:7d:0f:f8:80:43:32:65:6b:43:00:07:25:c0:
ed:de:82:cf:50:b7:96:c7:79:df:c7:74:02:4c:c4:
fa:98:35:43:62:fe:75:1f:13:df:f2:8d:20:90:ad:
1b:fb:90:09:2e:c9:b9:25:fc:fb:2a:2b:a9:09:74:
13:ec:20:d5:60:e6:54:87:c5:c6:bd:0f:03:6b:ce:
4a:ed:38:4f:92:01:40:b5:37:f8:e2:cb:98:e5:a8:
5b:50:fb:b9:39:67:99:9c:54:7a:71:d5:af:10:23:
99:df:2d:6b:23:d8:ed:2f:96:73:fd:f4:37:37:81:
6a:f5:bf:1f:e0:04:f6:e5:03:81:0c:43:7e:f7:fb:
bd:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:E7:43:D0:1B:40:95:F5:A3:96:9E:F9:8E:8B:98:DA:F5:D8:70:F2
X509v3 Authority Key Identifier:
keyid:9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/CudD0BtAlfWjlp75jouY2vXYcPI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/nNB1iCXdic_uX97MfctlHwpdEBg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.96.0/22
Signature Algorithm: sha256WithRSAEncryption
9a:cf:09:fe:9e:e8:59:5a:21:94:0b:57:68:fa:9c:03:ad:e6:
90:68:7a:02:5a:86:ff:65:93:4b:cc:98:3d:05:d6:42:86:9a:
67:e0:82:28:39:7b:1d:e2:5d:73:96:7c:9d:2a:37:a0:7f:03:
09:25:63:5d:6d:9b:4a:ff:d4:14:84:27:ff:f5:f9:71:73:a6:
90:8e:2b:c8:9c:0d:53:60:f6:26:5e:36:78:29:13:99:28:41:
8e:0b:08:7a:52:e7:ca:88:24:6e:1f:47:32:f5:f8:15:b5:06:
2c:76:49:51:5c:2a:b1:6a:53:4e:40:e1:2e:21:4a:03:74:64:
99:07:8f:90:81:eb:6b:5d:58:67:af:ff:be:46:23:eb:28:92:
1b:d3:13:72:16:a9:02:b9:9b:73:00:f5:31:b0:0b:bc:e9:7b:
1e:8c:00:d4:a2:cb:50:4f:28:a2:07:4f:f1:8d:cf:c5:ee:af:
4a:ba:7f:a2:f1:68:41:22:19:fa:95:24:75:5d:78:68:8a:87:
dd:2b:7f:b1:70:56:e5:38:bf:9b:e3:e3:68:48:db:a5:dc:85:
eb:06:24:54:91:82:47:f8:2b:ef:55:04:87:fe:e1:07:55:28:
69:1b:5d:f3:4c:4e:e3:f7:a7:21:05:fb:e8:6c:9e:e1:e2:5e:
42:b5:2d:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxVTikK2GH2iTdwVVcsoRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZDA3NTg4MjVkZDg5Y2ZlZTVmZGVjYzdkY2I2NTFmMGE1
ZDEwMTgwHhcNMjMwMTAyMDcxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWU3NDNkMDFiNDA5NWY1YTM5NjllZjk4ZThiOThkYWY1ZDg3MGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ldP9J/eVnrQQS3aGfWyPTUhkfAL
d81NW52m+/DgrdosTHom9peYAhVFfV3LfInaRbfwBHdjC3n95mDebEeooeugRxkN
5j5y2yl/Ao1wcU60vxQXJpBgBm+riP9nTaFfQsMpjZPznph33npZJVMSrfOAfFCJ
a9JtcH0P+IBDMmVrQwAHJcDt3oLPULeWx3nfx3QCTMT6mDVDYv51HxPf8o0gkK0b
+5AJLsm5Jfz7KiupCXQT7CDVYOZUh8XGvQ8Da85K7ThPkgFAtTf44suY5ahbUPu5
OWeZnFR6cdWvECOZ3y1rI9jtL5Zz/fQ3N4Fq9b8f4AT25QOBDEN+9/u9MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFArnQ9AbQJX1o5ae+Y6LmNr12HDyMB8GA1UdIwQY
MBaAFJzQdYgl3YnP7l/ezH3LZR8KXRAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3Yjkt
YTU0ZjhlNDgxM2U3LzEvQ3VkRDBCdEFsZldqbHA3NWpvdVkydlhZY1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3YjktYTU0ZjhlNDgxM2U3
LzEvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQtgMA0G
CSqGSIb3DQEBCwUAA4IBAQCazwn+nuhZWiGUC1do+pwDreaQaHoCWob/ZZNLzJg9
BdZChppn4IIoOXsd4l1zlnydKjegfwMJJWNdbZtK/9QUhCf/9flxc6aQjivInA1T
YPYmXjZ4KROZKEGOCwh6UufKiCRuH0cy9fgVtQYsdklRXCqxalNOQOEuIUoDdGSZ
B4+QgetrXVhnr/++RiPrKJIb0xNyFqkCuZtzAPUxsAu86XsejADUostQTyiiB0/x
jc/F7q9Kun+i8WhBIhn6lSR1XXhoiofdK3+xcFblOL+b4+NoSNul3IXrBiRUkYJH
+CvvVQSH/uEHVShpG13zTE7j96chBfvobJ7h4l5CtS0z
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:36 2024 by rpki-client on console-ams.rpki-client.org