Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/549l2sg3_WDHYIpPocBm-HvjNVQ.roa
File: 549l2sg3_WDHYIpPocBm-HvjNVQ.roa (raw, json)
Hash identifier: +IsO5vWiV19/I9YaVcNc11mhQYjhoLSSEjARdAZAvTE=
Subject key identifier: E7:8F:65:DA:C8:37:FD:60:C7:60:8A:4F:A1:C0:66:F8:7B:E3:35:54
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018CC2DB2F329EAED420203F04441999CFFB
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/549l2sg3_WDHYIpPocBm-HvjNVQ.roa
Signing time: Mon 01 Jan 2024 02:29:53 +0000
ROA not before: Mon 01 Jan 2024 02:29:53 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 64470
IP address blocks: 45.140.32.0/22 maxlen: 22
193.46.204.0/24 maxlen: 24
193.46.211.0/24 maxlen: 24
193.46.214.0/24 maxlen: 24
193.46.220.0/24 maxlen: 24
45.149.160.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:db:2f:32:9e:ae:d4:20:20:3f:04:44:19:99:cf:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 1 02:29:53 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e78f65dac837fd60c7608a4fa1c066f87be33554
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:fc:72:4d:ad:17:4b:b8:00:2b:a3:93:0d:31:
85:97:a0:07:b1:dd:ae:5f:18:f4:ad:26:da:83:e5:
f9:06:38:b8:f4:1b:37:49:9f:15:fa:a4:7c:4f:a2:
f2:b2:18:d6:68:19:25:38:0e:06:28:32:c0:04:12:
bc:64:90:81:46:c0:96:45:a1:ba:0f:eb:bf:b7:fc:
49:fc:3e:58:8a:0e:31:f9:62:c2:4d:05:3e:39:d9:
a2:cf:49:2f:be:d6:dd:4f:cb:1b:60:0f:ed:8c:2e:
cb:e0:4e:8a:1b:2c:13:f8:b7:59:4e:33:a2:96:d7:
a1:b6:9f:b0:f1:20:67:28:4c:cc:93:ab:82:58:06:
58:5d:55:31:a7:a0:f4:c5:a0:61:e7:d5:93:b0:46:
ce:e7:23:48:8c:c1:28:eb:92:08:8b:c1:f6:69:fd:
d6:c7:ad:03:bd:6d:fe:32:63:14:d6:6b:a3:9c:c3:
cc:54:92:e2:00:18:e4:d3:08:42:ba:ca:de:0c:84:
50:06:11:6d:79:2e:31:77:07:46:34:79:c2:1a:ea:
c6:80:d2:87:d8:c0:b9:15:c0:13:0a:e3:f8:4e:ea:
43:af:4b:f7:ae:9f:63:24:22:3a:e8:93:09:22:5d:
de:ab:18:05:60:e7:09:d0:9f:78:5d:de:99:74:2a:
9e:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:8F:65:DA:C8:37:FD:60:C7:60:8A:4F:A1:C0:66:F8:7B:E3:35:54
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/549l2sg3_WDHYIpPocBm-HvjNVQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.140.32.0/22
45.149.160.0/22
193.46.204.0/24
193.46.211.0/24
193.46.214.0/24
193.46.220.0/24
Signature Algorithm: sha256WithRSAEncryption
64:95:4d:bc:4e:25:b3:bd:73:3b:e8:7a:37:a8:41:b8:76:37:
18:3f:1a:eb:28:c2:17:90:d6:51:fb:97:07:52:99:9d:48:6c:
42:b1:d7:02:2d:fc:86:10:64:6e:c3:33:07:7c:5b:0c:0a:d7:
44:0b:22:de:02:45:4e:50:af:54:12:c9:45:0d:dc:dc:73:9d:
a6:ec:26:c1:e9:44:c5:24:70:ce:fb:0d:75:19:ec:42:bd:1f:
60:ce:1d:44:fb:8f:a6:b4:94:e7:6f:bc:3a:bb:d0:d9:f5:be:
33:1c:f2:5b:fa:c6:28:05:c1:e4:09:6e:34:b3:94:63:d7:91:
07:c9:a9:c8:72:30:f5:88:e0:cd:5b:46:2e:c5:62:53:f6:6d:
b7:ae:d9:4b:e0:fc:ac:4b:ba:71:5c:f6:f4:d7:76:9d:cb:7e:
fe:34:7c:57:e3:e8:f5:18:62:5c:44:63:5a:b9:f7:0a:37:be:
86:d5:65:c8:a6:88:96:bd:2a:e5:55:0f:9c:6d:19:77:91:f4:
85:71:6a:33:51:07:31:16:3f:1d:bc:c9:11:e1:d9:cb:b0:29:
c6:27:cc:5b:22:a4:d3:93:d9:38:3f:8d:d6:4d:7f:d8:80:2a:
54:06:b2:08:7f:5d:a0:6b:f9:be:77:92:da:4f:a3:ad:5c:ea:
ab:ca:e3:17
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzC2y8ynq7UICA/BEQZmc/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzhmNjVkYWM4MzdmZDYwYzc2MDhhNGZhMWMwNjZmODdiZTMzNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvxyTa0XS7gAK6OTDTGFl6AHsd2u
Xxj0rSbag+X5Bji49Bs3SZ8V+qR8T6LyshjWaBklOA4GKDLABBK8ZJCBRsCWRaG6
D+u/t/xJ/D5Yig4x+WLCTQU+Odmiz0kvvtbdT8sbYA/tjC7L4E6KGywT+LdZTjOi
ltehtp+w8SBnKEzMk6uCWAZYXVUxp6D0xaBh59WTsEbO5yNIjMEo65IIi8H2af3W
x60DvW3+MmMU1mujnMPMVJLiABjk0whCusreDIRQBhFteS4xdwdGNHnCGurGgNKH
2MC5FcATCuP4TupDr0v3rp9jJCI66JMJIl3eqxgFYOcJ0J94Xd6ZdCqetQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFOePZdrIN/1gx2CKT6HAZvh74zVUMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvNTQ5bDJzZzNfV0RIWUlwUG9jQm0tSHZqTlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCLYwgAwQC
LZWgAwQAwS7MAwQAwS7TAwQAwS7WAwQAwS7cMA0GCSqGSIb3DQEBCwUAA4IBAQBk
lU28TiWzvXM76Ho3qEG4djcYPxrrKMIXkNZR+5cHUpmdSGxCsdcCLfyGEGRuwzMH
fFsMCtdECyLeAkVOUK9UEslFDdzcc52m7CbB6UTFJHDO+w11GexCvR9gzh1E+4+m
tJTnb7w6u9DZ9b4zHPJb+sYoBcHkCW40s5Rj15EHyanIcjD1iODNW0YuxWJT9m23
rtlL4PysS7pxXPb013ady37+NHxX4+j1GGJcRGNaufcKN76G1WXIpoiWvSrlVQ+c
bRl3kfSFcWozUQcxFj8dvMkR4dnLsCnGJ8xbIqTTk9k4P43WTX/YgCpUBrIIf12g
a/m+d5LaT6OtXOqryuMX
-----END CERTIFICATE-----
Generated at Thu Mar 7 19:25:59 2024 by rpki-client on console-fra.rpki-client.org