Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mWfZ-Dk889f0usMSDE9RWcGb3Ak.roa
File: mWfZ-Dk889f0usMSDE9RWcGb3Ak.roa (raw, json)
Hash identifier: jE0ne+OltmQkjrfHTJOdSr9uJyrozbsOPFJPTdag/Wc=
Subject key identifier: 99:67:D9:F8:39:3C:F3:D7:F4:BA:C3:12:0C:4F:51:59:C1:9B:DC:09
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018929918BE60C48EC696021B5CB311928D9
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mWfZ-Dk889f0usMSDE9RWcGb3Ak.roa
Signing time: Thu 06 Jul 2023 04:59:11 +0000
ROA not before: Thu 06 Jul 2023 04:59:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49981
IP address blocks: 45.130.201.0/24 maxlen: 24
185.244.138.0/24 maxlen: 24
45.159.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:29:91:8b:e6:0c:48:ec:69:60:21:b5:cb:31:19:28:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jul 6 04:59:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9967d9f8393cf3d7f4bac3120c4f5159c19bdc09
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:8e:1b:9a:13:e4:0e:6c:66:dd:36:25:68:aa:
29:b2:7d:10:e9:01:78:e0:11:b1:6d:b5:83:b8:3d:
cd:fb:d4:6c:6a:18:4b:7c:a4:ee:36:b4:11:87:11:
74:d0:89:e4:5e:92:d3:0f:b8:49:63:e4:1f:7a:c1:
9f:ef:82:f9:8e:73:5d:53:d7:05:43:75:0b:29:81:
02:65:1b:0a:a9:df:2e:e1:53:9c:80:d2:50:cb:f1:
f4:08:7e:e9:1b:50:2a:74:b1:1a:ff:bd:f1:3a:a3:
89:31:96:dc:8b:d5:08:9d:d6:b9:88:fb:63:d9:cd:
9d:e7:50:bc:ed:64:bf:b0:1f:08:55:9e:e0:ea:f7:
e1:db:93:fe:f8:bb:f9:ea:44:cb:07:eb:f0:98:5b:
d3:3d:72:c8:3f:ae:c1:4b:06:4e:c3:32:c7:41:0b:
db:19:ab:9d:d4:e6:21:a8:62:fa:c2:a8:67:b6:6c:
54:e5:b9:59:73:b8:21:4a:ad:8d:c8:12:7a:8e:69:
a2:7e:67:da:64:39:a0:aa:a3:0b:4e:08:55:97:cb:
21:d3:13:b8:6e:30:aa:8b:83:ab:33:56:dd:c7:84:
51:85:46:06:54:84:99:8c:27:5c:82:8b:ed:aa:7a:
7e:47:e9:42:90:2a:df:23:58:f6:06:eb:8d:ef:ea:
20:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:67:D9:F8:39:3C:F3:D7:F4:BA:C3:12:0C:4F:51:59:C1:9B:DC:09
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mWfZ-Dk889f0usMSDE9RWcGb3Ak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.130.201.0/24
45.159.155.0/24
185.244.138.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:eb:57:91:1b:a0:7a:e1:88:d5:d5:52:23:d6:c8:d8:53:5b:
b6:92:7c:09:e4:13:16:b3:c9:39:d9:4f:30:8b:cc:99:4a:b4:
a9:6b:0a:19:24:4c:00:56:5c:81:7c:7e:9b:26:e5:d9:f3:8d:
cf:ef:a0:90:99:46:2d:04:84:1b:f2:f9:3b:be:be:d7:c5:69:
cb:23:29:95:43:30:6c:e7:60:5e:72:45:06:d1:05:f1:a1:af:
9e:9b:a2:02:6a:2e:89:2d:45:b2:07:34:8e:1b:04:da:9b:dc:
2e:f5:32:54:6f:e8:ae:bb:4c:7a:84:5f:f7:13:6c:a9:93:ef:
40:f5:c9:b8:88:d1:40:3b:c2:ba:89:fa:89:9b:62:3f:25:e8:
1b:ba:d8:11:21:de:56:97:37:17:fd:39:37:e6:09:39:4a:70:
2e:cc:ed:dc:ee:a9:77:a7:32:d7:db:a6:50:8a:c1:64:a3:2e:
af:8e:6a:21:be:27:0c:a4:ba:62:d9:e9:81:55:20:62:c9:f8:
4b:91:3d:b2:04:45:3b:11:15:ff:02:f7:b1:4d:ad:de:40:e3:
69:f4:0a:f8:a4:42:78:b5:65:01:c5:ba:83:21:31:44:5d:21:
e0:cf:89:82:63:3a:26:d9:57:38:79:49:32:31:22:41:0c:5a:
14:5d:2f:6f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYkpkYvmDEjsaWAhtcsxGSjZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzA2MDQ1OTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTY3ZDlmODM5M2NmM2Q3ZjRiYWMzMTIwYzRmNTE1OWMxOWJkYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArI4bmhPkDmxm3TYlaKopsn0Q6QF4
4BGxbbWDuD3N+9RsahhLfKTuNrQRhxF00InkXpLTD7hJY+QfesGf74L5jnNdU9cF
Q3ULKYECZRsKqd8u4VOcgNJQy/H0CH7pG1AqdLEa/73xOqOJMZbci9UInda5iPtj
2c2d51C87WS/sB8IVZ7g6vfh25P++Lv56kTLB+vwmFvTPXLIP67BSwZOwzLHQQvb
Gaud1OYhqGL6wqhntmxU5blZc7ghSq2NyBJ6jmmifmfaZDmgqqMLTghVl8sh0xO4
bjCqi4OrM1bdx4RRhUYGVISZjCdcgovtqnp+R+lCkCrfI1j2BuuN7+ogTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJln2fg5PPPX9LrDEgxPUVnBm9wJMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbVdmWi1Eazg4OWYwdXNNU0RFOVJXY0diM0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYLJAwQA
LZ+bAwQAufSKMA0GCSqGSIb3DQEBCwUAA4IBAQAt61eRG6B64YjV1VIj1sjYU1u2
knwJ5BMWs8k52U8wi8yZSrSpawoZJEwAVlyBfH6bJuXZ843P76CQmUYtBIQb8vk7
vr7XxWnLIymVQzBs52BeckUG0QXxoa+em6ICai6JLUWyBzSOGwTam9wu9TJUb+iu
u0x6hF/3E2ypk+9A9cm4iNFAO8K6ifqJm2I/JegbutgRId5WlzcX/Tk35gk5SnAu
zO3c7ql3pzLX26ZQisFkoy6vjmohvicMpLpi2emBVSBiyfhLkT2yBEU7ERX/Avex
Ta3eQONp9Ar4pEJ4tWUBxbqDITFEXSHgz4mCYzom2Vc4eUkyMSJBDFoUXS9v
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:13 2024 by rpki-client on console-ams.rpki-client.org