Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/wYLXqDWOKvJvdg50YiVDACxfHWE.roa
File: wYLXqDWOKvJvdg50YiVDACxfHWE.roa (raw, json)
Hash identifier: MZhmGx9KKfembau+h5veBIKpA2X8e7u7jyrN8BqmXgg=
Subject key identifier: C1:82:D7:A8:35:8E:2A:F2:6F:76:0E:74:62:25:43:00:2C:5F:1D:61
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 0186EB89934160B6EA4007452F81E29C539A
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/wYLXqDWOKvJvdg50YiVDACxfHWE.roa
Signing time: Thu 16 Mar 2023 17:48:27 +0000
ROA not before: Thu 16 Mar 2023 17:48:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 45027
IP address blocks: 194.113.34.0/24 maxlen: 24
45.83.180.0/22 maxlen: 22
45.150.109.0/24 maxlen: 24
45.150.110.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:eb:89:93:41:60:b6:ea:40:07:45:2f:81:e2:9c:53:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Mar 16 17:48:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c182d7a8358e2af26f760e74622543002c5f1d61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:f2:54:0d:34:c1:a6:d4:66:4e:6f:5a:fa:83:
91:a2:cc:3a:f9:31:ef:83:19:9a:ac:f4:a8:a5:a6:
11:42:10:9b:93:d9:2e:4f:42:6f:b8:dc:ea:fa:38:
01:c7:f8:62:e9:58:dd:19:5e:b1:a1:48:fc:29:f2:
07:9c:a9:f3:a5:08:79:01:06:2f:66:12:64:e9:24:
2c:92:8b:f6:f6:c2:d1:bc:3f:de:e6:33:f2:f6:57:
5b:9f:5b:9e:dd:15:b1:91:8e:fd:ea:a5:3f:f2:83:
cf:fd:7c:d1:1c:e6:ba:ec:20:7c:74:0a:b2:42:81:
23:0e:ab:04:5e:75:79:cb:4e:66:7b:77:0f:8f:c1:
83:57:57:19:55:47:0b:1d:f6:81:41:70:09:c6:a8:
ee:c1:0c:10:a6:4c:db:d9:32:06:99:7b:4e:cd:c7:
34:a5:bc:8f:93:e7:01:2b:cd:a0:f2:b2:b3:d6:79:
f6:90:f7:3b:65:20:77:71:7c:ca:99:d3:5c:dc:8c:
25:51:23:06:09:cd:1d:8e:a1:78:75:5f:45:f9:e4:
c3:e0:08:13:56:24:04:26:90:c5:cb:7c:21:c3:0a:
3f:fc:11:f3:be:62:4d:b0:b3:5a:62:4c:3b:03:3d:
fd:a9:13:82:1e:2d:6a:c2:6a:bb:cc:50:ca:6b:a2:
83:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:82:D7:A8:35:8E:2A:F2:6F:76:0E:74:62:25:43:00:2C:5F:1D:61
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/wYLXqDWOKvJvdg50YiVDACxfHWE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.83.180.0/22
45.150.109.0-45.150.111.255
194.113.34.0/24
Signature Algorithm: sha256WithRSAEncryption
55:a4:bf:1d:f9:93:45:bd:0c:7a:7c:56:53:cd:1e:c6:7e:72:
c2:44:54:31:d5:f4:ae:5c:70:f1:f3:f6:cd:1b:bd:d8:2d:ad:
45:66:c7:5d:51:bc:20:a0:e2:ea:b9:01:65:72:24:9e:94:3e:
c3:c4:a2:43:db:c4:c5:6f:cc:3e:e6:c4:df:8c:d3:29:4c:5b:
43:15:7f:a7:8c:9e:69:a3:4f:81:d3:0d:15:49:a9:55:84:74:
72:50:72:82:0b:da:fa:92:15:4e:6f:86:f1:4d:08:25:ab:ae:
c3:29:47:dc:b5:af:0a:f1:2e:c0:23:e4:35:8e:d0:d6:e6:1b:
83:ce:04:f5:8a:22:ef:de:33:e1:8a:64:bf:bf:7d:f4:e0:6f:
68:fd:6b:3d:98:fa:1e:a0:3b:89:17:10:07:ef:21:9b:61:54:
56:d8:c6:25:56:58:8a:4d:ab:82:24:80:19:4a:93:39:ff:f0:
cc:9a:66:af:f6:81:cd:9c:4a:0c:4a:df:e6:2a:6a:ea:6a:e9:
77:d3:dc:c9:6e:86:05:38:f4:2d:50:c2:a7:51:b9:4f:94:df:
cd:a9:d4:67:32:a2:f0:b4:0b:2e:30:d6:4c:92:4a:77:ad:4c:
96:29:f2:44:65:fe:98:09:a9:25:cd:5e:39:00:a2:37:ec:09:
2d:bd:2f:51
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYbriZNBYLbqQAdFL4HinFOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjMwMzE2MTc0ODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTgyZDdhODM1OGUyYWYyNmY3NjBlNzQ2MjI1NDMwMDJjNWYxZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/JUDTTBptRmTm9a+oORosw6+THv
gxmarPSopaYRQhCbk9kuT0JvuNzq+jgBx/hi6VjdGV6xoUj8KfIHnKnzpQh5AQYv
ZhJk6SQskov29sLRvD/e5jPy9ldbn1ue3RWxkY796qU/8oPP/XzRHOa67CB8dAqy
QoEjDqsEXnV5y05me3cPj8GDV1cZVUcLHfaBQXAJxqjuwQwQpkzb2TIGmXtOzcc0
pbyPk+cBK82g8rKz1nn2kPc7ZSB3cXzKmdNc3IwlUSMGCc0djqF4dV9F+eTD4AgT
ViQEJpDFy3whwwo//BHzvmJNsLNaYkw7Az39qROCHi1qwmq7zFDKa6KDWwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFMGC16g1jiryb3YOdGIlQwAsXx1hMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvd1lMWHFEV09Ldkp2ZGc1MFlpVkRBQ3hmSFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCLVO0MAwD
BAAtlm0DBAQtlmADBADCcSIwDQYJKoZIhvcNAQELBQADggEBAFWkvx35k0W9DHp8
VlPNHsZ+csJEVDHV9K5ccPHz9s0bvdgtrUVmx11RvCCg4uq5AWVyJJ6UPsPEokPb
xMVvzD7mxN+M0ylMW0MVf6eMnmmjT4HTDRVJqVWEdHJQcoIL2vqSFU5vhvFNCCWr
rsMpR9y1rwrxLsAj5DWO0NbmG4POBPWKIu/eM+GKZL+/ffTgb2j9az2Y+h6gO4kX
EAfvIZthVFbYxiVWWIpNq4IkgBlKkzn/8MyaZq/2gc2cSgxK3+Yqaupq6XfT3Mlu
hgU49C1QwqdRuU+U382p1GcyovC0Cy4w1kySSnetTJYp8kRl/pgJqSXNXjkAojfs
CS29L1E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:37 2024 by rpki-client on console-fra.rpki-client.org