Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/a0ciRgKEi_9vt0R2wZk8ucDSm8o.roa
File: a0ciRgKEi_9vt0R2wZk8ucDSm8o.roa (raw, json)
Hash identifier: OL55hwV8guHrnmvk8V1iyus7csdItEbYaEBeDukyTJs=
Subject key identifier: 6B:47:22:46:02:84:8B:FF:6F:B7:44:76:C1:99:3C:B9:C0:D2:9B:CA
Certificate issuer: /CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Certificate serial: 03FB63A8
Authority key identifier: 24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/a0ciRgKEi_9vt0R2wZk8ucDSm8o.roa
Signing time: Thu 20 Jan 2022 06:58:55 +0000
ROA not before: Thu 20 Jan 2022 06:58:55 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208485
IP address blocks: 45.129.139.0/24 maxlen: 24
45.129.138.0/24 maxlen: 24
212.30.44.0/24 maxlen: 24
212.30.41.0/24 maxlen: 24
212.30.40.0/24 maxlen: 24
212.30.43.0/24 maxlen: 24
212.30.42.0/24 maxlen: 24
212.30.47.0/24 maxlen: 24
212.30.45.0/24 maxlen: 24
212.30.46.0/24 maxlen: 24
45.94.53.0/24 maxlen: 24
45.94.52.0/24 maxlen: 24
212.30.58.0/24 maxlen: 24
45.94.55.0/24 maxlen: 24
45.94.54.0/24 maxlen: 24
212.30.57.0/24 maxlen: 24
212.30.56.0/24 maxlen: 24
212.30.62.0/24 maxlen: 24
212.30.61.0/24 maxlen: 24
212.30.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 66806696 (0x3fb63a8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2455d7fee4a499ecaf11d2d3da8e389de323412f
Validity
Not Before: Jan 20 06:58:55 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6b47224602848bff6fb74476c1993cb9c0d29bca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:92:f5:97:80:a2:52:29:20:b2:d4:30:76:17:
13:4a:ed:d7:a1:da:5f:0e:55:73:eb:31:e2:7e:a1:
1e:f4:9e:78:94:d9:8e:5a:29:ad:82:51:b0:aa:b9:
b7:56:98:94:f4:df:6e:fc:7c:a9:3e:f4:a3:b2:1c:
69:e6:da:81:35:c9:8d:43:68:2b:80:fe:2e:92:4c:
70:3b:7b:5a:89:18:f6:0a:d1:7b:6f:2e:1a:2d:6f:
0a:c5:2f:d3:54:1c:4f:ef:71:31:c6:67:84:43:72:
63:56:e7:1b:23:46:46:7f:7c:66:fd:ec:2d:c4:a2:
3d:83:95:4d:37:d2:45:9b:a0:05:ac:44:27:de:c4:
5f:a3:f4:65:e4:41:f7:59:cf:80:f1:98:65:fd:d0:
26:ef:0b:41:1d:20:5a:34:4d:10:bb:15:70:e2:93:
4d:97:87:28:46:d1:3b:e5:5a:7b:19:6a:b1:06:77:
b9:4b:65:45:20:63:a6:08:df:24:81:7f:c3:c7:a1:
ce:77:e0:3a:5f:35:c4:f2:53:56:ac:d5:e3:b3:c4:
b7:1c:9d:3b:f9:fb:df:72:b5:4f:94:16:09:13:e5:
51:58:7e:ff:98:4f:ec:6b:b8:4f:ba:0f:fe:13:7b:
d2:e1:5f:c2:c1:26:fc:8e:00:75:64:77:45:87:b3:
c9:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:47:22:46:02:84:8B:FF:6F:B7:44:76:C1:99:3C:B9:C0:D2:9B:CA
X509v3 Authority Key Identifier:
keyid:24:55:D7:FE:E4:A4:99:EC:AF:11:D2:D3:DA:8E:38:9D:E3:23:41:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFXX_uSkmeyvEdLT2o44neMjQS8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/a0ciRgKEi_9vt0R2wZk8ucDSm8o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ffb76-9931-4942-9da1-1e0465513b63/1/JFXX_uSkmeyvEdLT2o44neMjQS8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.94.52.0/22
