Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/DOB3HRdTgqHEjT3OB3CzhircnlI.roa
File: DOB3HRdTgqHEjT3OB3CzhircnlI.roa (raw, json)
Hash identifier: TUvIUg+bvoKZzj9IAEU255OzdoRkhsSI7+KTzFdC0j4=
Subject key identifier: 0C:E0:77:1D:17:53:82:A1:C4:8D:3D:CE:07:70:B3:86:2A:DC:9E:52
Certificate issuer: /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial: 09015F2B
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/DOB3HRdTgqHEjT3OB3CzhircnlI.roa
Signing time: Sat 11 Jun 2022 11:51:02 +0000
ROA not before: Sat 11 Jun 2022 11:51:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 176.105.229.0/24 maxlen: 24
176.105.228.0/22 maxlen: 24
45.137.18.0/24 maxlen: 24
91.239.148.0/23 maxlen: 24
45.132.80.0/22 maxlen: 24
91.244.199.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 151084843 (0x9015f2b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Validity
Not Before: Jun 11 11:51:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0ce0771d175382a1c48d3dce0770b3862adc9e52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ae:41:45:9f:40:44:17:3b:ed:ee:c0:36:e1:
2a:0b:ea:be:c3:78:00:fc:a2:a0:a5:ea:38:30:40:
37:6c:7e:c9:53:94:27:0d:bc:67:37:f1:4d:55:95:
b3:d4:d5:5d:c8:7b:14:3e:da:1c:cd:b4:0b:bb:72:
f6:95:82:e3:75:a0:ff:6d:99:20:48:21:6e:a0:fd:
09:53:70:2b:1f:38:c0:4e:7e:d4:c2:99:01:2f:58:
71:57:56:ef:15:5f:f7:54:ba:17:9a:65:fc:8c:00:
09:a8:51:ce:5d:66:32:15:6b:46:63:86:5b:58:cb:
8b:6a:71:1a:87:59:3c:15:1e:ab:69:6e:b1:36:c1:
86:7c:f6:27:a7:25:05:92:cb:c2:00:7b:42:6f:b3:
ec:4d:32:36:01:e8:fd:35:16:8a:c3:17:10:a7:7b:
e0:e9:fb:9e:4c:cf:57:a3:2c:94:84:bc:f4:77:3b:
0e:d2:20:17:21:86:4c:63:82:59:a2:45:9b:34:2d:
8d:0b:81:f3:39:13:6e:37:c7:7e:d4:3d:31:12:09:
09:06:fd:24:ed:43:b2:73:dd:40:88:0d:f1:4d:11:
18:d3:72:c1:15:b3:a2:97:f6:fc:02:46:fa:e2:27:
13:41:c1:11:0f:8b:2f:fa:76:27:09:51:f8:fc:83:
cc:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:E0:77:1D:17:53:82:A1:C4:8D:3D:CE:07:70:B3:86:2A:DC:9E:52
X509v3 Authority Key Identifier:
keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/DOB3HRdTgqHEjT3OB3CzhircnlI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.132.80.0/22
45.137.18.0/24
91.239.148.0/23
91.244.199.0/24
176.105.228.0/22
Signature Algorithm: sha256WithRSAEncryption
6c:ee:74:a6:db:6c:cd:08:02:7f:54:36:4a:2d:7d:52:b1:2d:
57:f0:69:40:dd:b7:19:fc:2e:93:96:cc:70:14:de:4c:40:de:
a5:5a:0f:ec:4d:b1:67:ed:19:01:df:13:05:d2:73:75:9a:ce:
