Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/agUXYEvQXDZGQq7Uo9d33gEFRRs.roa
File: agUXYEvQXDZGQq7Uo9d33gEFRRs.roa (raw, json)
Hash identifier: 9xj+kXMnhQlRNtP4Q6KbAvV0sh784Ki3PRZvh1k2MNs=
Subject key identifier: 6A:05:17:60:4B:D0:5C:36:46:42:AE:D4:A3:D7:77:DE:01:05:45:1B
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01874AB25A1766F09D911A431E142B7699D8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/agUXYEvQXDZGQq7Uo9d33gEFRRs.roa
Signing time: Tue 04 Apr 2023 05:16:54 +0000
ROA not before: Tue 04 Apr 2023 05:16:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211826
IP address blocks: 45.130.200.0/24 maxlen: 24
77.75.63.0/24 maxlen: 24
217.74.16.0/24 maxlen: 24
194.32.123.0/24 maxlen: 24
45.135.185.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4a:b2:5a:17:66:f0:9d:91:1a:43:1e:14:2b:76:99:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 4 05:16:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6a0517604bd05c364642aed4a3d777de0105451b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:e3:2b:cd:fe:ba:65:5b:99:17:2b:ee:b8:83:
ff:d1:5c:96:18:4c:ad:18:3a:04:5b:9c:38:dc:ef:
14:56:72:14:2b:8b:ee:fa:2d:5d:d7:c4:14:9d:95:
5b:51:b8:d7:22:6a:9e:6d:69:ea:70:2c:e7:53:12:
48:13:d8:38:2e:05:ed:d5:b2:15:04:15:2c:c7:7a:
04:6e:85:c5:69:3d:02:40:5b:50:1e:fc:b2:dc:3b:
62:d8:8b:f5:ee:c3:6f:3f:1b:82:6e:ee:1d:f7:22:
a7:08:40:d5:4d:36:2e:35:50:8a:d8:61:1a:9f:e2:
79:2c:13:2a:af:3b:f8:47:ff:29:b5:7e:48:05:36:
02:3e:d9:43:44:46:6c:c2:88:f7:df:4e:62:2f:be:
5f:8c:bc:c5:5b:60:bc:9d:70:14:a9:cf:0b:a1:cd:
86:dc:23:f1:15:eb:c1:ed:fa:6d:da:7c:fa:94:00:
76:51:cd:16:f3:c8:1b:a5:af:7d:73:4e:f8:19:c0:
19:12:33:66:86:66:c2:bb:9a:5b:39:7b:cd:3d:41:
47:73:81:db:aa:0a:8d:0f:aa:0d:f9:25:91:f6:8e:
c1:d3:b0:68:f6:1e:42:7a:5e:28:ba:33:40:f3:0e:
2b:9d:ec:17:e1:4f:d4:e9:2a:2b:17:5a:8d:8b:83:
bc:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:05:17:60:4B:D0:5C:36:46:42:AE:D4:A3:D7:77:DE:01:05:45:1B
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/agUXYEvQXDZGQq7Uo9d33gEFRRs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.130.200.0/24
45.135.185.0/24
77.75.63.0/24
194.32.123.0/24
217.74.16.0/24
Signature Algorithm: sha256WithRSAEncryption
8e:76:fe:3e:b6:40:01:0e:ba:19:18:02:8b:e1:bb:f8:0e:66:
05:6c:63:32:41:c6:45:8e:85:bb:e4:52:fc:21:32:28:28:9a:
8c:95:ae:3a:40:be:b0:23:6b:d5:85:84:76:92:e9:79:6e:35:
12:45:10:ed:1d:42:bf:bd:f2:50:cf:0a:c6:b5:92:a9:d3:77:
bd:7e:26:89:b5:85:16:65:d0:ce:0f:22:ce:f1:71:2c:09:28:
cf:87:0d:6f:e5:31:37:f7:9d:54:19:93:c8:5d:f1:bc:e8:62:
db:39:4e:9c:c9:ba:16:e2:c5:c3:ab:be:5c:6a:c2:59:2d:51:
5a:c6:cc:b5:52:63:4f:db:d6:4b:66:06:a1:00:96:7e:c8:51:
fa:ef:6b:d2:ed:80:62:3f:39:88:7c:c9:aa:b5:2a:0d:ba:47:
1d:14:2a:5b:95:ce:c2:35:d3:93:37:64:62:73:e0:5f:23:db:
cc:ad:e0:4f:41:31:15:4c:67:71:d2:76:1a:f7:f4:86:2e:d4:
72:aa:a6:5b:9c:2e:68:1c:0d:27:de:ce:e8:53:a9:b9:46:fc:
f5:ff:f4:6f:79:5d:b1:e7:78:c0:4f:c5:c7:83:71:5d:9f:2b:
3c:43:bb:05:7a:53:48:b0:56:eb:b3:31:25:1e:12:e5:7c:83:
6b:1f:c5:e3
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYdKsloXZvCdkRpDHhQrdpnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDA0MDUxNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTA1MTc2MDRiZDA1YzM2NDY0MmFlZDRhM2Q3NzdkZTAxMDU0NTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+Mrzf66ZVuZFyvuuIP/0VyWGEyt
GDoEW5w43O8UVnIUK4vu+i1d18QUnZVbUbjXImqebWnqcCznUxJIE9g4LgXt1bIV
BBUsx3oEboXFaT0CQFtQHvyy3Dti2Iv17sNvPxuCbu4d9yKnCEDVTTYuNVCK2GEa
n+J5LBMqrzv4R/8ptX5IBTYCPtlDREZswoj3305iL75fjLzFW2C8nXAUqc8Loc2G
3CPxFevB7fpt2nz6lAB2Uc0W88gbpa99c074GcAZEjNmhmbCu5pbOXvNPUFHc4Hb
qgqND6oN+SWR9o7B07Bo9h5Cel4oujNA8w4rnewX4U/U6SorF1qNi4O8GwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGoFF2BL0Fw2RkKu1KPXd94BBUUbMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYWdVWFlFdlFYRFpHUXE3VW85ZDMzZ0VGUlJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALYLIAwQA
LYe5AwQATUs/AwQAwiB7AwQA2UoQMA0GCSqGSIb3DQEBCwUAA4IBAQCOdv4+tkAB
DroZGAKL4bv4DmYFbGMyQcZFjoW75FL8ITIoKJqMla46QL6wI2vVhYR2kul5bjUS
RRDtHUK/vfJQzwrGtZKp03e9fiaJtYUWZdDODyLO8XEsCSjPhw1v5TE3951UGZPI
XfG86GLbOU6cyboW4sXDq75casJZLVFaxsy1UmNP29ZLZgahAJZ+yFH672vS7YBi
PzmIfMmqtSoNukcdFCpblc7CNdOTN2Ric+BfI9vMreBPQTEVTGdx0nYa9/SGLtRy
qqZbnC5oHA0n3s7oU6m5Rvz1//RveV2x53jAT8XHg3Fdnys8Q7sFelNIsFbrszEl
HhLlfINrH8Xj
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org