Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/j3tOcoO8GKU6AnfAwlXnQy8R6xo.roa
File: j3tOcoO8GKU6AnfAwlXnQy8R6xo.roa (raw, json)
Hash identifier: 6ZyM0M73DxHEgtGIRoiRpv1F7uN8Xc0zyYCDIyT3cZc=
Subject key identifier: 8F:7B:4E:72:83:BC:18:A5:3A:02:77:C0:C2:55:E7:43:2F:11:EB:1A
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0185291847DADF5BAA2B346DD77CF54F56AC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/j3tOcoO8GKU6AnfAwlXnQy8R6xo.roa
Signing time: Mon 19 Dec 2022 06:35:34 +0000
ROA not before: Mon 19 Dec 2022 06:35:34 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 45.148.12.0/22 maxlen: 22
45.147.84.0/22 maxlen: 22
185.241.210.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:29:18:47:da:df:5b:aa:2b:34:6d:d7:7c:f5:4f:56:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Dec 19 06:35:34 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8f7b4e7283bc18a53a0277c0c255e7432f11eb1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:e7:85:0f:bb:4a:69:f1:b4:0b:45:53:af:c2:
bb:18:3f:8d:26:9d:71:f1:d4:38:99:86:13:3f:11:
ab:18:cf:45:75:b8:18:c4:90:bc:07:03:d0:80:8e:
ef:ea:2a:55:9c:ba:b5:78:dd:c9:d8:c2:b1:4b:b9:
ad:2c:ef:d4:78:5e:7e:e9:34:69:a3:31:4d:ac:fa:
5f:f0:84:42:81:a0:4f:85:b5:db:35:1a:fe:19:19:
63:3d:fe:5b:da:76:bf:00:f2:f7:66:86:86:c3:1a:
2b:7a:78:24:69:d1:f4:3a:24:11:63:ec:18:67:01:
3a:a5:1c:18:6e:bd:cf:4e:3a:ac:a2:d2:67:34:44:
6e:f4:ba:f5:6b:bd:03:c9:27:d6:50:f0:3d:ca:b2:
f5:16:0b:cd:bf:5b:4a:fc:1c:47:0c:7d:fa:8c:d9:
80:87:dd:8d:af:da:a7:b9:9e:9c:55:57:5c:d1:6e:
f4:77:97:6d:bd:79:f9:ee:4a:9a:d4:28:b9:52:c0:
f5:e6:d2:72:90:09:bf:b3:e7:51:1d:53:06:b0:2b:
1d:e3:ba:70:04:9c:e0:de:57:ae:5f:4f:39:d9:0b:
21:8a:8d:19:13:cc:a6:17:d7:4f:8d:fc:d8:92:9c:
57:b1:79:cf:a2:b4:6c:c1:26:ab:85:03:df:2f:4a:
00:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:7B:4E:72:83:BC:18:A5:3A:02:77:C0:C2:55:E7:43:2F:11:EB:1A
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/j3tOcoO8GKU6AnfAwlXnQy8R6xo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.147.84.0/22
45.148.12.0/22
185.241.210.0/23
Signature Algorithm: sha256WithRSAEncryption
30:58:d7:f0:e6:db:4d:de:71:bc:34:24:fa:fe:32:6b:45:bb:
30:99:f7:dc:7f:7e:bb:19:a9:38:16:ca:46:38:3c:4e:a2:b9:
ea:ff:01:ba:20:ec:c2:6b:da:ba:e7:c4:ae:6a:72:57:86:9f:
26:c2:3f:ef:51:80:8d:76:75:c6:e3:04:4c:07:ec:26:40:98:
50:d1:5a:43:c2:25:d6:5f:72:80:b9:41:30:31:5f:04:ba:68:
c5:28:26:eb:7a:33:f4:7e:70:e9:95:8b:70:c8:03:6f:38:c7:
f7:de:5d:2e:96:d9:88:2f:cb:5e:30:e0:7d:17:76:74:50:d7:
38:c0:fc:64:03:be:13:29:62:9d:6a:75:9f:9d:2d:d9:b8:30:
27:35:65:a2:2a:31:dc:7b:f5:ec:e9:e5:d7:79:1c:49:a2:f6:
f6:96:09:b3:d7:7f:ed:a9:4e:c8:f2:d7:e5:ec:66:38:ea:b8:
b0:63:ad:18:6f:fc:27:fe:3a:10:af:20:c8:fb:95:2c:f5:41:
77:f7:b5:ce:83:31:74:45:ad:85:62:bf:7e:35:fb:5f:02:38:
d9:99:33:79:f8:68:99:5e:12:83:90:02:93:1b:12:63:bf:7d:
3f:d0:ea:30:09:da:ec:37:5c:34:9a:1b:03:f3:2f:ba:c2:69:
31:f9:c8:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYUpGEfa31uqKzRt13z1T1asMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjIxMjE5MDYzNTM0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjdiNGU3MjgzYmMxOGE1M2EwMjc3YzBjMjU1ZTc0MzJmMTFlYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+eFD7tKafG0C0VTr8K7GD+NJp1x
8dQ4mYYTPxGrGM9FdbgYxJC8BwPQgI7v6ipVnLq1eN3J2MKxS7mtLO/UeF5+6TRp
ozFNrPpf8IRCgaBPhbXbNRr+GRljPf5b2na/APL3ZoaGwxorengkadH0OiQRY+wY
ZwE6pRwYbr3PTjqsotJnNERu9Lr1a70DySfWUPA9yrL1FgvNv1tK/BxHDH36jNmA
h92Nr9qnuZ6cVVdc0W70d5dtvXn57kqa1Ci5UsD15tJykAm/s+dRHVMGsCsd47pw
BJzg3leuX0852Qshio0ZE8ymF9dPjfzYkpxXsXnPorRswSarhQPfL0oAjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI97TnKDvBilOgJ3wMJV50MvEesaMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvajN0T2NvTzhHS1U2QW5mQXdsWG5ReThSNnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZNUAwQC
LZQMAwQBufHSMA0GCSqGSIb3DQEBCwUAA4IBAQAwWNfw5ttN3nG8NCT6/jJrRbsw
mffcf367Gak4FspGODxOornq/wG6IOzCa9q658SuanJXhp8mwj/vUYCNdnXG4wRM
B+wmQJhQ0VpDwiXWX3KAuUEwMV8EumjFKCbrejP0fnDplYtwyANvOMf33l0ultmI
L8teMOB9F3Z0UNc4wPxkA74TKWKdanWfnS3ZuDAnNWWiKjHce/Xs6eXXeRxJovb2
lgmz13/tqU7I8tfl7GY46riwY60Yb/wn/joQryDI+5Us9UF397XOgzF0Ra2FYr9+
NftfAjjZmTN5+GiZXhKDkAKTGxJjv30/0OowCdrsN1w0mhsD8y+6wmkx+cgu
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:02 2023 by rpki-client on console-fra.rpki-client.org