45.129.138.0/23
212.30.40.0/21
212.30.56.0/22
212.30.61.0-212.30.62.255
Signature Algorithm: sha256WithRSAEncryption
48:73:82:46:28:09:b3:f4:84:cf:7b:00:e0:6a:da:e3:1d:88:
c0:05:e9:6f:d1:20:7f:39:3e:ca:ed:c2:ef:64:e2:6b:45:c4:
45:da:88:48:57:b3:e1:aa:fe:97:42:19:c0:75:f1:80:72:9f:
98:21:bf:f2:9c:bb:0e:d9:8b:db:b9:d6:0c:6a:50:77:d0:c8:
1a:14:51:9a:fd:a6:96:0c:ea:0a:f7:07:9e:49:95:60:37:7f:
2c:cb:fe:d9:63:fa:d0:4d:a9:28:fe:a5:99:14:95:4e:2e:b6:
5d:9d:97:27:90:65:64:b0:3f:30:b7:fa:a9:9c:5c:04:a0:1d:
b6:7f:e7:9b:02:a4:b5:ae:36:84:c5:be:bb:99:7d:c1:1b:64:
39:59:0d:cc:fa:fa:53:50:7d:9f:86:6a:0d:da:54:b7:28:ea:
1c:50:e8:1d:36:76:82:62:a9:9b:4c:de:a9:eb:51:93:af:07:
05:89:bb:e2:a3:06:6a:6d:98:2f:19:c3:ba:c4:cc:74:46:52:
5d:ef:32:be:f9:39:56:9f:8e:a5:11:52:fa:02:90:24:67:71:
92:77:c4:65:f3:4f:a7:c2:4d:d2:89:54:fd:7f:05:31:d2:03:
0b:90:16:50:49:b7:5c:c6:e0:f5:37:c2:0c:e4:3a:f1:70:1b:
7e:52:af:37
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEA/tjqDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NDU1ZDdmZWU0YTQ5OWVjYWYxMWQyZDNkYThlMzg5ZGUzMjM0MTJmMB4XDTIyMDEy
MDA2NTg1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmI0NzIyNDYwMjg0
OGJmZjZmYjc0NDc2YzE5OTNjYjljMGQyOWJjYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIuS9ZeAolIpILLUMHYXE0rt16HaXw5Vc+sx4n6hHvSeeJTZ
jloprYJRsKq5t1aYlPTfbvx8qT70o7IcaebagTXJjUNoK4D+LpJMcDt7WokY9grR
e28uGi1vCsUv01QcT+9xMcZnhENyY1bnGyNGRn98Zv3sLcSiPYOVTTfSRZugBaxE
J97EX6P0ZeRB91nPgPGYZf3QJu8LQR0gWjRNELsVcOKTTZeHKEbRO+VaexlqsQZ3
uUtlRSBjpgjfJIF/w8ehznfgOl81xPJTVqzV47PEtxydO/n733K1T5QWCRPlUVh+
/5hP7Gu4T7oP/hN70uFfwsEm/I4AdWR3RYezyX8CAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBRrRyJGAoSL/2+3RHbBmTy5wNKbyjAfBgNVHSMEGDAWgBQkVdf+5KSZ7K8R
0tPajjid4yNBLzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0pGWFhfdVNrbWV5dkVkTFQybzQ0bmVNalFTOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMGMvM2ZmYjc2LTk5MzEtNDk0Mi05ZGExLTFlMDQ2NTUxM2I2My8x
L2EwY2lSZ0tFaV85dnQwUjJ3Wms4dWNEU204by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMv
M2ZmYjc2LTk5MzEtNDk0Mi05ZGExLTFlMDQ2NTUxM2I2My8xL0pGWFhfdVNrbWV5
dkVkTFQybzQ0bmVNalFTOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAEwJgMEAi1eNAMEAS2BigMEA9QeKAMEAtQe
ODAMAwQA1B49AwQA1B4+MA0GCSqGSIb3DQEBCwUAA4IBAQBIc4JGKAmz9ITPewDg
atrjHYjABelv0SB/OT7K7cLvZOJrRcRF2ohIV7Phqv6XQhnAdfGAcp+YIb/ynLsO
2YvbudYMalB30MgaFFGa/aaWDOoK9weeSZVgN38sy/7ZY/rQTako/qWZFJVOLrZd
nZcnkGVksD8wt/qpnFwEoB22f+ebAqS1rjaExb67mX3BG2Q5WQ3M+vpTUH2fhmoN
2lS3KOocUOgdNnaCYqmbTN6p61GTrwcFibviowZqbZgvGcO6xMx0RlJd7zK++TlW
n46lEVL6ApAkZ3GSd8Rl80+nwk3SiVT9fwUx0gMLkBZQSbdcxuD1N8IM5DrxcBt+
Uq83
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:43:35 2023 by rpki-client on console-fra.rpki-client.org