Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WCXmzVVba-4qBWNNSovk6TS3VU4.roa
File: WCXmzVVba-4qBWNNSovk6TS3VU4.roa (raw, json)
Hash identifier: B52TA3whbcmNlWNxPFFm8q5GJ1vcO3QFzq/3+VAFm0o=
Subject key identifier: 58:25:E6:CD:55:5B:6B:EE:2A:05:63:4D:4A:8B:E4:E9:34:B7:55:4E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018DCF5594099726EBADC41099645E13AA0B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WCXmzVVba-4qBWNNSovk6TS3VU4.roa
Signing time: Thu 22 Feb 2024 05:41:48 +0000
ROA not before: Thu 22 Feb 2024 05:41:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47757
IP address blocks: 45.9.156.0/24 maxlen: 24
45.129.86.0/23 maxlen: 24
94.156.72.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:cf:55:94:09:97:26:eb:ad:c4:10:99:64:5e:13:aa:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 22 05:41:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5825e6cd555b6bee2a05634d4a8be4e934b7554e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:98:5f:33:ce:5f:79:ca:75:b3:4e:b5:7a:7b:
a7:4f:57:e6:eb:58:bc:ee:7e:55:fd:21:d9:4c:dd:
e7:9e:5c:a3:0d:f3:f2:06:b2:c1:53:2e:95:8e:73:
41:8a:cb:ee:92:87:d5:a2:c8:2f:a7:06:32:03:78:
4c:ca:3a:46:5a:08:8c:74:53:a5:e2:6a:8f:78:41:
b0:25:15:95:50:0c:57:52:50:12:ad:9a:b6:bf:12:
2b:e9:d8:0c:29:24:d2:a2:77:95:de:ef:4f:a3:b7:
7f:fd:43:64:37:2f:fc:59:aa:a3:1b:57:51:c8:f2:
fe:da:10:da:39:57:91:a0:ea:50:99:d1:be:7b:bf:
07:2f:1d:86:e1:19:da:8c:b0:0e:a8:95:f7:da:ea:
21:5b:1f:c3:94:61:ce:07:f1:e0:16:cb:9f:0c:1c:
2e:b1:5f:be:fc:b4:d8:40:af:f4:c4:5a:ac:5a:12:
50:83:3d:e8:30:19:03:c5:ee:45:71:a9:00:b4:d1:
76:fe:d4:55:42:40:65:11:a6:4b:df:e2:d3:af:d7:
97:8f:c9:a5:af:17:e2:ae:55:7a:5e:f0:80:a7:02:
cd:0c:cf:66:ce:ae:a5:5d:3d:d4:2b:f5:51:f7:55:
bd:67:4b:87:9d:45:3a:3f:8c:52:6e:88:9f:11:16:
3b:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:25:E6:CD:55:5B:6B:EE:2A:05:63:4D:4A:8B:E4:E9:34:B7:55:4E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WCXmzVVba-4qBWNNSovk6TS3VU4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.129.86.0/23
94.156.72.0/23
194.48.248.0/24
Signature Algorithm: sha256WithRSAEncryption
98:d1:04:28:14:09:d4:18:63:c3:38:1c:44:28:1a:6a:84:ea:
64:38:fc:51:de:06:37:dc:33:ea:d0:3e:71:4d:1a:87:88:ae:
82:eb:ef:c2:5d:9e:1d:2b:52:9c:1c:27:fe:63:ac:40:6b:55:
8f:1f:c3:1a:72:fe:62:57:da:99:ce:a5:87:1b:43:a8:1c:fc:
af:ca:6d:f5:57:7f:9b:f9:dc:3a:be:8e:94:7b:8f:1e:59:8e:
d9:c3:1b:40:94:d8:1f:f6:f6:72:4c:09:89:8f:3e:5d:8d:c8:
ba:50:fa:6f:cf:2d:ed:ac:81:2c:db:69:5f:05:03:f4:fd:00:
13:b8:dd:2b:20:6f:4e:1e:f4:55:60:86:b6:56:35:06:72:f7:
1f:b7:d9:02:c0:83:68:58:17:6b:90:ad:b3:77:90:e1:2e:57:
08:d7:31:11:a8:1c:b7:98:a5:15:b2:5f:a4:fe:36:e1:d0:c7:
c2:f8:c2:98:b9:26:6e:02:a7:fe:c6:97:4f:46:5c:42:46:41:
d2:a3:3b:b3:65:ab:9f:10:e7:3c:24:60:20:ec:a9:21:61:a0:
19:0e:b5:f0:91:df:59:a4:84:13:bf:a2:a7:59:19:af:a7:d4:
72:03:b3:61:75:b5:30:04:76:f7:5e:d6:5b:76:20:cc:19:4f:
a2:76:22:29
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY3PVZQJlybrrcQQmWReE6oLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjIyMDU0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODI1ZTZjZDU1NWI2YmVlMmEwNTYzNGQ0YThiZTRlOTM0Yjc1NTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZhfM85fecp1s061enunT1fm61i8
7n5V/SHZTN3nnlyjDfPyBrLBUy6VjnNBisvukofVosgvpwYyA3hMyjpGWgiMdFOl
4mqPeEGwJRWVUAxXUlASrZq2vxIr6dgMKSTSoneV3u9Po7d//UNkNy/8WaqjG1dR
yPL+2hDaOVeRoOpQmdG+e78HLx2G4RnajLAOqJX32uohWx/DlGHOB/HgFsufDBwu
sV++/LTYQK/0xFqsWhJQgz3oMBkDxe5FcakAtNF2/tRVQkBlEaZL3+LTr9eXj8ml
rxfirlV6XvCApwLNDM9mzq6lXT3UK/VR91W9Z0uHnUU6P4xSboifERY79wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFgl5s1VW2vuKgVjTUqL5Ok0t1VOMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV0NYbXpWVmJhLTRxQldOTlNvdms2VFMzVlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALQmcAwQB
LYFWAwQBXpxIAwQAwjD4MA0GCSqGSIb3DQEBCwUAA4IBAQCY0QQoFAnUGGPDOBxE
KBpqhOpkOPxR3gY33DPq0D5xTRqHiK6C6+/CXZ4dK1KcHCf+Y6xAa1WPH8Macv5i
V9qZzqWHG0OoHPyvym31V3+b+dw6vo6Ue48eWY7ZwxtAlNgf9vZyTAmJjz5djci6
UPpvzy3trIEs22lfBQP0/QATuN0rIG9OHvRVYIa2VjUGcvcft9kCwINoWBdrkK2z
d5DhLlcI1zERqBy3mKUVsl+k/jbh0MfC+MKYuSZuAqf+xpdPRlxCRkHSozuzZauf
EOc8JGAg7KkhYaAZDrXwkd9ZpIQTv6KnWRmvp9RyA7NhdbUwBHb3XtZbdiDMGU+i
diIp
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:35 2024 by rpki-client on console-ams.rpki-client.org