Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/woc2v3WJxls8PWTBhvi2zBviwN0.roa
File: woc2v3WJxls8PWTBhvi2zBviwN0.roa (raw, json)
Hash identifier: enTcdfONp2K8K4tiArenq9iL56L+nik4gumKLUMy16c=
Subject key identifier: C2:87:36:BF:75:89:C6:5B:3C:3D:64:C1:86:F8:B6:CC:1B:E2:C0:DD
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 018616ED3641A8E7E37BD8EE1913CEB44705
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/woc2v3WJxls8PWTBhvi2zBviwN0.roa
Signing time: Fri 03 Feb 2023 10:58:09 +0000
ROA not before: Fri 03 Feb 2023 10:58:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 45.82.14.0/23 maxlen: 23
185.244.48.0/24 maxlen: 24
185.244.51.0/24 maxlen: 24
185.250.44.0/23 maxlen: 23
185.250.46.0/23 maxlen: 23
193.39.168.0/24 maxlen: 24
193.39.171.0/24 maxlen: 24
194.187.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:16:ed:36:41:a8:e7:e3:7b:d8:ee:19:13:ce:b4:47:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Feb 3 10:58:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c28736bf7589c65b3c3d64c186f8b6cc1be2c0dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:dc:ad:66:80:0d:2f:f2:65:d7:3b:04:9b:c3:
61:3d:c3:09:f5:ef:85:b8:48:19:52:4d:c7:a1:43:
03:ac:a9:de:9d:e3:1c:1a:58:a7:55:4a:15:e2:a8:
b0:e9:30:d1:4f:9b:ec:04:70:d9:65:23:6a:67:53:
4f:9a:ba:d5:ad:6e:7f:24:66:05:9d:19:91:a6:90:
74:58:97:ad:1b:c3:1a:02:e4:93:e4:79:50:bc:61:
cb:f9:85:2e:b2:a4:6f:e8:a9:06:f1:23:b5:32:5d:
93:46:11:2b:06:8e:65:ee:a8:0b:e3:79:42:e9:61:
3d:07:1e:f8:b2:0c:fd:26:bb:b5:1e:3f:3e:d6:05:
42:2e:d8:50:59:6a:dc:fb:a1:9a:8c:9c:62:ab:f8:
25:77:d4:9c:6d:d7:e3:58:ff:d3:49:10:c1:10:24:
f3:79:e9:0f:94:b5:0b:70:1d:72:49:d0:62:d4:d9:
3f:96:c9:13:f2:67:2a:11:30:30:1d:61:3a:a5:51:
ad:47:08:57:d6:fa:1e:56:2e:55:7e:0e:68:00:6d:
01:fc:85:0c:c5:1a:e9:84:8b:e0:cc:3e:27:dc:76:
51:0d:cd:9c:98:de:eb:24:52:3c:e0:10:1d:94:8f:
49:1c:7e:22:fb:3c:f2:05:6c:91:22:68:0c:db:d7:
42:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:87:36:BF:75:89:C6:5B:3C:3D:64:C1:86:F8:B6:CC:1B:E2:C0:DD
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/woc2v3WJxls8PWTBhvi2zBviwN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.82.14.0/23
185.244.48.0/24
185.244.51.0/24
185.250.44.0/22
193.39.168.0/24
193.39.171.0/24
194.187.120.0/24
Signature Algorithm: sha256WithRSAEncryption
9c:31:ca:74:fc:d3:c1:51:cb:7d:f1:1e:9b:2e:b5:6c:1f:be:
11:1c:8a:38:09:1e:53:6f:64:6e:c6:6b:1a:ce:03:bd:38:29:
78:d6:f6:14:82:3f:56:64:82:cb:a0:33:66:4e:41:30:ed:13:
a6:83:c8:23:e8:46:0b:c0:e3:66:e4:cf:88:5d:f4:3e:5f:a5:
d1:96:fe:4c:c0:cd:1b:8f:35:35:0b:77:73:50:cb:17:fe:83:
6d:08:98:10:aa:53:08:04:cd:50:7a:29:9f:66:cb:d0:f1:7a:
eb:0c:e3:ff:db:5f:45:80:30:3d:55:6c:73:e1:5f:b4:27:9d:
9b:f4:d0:27:86:3b:bd:5b:68:16:a6:0c:0d:42:fd:4e:14:21:
0b:87:43:a0:5f:5d:a0:d5:a6:21:02:6b:9a:ee:e1:bb:55:ab:
a4:d7:13:76:a9:4a:51:21:e5:bc:64:50:52:29:05:15:b9:31:
0b:87:ed:5f:ee:45:d3:66:82:6e:6e:ca:f3:6c:79:4c:5a:f8:
62:74:9d:a2:91:cd:2e:1d:e6:fa:9e:12:f6:cb:8d:df:4b:ee:
7b:e6:60:74:c7:bf:f4:aa:9a:23:fa:45:1e:6a:65:7c:e5:0a:
25:fe:66:3c:1b:67:70:58:6d:46:b3:7d:96:40:ab:c8:57:06:
e3:ab:e9:18
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYYW7TZBqOfje9juGRPOtEcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjMwMjAzMTA1ODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjg3MzZiZjc1ODljNjViM2MzZDY0YzE4NmY4YjZjYzFiZTJjMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidytZoANL/Jl1zsEm8NhPcMJ9e+F
uEgZUk3HoUMDrKneneMcGlinVUoV4qiw6TDRT5vsBHDZZSNqZ1NPmrrVrW5/JGYF
nRmRppB0WJetG8MaAuST5HlQvGHL+YUusqRv6KkG8SO1Ml2TRhErBo5l7qgL43lC
6WE9Bx74sgz9Jru1Hj8+1gVCLthQWWrc+6GajJxiq/gld9ScbdfjWP/TSRDBECTz
eekPlLULcB1ySdBi1Nk/lskT8mcqETAwHWE6pVGtRwhX1voeVi5Vfg5oAG0B/IUM
xRrphIvgzD4n3HZRDc2cmN7rJFI84BAdlI9JHH4i+zzyBWyRImgM29dC8QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMKHNr91icZbPD1kwYb4tswb4sDdMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvd29jMnYzV0p4bHM4UFdUQmh2aTJ6QnZpd04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBLVIOAwQA
ufQwAwQAufQzAwQCufosAwQAwSeoAwQAwSerAwQAwrt4MA0GCSqGSIb3DQEBCwUA
A4IBAQCcMcp0/NPBUct98R6bLrVsH74RHIo4CR5Tb2RuxmsazgO9OCl41vYUgj9W
ZILLoDNmTkEw7ROmg8gj6EYLwONm5M+IXfQ+X6XRlv5MwM0bjzU1C3dzUMsX/oNt
CJgQqlMIBM1QeimfZsvQ8XrrDOP/219FgDA9VWxz4V+0J52b9NAnhju9W2gWpgwN
Qv1OFCELh0OgX12g1aYhAmua7uG7Vauk1xN2qUpRIeW8ZFBSKQUVuTELh+1f7kXT
ZoJubsrzbHlMWvhidJ2ikc0uHeb6nhL2y43fS+575mB0x7/0qpoj+kUeamV85Qol
/mY8G2dwWG1Gs32WQKvIVwbjq+kY
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:59:33 2023 by rpki-client on console-fra.rpki-client.org