Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fLYkd1Q96BLKTrCtpgv71pOfGxA.roa
File: fLYkd1Q96BLKTrCtpgv71pOfGxA.roa (raw, json)
Hash identifier: f1EeaTCCRJKwim+cmj8MDc7+CJhaxCTQvygOSR+rUIM=
Subject key identifier: 7C:B6:24:77:54:3D:E8:12:CA:4E:B0:AD:A6:0B:FB:D6:93:9F:1B:10
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0185CD560FE003AB31B77B73A02EF62FE622
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fLYkd1Q96BLKTrCtpgv71pOfGxA.roa
Signing time: Fri 20 Jan 2023 04:00:47 +0000
ROA not before: Fri 20 Jan 2023 04:00:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 45.123.40.0/22 maxlen: 22
103.205.24.0/22 maxlen: 22
193.19.106.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:cd:56:0f:e0:03:ab:31:b7:7b:73:a0:2e:f6:2f:e6:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 20 04:00:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7cb62477543de812ca4eb0ada60bfbd6939f1b10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:26:24:f3:68:91:75:26:39:48:bf:69:6c:a8:
cf:33:db:d0:e0:cd:99:89:7c:ba:01:bc:fd:a0:2f:
8b:5c:49:50:77:2a:9a:c6:f0:d9:97:5d:a0:7a:45:
a7:b8:77:1f:ad:6d:23:08:a6:7e:00:e9:52:83:f8:
24:39:74:df:16:bd:30:02:a8:fe:4b:d5:56:1c:6c:
d9:b0:09:c7:ab:56:79:3b:1c:67:ed:bc:c3:be:c2:
d7:bb:c2:0e:86:01:47:38:43:2a:f5:bd:3f:a0:be:
c0:72:aa:b3:e2:da:f0:60:75:fd:94:0c:33:5e:46:
b9:48:27:10:88:fd:e5:1e:88:5e:fc:56:f4:5d:af:
0b:a2:5f:11:86:c9:21:42:fa:6d:9f:56:10:91:df:
26:5f:86:67:e6:2d:bf:86:11:6b:0f:d5:92:d0:2e:
ec:11:b1:40:6c:ae:19:4c:f0:37:fa:ae:af:45:3a:
82:b2:4b:cd:4a:04:b5:1d:1c:a0:23:2b:e8:a9:ad:
d1:bd:f9:ad:03:da:6d:07:25:7d:d4:b6:e2:bd:99:
20:1b:4d:4f:f8:48:74:ab:c0:99:8e:64:e3:ea:bb:
0b:d6:02:39:ed:e5:8f:4b:ee:d0:a1:52:a4:ba:68:
c8:98:1c:22:0c:78:11:07:64:b5:22:6b:e9:7e:29:
dc:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:B6:24:77:54:3D:E8:12:CA:4E:B0:AD:A6:0B:FB:D6:93:9F:1B:10
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fLYkd1Q96BLKTrCtpgv71pOfGxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.123.40.0/22
103.205.24.0/22
193.19.106.0/24
Signature Algorithm: sha256WithRSAEncryption
47:94:cf:a9:7b:bd:b4:8d:31:f8:a8:1e:a2:b5:a3:5e:40:d3:
bc:dc:69:49:2c:cc:3e:a5:0f:60:0a:19:cc:39:d2:61:19:09:
c2:1b:4c:06:c2:68:eb:f7:f5:e1:ff:89:a8:8f:78:6f:20:bf:
97:2e:ce:dc:46:a4:88:63:db:d8:45:f5:91:21:bc:a3:f6:be:
61:9e:54:89:8b:31:a0:f8:6b:e6:c7:75:91:d4:c2:3d:a0:9a:
51:d8:4d:d8:00:36:cb:c7:39:24:5a:b8:fb:eb:3e:b5:88:5f:
8e:d9:82:61:88:bb:fe:6e:13:5c:bb:d1:de:37:dc:cc:4f:99:
20:1b:1e:df:2f:74:04:d2:3b:98:8d:7b:6b:7b:63:49:00:04:
49:a0:a5:7f:d7:61:2c:a9:5f:8a:d7:72:47:c2:d6:39:59:f9:
81:22:86:59:2e:15:46:2e:cd:4f:54:c0:74:90:9f:02:7c:08:
bd:aa:e8:ed:47:4f:80:81:17:e9:33:7b:19:3b:b2:a1:4a:a5:
35:a6:f7:14:4b:24:c9:7a:dd:e5:2a:f4:6a:6f:59:9e:d3:a0:
30:0f:57:23:e9:94:03:e4:af:de:92:1f:be:12:a9:24:2c:b7:
eb:8e:b1:f6:7e:e5:0a:3f:fe:09:59:fe:60:26:d9:2e:7e:22:
06:63:a5:99
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYXNVg/gA6sxt3tzoC72L+YiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTIwMDQwMDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2I2MjQ3NzU0M2RlODEyY2E0ZWIwYWRhNjBiZmJkNjkzOWYxYjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSYk82iRdSY5SL9pbKjPM9vQ4M2Z
iXy6Abz9oC+LXElQdyqaxvDZl12gekWnuHcfrW0jCKZ+AOlSg/gkOXTfFr0wAqj+
S9VWHGzZsAnHq1Z5Oxxn7bzDvsLXu8IOhgFHOEMq9b0/oL7Acqqz4trwYHX9lAwz
Xka5SCcQiP3lHohe/Fb0Xa8Lol8RhskhQvptn1YQkd8mX4Zn5i2/hhFrD9WS0C7s
EbFAbK4ZTPA3+q6vRTqCskvNSgS1HRygIyvoqa3RvfmtA9ptByV91LbivZkgG01P
+Eh0q8CZjmTj6rsL1gI57eWPS+7QoVKkumjImBwiDHgRB2S1ImvpfincsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHy2JHdUPegSyk6wraYL+9aTnxsQMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZkxZa2QxUTk2QkxLVHJDdHBndjcxcE9mR3hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLXsoAwQC
Z80YAwQAwRNqMA0GCSqGSIb3DQEBCwUAA4IBAQBHlM+pe720jTH4qB6itaNeQNO8
3GlJLMw+pQ9gChnMOdJhGQnCG0wGwmjr9/Xh/4moj3hvIL+XLs7cRqSIY9vYRfWR
Ibyj9r5hnlSJizGg+Gvmx3WR1MI9oJpR2E3YADbLxzkkWrj76z61iF+O2YJhiLv+
bhNcu9HeN9zMT5kgGx7fL3QE0juYjXtre2NJAARJoKV/12EsqV+K13JHwtY5WfmB
IoZZLhVGLs1PVMB0kJ8CfAi9qujtR0+AgRfpM3sZO7KhSqU1pvcUSyTJet3lKvRq
b1me06AwD1cj6ZQD5K/ekh++EqkkLLfrjrH2fuUKP/4JWf5gJtkufiIGY6WZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:47 2024 by rpki-client on console-fra.rpki-client.org