22:b4:14:3f:0d:9a:63:3c:86:3f:17:02:56:1e:02:6f:d3:46:
7b:c6:30:c8:ac:05:5f:4c:0e:0a:5a:4c:e1:8d:1f:9d:bf:80:
96:f9:13:74:37:0d:a0:3e:a0:c6:5f:47:21:5b:08:5c:f7:8a:
94:9d:23:20:27:82:c6:0a:83:dd:94:98:b5:84:81:1e:c4:f1:
4a:ed:22:5a:1d:d0:92:ea:7f:69:9e:93:04:a2:1b:30:84:07:
1d:e4:4e:04:9e:da:1f:e4:06:05:8c:3d:16:72:8c:e4:33:fa:
f6:5c:8b:90:be:ed:19:92:5d:20:2d:ad:b8:90:09:cc:0f:61:
0b:62:d9:a2:fc:ed:fa:83:ad:d2:8d:85:ef:9d:06:ee:66:ae:
19:da:b6:f3:1f:43:f4:4c:3b:07:86:d4:4f:eb:0d:7d:89:b6:
76:4c:96:9b:83:15:d1:bf:06:1e:5f:00:e6:d5:9d:ba:b0:f8:
4e:6c:3d:53:37:0b:3a:f6:46:4c:0e:db:69:0c:0e:1b:60:db:
3f:dc:9f:41
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIECQFfKzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YjBjMGQwNDIyNTU2NmRiOTVlOWFkM2IyZWY2MDUwMTQ5NzVhYWEyMB4XDTIyMDYx
MTExNTEwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGNlMDc3MWQxNzUz
ODJhMWM0OGQzZGNlMDc3MGIzODYyYWRjOWU1MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALWuQUWfQEQXO+3uwDbhKgvqvsN4APyioKXqODBAN2x+yVOU
Jw28ZzfxTVWVs9TVXch7FD7aHM20C7ty9pWC43Wg/22ZIEghbqD9CVNwKx84wE5+
1MKZAS9YcVdW7xVf91S6F5pl/IwACahRzl1mMhVrRmOGW1jLi2pxGodZPBUeq2lu
sTbBhnz2J6clBZLLwgB7Qm+z7E0yNgHo/TUWisMXEKd74On7nkzPV6MslIS89Hc7
DtIgFyGGTGOCWaJFmzQtjQuB8zkTbjfHftQ9MRIJCQb9JO1DsnPdQIgN8U0RGNNy
wRWzopf2/AJG+uInE0HBEQ+LL/p2JwlR+PyDzFMCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBQM4HcdF1OCocSNPc4HcLOGKtyeUjAfBgNVHSMEGDAWgBSbDA0EIlVm25Xp
rTsu9gUBSXWqojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L213d05CQ0pWWnR1VjZhMDdMdllGQVVsMXFxSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjAvMGVjNmQyLWYxZDctNGIwYS1hZDMzLWU4ZWYyZjA5NTk4ZS8x
L0RPQjNIUmRUZ3FIRWpUM09CM0N6aGlyY25sSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAv
MGVjNmQyLWYxZDctNGIwYS1hZDMzLWU4ZWYyZjA5NTk4ZS8xL213d05CQ0pWWnR1
VjZhMDdMdllGQVVsMXFxSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAi2EUAMEAC2JEgMEAVvvlAMEAFv0
xwMEArBp5DANBgkqhkiG9w0BAQsFAAOCAQEAbO50pttszQgCf1Q2Si19UrEtV/Bp
QN23Gfwuk5bMcBTeTEDepVoP7E2xZ+0ZAd8TBdJzdZrOIrQUPw2aYzyGPxcCVh4C
b9NGe8YwyKwFX0wOClpM4Y0fnb+AlvkTdDcNoD6gxl9HIVsIXPeKlJ0jICeCxgqD
3ZSYtYSBHsTxSu0iWh3Qkup/aZ6TBKIbMIQHHeROBJ7aH+QGBYw9FnKM5DP69lyL
kL7tGZJdIC2tuJAJzA9hC2LZovzt+oOt0o2F750G7mauGdq28x9D9Ew7B4bUT+sN
fYm2dkyWm4MV0b8GHl8A5tWdurD4Tmw9UzcLOvZGTA7baQwOG2DbP9yfQQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:42 2024 by rpki-client on console-ams.rpki-client.org