Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/GeooUk5qMR4YMKmNUB6DF_eS_vg.roa
File: GeooUk5qMR4YMKmNUB6DF_eS_vg.roa (raw, json)
Hash identifier: UN/I1ybv9KfqsG2kvZbu38rQv/8G4Qo7fgvpeiVVdQQ=
Subject key identifier: 19:EA:28:52:4E:6A:31:1E:18:30:A9:8D:50:1E:83:17:F7:92:FE:F8
Certificate issuer: /CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
Certificate serial: 0185715538FCDA7C7C9C36F29C45BCABD558
Authority key identifier: 9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/GeooUk5qMR4YMKmNUB6DF_eS_vg.roa
Signing time: Mon 02 Jan 2023 07:14:48 +0000
ROA not before: Mon 02 Jan 2023 07:14:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204843
IP address blocks: 45.11.96.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:55:38:fc:da:7c:7c:9c:36:f2:9c:45:bc:ab:d5:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9cd0758825dd89cfee5fdecc7dcb651f0a5d1018
Validity
Not Before: Jan 2 07:14:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=19ea28524e6a311e1830a98d501e8317f792fef8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:43:84:90:95:73:5e:66:7e:1b:39:eb:1c:9d:
23:f9:ac:3f:52:f4:95:99:fc:45:02:e0:ac:c4:6c:
eb:f0:37:c0:e0:19:00:fe:53:70:2e:b1:1c:0c:88:
70:a4:92:63:72:3e:71:05:80:94:98:9a:1d:45:01:
e6:5e:6f:1c:98:3d:20:81:dc:65:43:bd:af:b6:7f:
cf:fa:fd:2a:62:9a:ab:eb:10:e7:cb:58:14:1d:e4:
18:e7:f3:c0:2f:7c:ae:8d:d1:2d:95:d7:99:93:15:
1d:aa:ec:d7:bd:55:7e:4e:f4:04:11:96:3d:c0:63:
5f:5c:75:c1:e1:d4:a3:cd:dc:3d:be:63:64:93:7c:
6d:68:be:a8:73:db:8c:5f:2c:00:ae:9d:7f:32:65:
6a:93:26:61:57:b2:00:59:40:23:e6:05:2b:a6:dc:
61:35:59:29:04:3a:63:15:f7:12:da:90:63:96:a9:
b0:d0:c0:5b:a1:e3:d9:7d:fd:6e:ef:f9:70:db:4b:
6b:1d:3b:0e:e9:e5:ed:07:4d:80:29:7c:e7:a6:f6:
08:53:7e:ea:65:38:55:a0:46:92:21:00:b5:b9:93:
ef:d8:ef:b2:cf:46:36:dc:31:56:e4:4f:56:54:e0:
0d:ad:50:59:23:38:ed:c5:4e:1b:27:e8:49:9a:c8:
6d:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:EA:28:52:4E:6A:31:1E:18:30:A9:8D:50:1E:83:17:F7:92:FE:F8
X509v3 Authority Key Identifier:
keyid:9C:D0:75:88:25:DD:89:CF:EE:5F:DE:CC:7D:CB:65:1F:0A:5D:10:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nNB1iCXdic_uX97MfctlHwpdEBg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/GeooUk5qMR4YMKmNUB6DF_eS_vg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0e651e-90c7-4acd-97b9-a54f8e4813e7/1/nNB1iCXdic_uX97MfctlHwpdEBg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.96.0/24
Signature Algorithm: sha256WithRSAEncryption
bf:02:ed:e4:f2:8c:06:48:26:d6:35:66:65:e8:4f:82:c1:5c:
de:bf:a5:95:c9:00:34:34:91:2c:83:e9:9d:17:e1:0f:ee:9e:
1b:6f:3b:5a:05:50:ff:82:bc:2e:cf:ad:3b:20:e1:3e:b3:8c:
f2:69:a7:e6:06:c6:15:fe:7a:d7:1b:75:54:fb:10:6d:26:91:
0f:1b:27:88:1c:85:77:49:81:36:ac:15:43:46:be:ce:05:e8:
3b:af:c4:88:ec:1e:49:3e:a0:76:13:aa:c2:ed:be:ce:77:3d:
73:fc:74:f7:65:95:23:63:7b:3c:64:3c:89:07:6a:4f:98:46:
bb:60:db:52:89:01:15:30:ac:16:4c:f5:9a:68:07:39:ca:af:
d3:94:88:fc:7a:b1:99:67:de:ff:e7:b6:20:f1:a1:13:95:8f:
01:ca:0c:f5:08:2e:07:17:a2:5a:00:bf:6a:d2:80:3a:f1:b0:
f9:05:d5:e7:64:27:4c:57:3d:36:84:87:da:89:23:0d:ba:2f:
ef:f8:33:30:30:fa:71:e4:83:cc:d9:5d:be:bd:a9:1e:6f:6a:
0b:4c:71:b6:a0:94:18:9d:e1:52:cb:c3:65:fa:ae:d3:ca:aa:
c6:89:78:ab:5b:7c:d4:a7:81:b3:dd:6f:23:d1:14:e9:2c:11:
88:7a:d6:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxVTj82nx8nDbynEW8q9VYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZDA3NTg4MjVkZDg5Y2ZlZTVmZGVjYzdkY2I2NTFmMGE1
ZDEwMTgwHhcNMjMwMTAyMDcxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWVhMjg1MjRlNmEzMTFlMTgzMGE5OGQ1MDFlODMxN2Y3OTJmZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10OEkJVzXmZ+GznrHJ0j+aw/UvSV
mfxFAuCsxGzr8DfA4BkA/lNwLrEcDIhwpJJjcj5xBYCUmJodRQHmXm8cmD0ggdxl
Q72vtn/P+v0qYpqr6xDny1gUHeQY5/PAL3yujdEtldeZkxUdquzXvVV+TvQEEZY9
wGNfXHXB4dSjzdw9vmNkk3xtaL6oc9uMXywArp1/MmVqkyZhV7IAWUAj5gUrptxh
NVkpBDpjFfcS2pBjlqmw0MBboePZff1u7/lw20trHTsO6eXtB02AKXznpvYIU37q
ZThVoEaSIQC1uZPv2O+yz0Y23DFW5E9WVOANrVBZIzjtxU4bJ+hJmshtKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnqKFJOajEeGDCpjVAegxf3kv74MB8GA1UdIwQY
MBaAFJzQdYgl3YnP7l/ezH3LZR8KXRAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3Yjkt
YTU0ZjhlNDgxM2U3LzEvR2Vvb1VrNXFNUjRZTUttTlVCNkRGX2VTX3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wZTY1MWUtOTBjNy00YWNkLTk3YjktYTU0ZjhlNDgxM2U3
LzEvbk5CMWlDWGRpY191WDk3TWZjdGxId3BkRUJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQtgMA0G
CSqGSIb3DQEBCwUAA4IBAQC/Au3k8owGSCbWNWZl6E+CwVzev6WVyQA0NJEsg+md
F+EP7p4bbztaBVD/grwuz607IOE+s4zyaafmBsYV/nrXG3VU+xBtJpEPGyeIHIV3
SYE2rBVDRr7OBeg7r8SI7B5JPqB2E6rC7b7Odz1z/HT3ZZUjY3s8ZDyJB2pPmEa7
YNtSiQEVMKwWTPWaaAc5yq/TlIj8erGZZ97/57Yg8aETlY8Bygz1CC4HF6JaAL9q
0oA68bD5BdXnZCdMVz02hIfaiSMNui/v+DMwMPpx5IPM2V2+vakeb2oLTHG2oJQY
neFSy8Nl+q7TyqrGiXirW3zUp4Gz3W8j0RTpLBGIetY1
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:52 2023 by rpki-client on console-ams.rpki-client.org