Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/KDIwbY8JEjkXdeqvESPoMjo-Jxk.roa
File: KDIwbY8JEjkXdeqvESPoMjo-Jxk.roa (raw, json)
Hash identifier: 1R3lfux8EiAm7pw5LGI/FqsFm1Yf+wrRz1d9l25KMbA=
Subject key identifier: 28:32:30:6D:8F:09:12:39:17:75:EA:AF:11:23:E8:32:3A:3E:27:19
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018571A7A3A9940208B80CD85BC70B9FAAAB
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/KDIwbY8JEjkXdeqvESPoMjo-Jxk.roa
Signing time: Mon 02 Jan 2023 08:44:49 +0000
ROA not before: Mon 02 Jan 2023 08:44:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49006
IP address blocks: 85.159.117.0/24 maxlen: 24
45.10.12.0/22 maxlen: 22
91.214.200.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:a7:a3:a9:94:02:08:b8:0c:d8:5b:c7:0b:9f:aa:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 2 08:44:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2832306d8f0912391775eaaf1123e8323a3e2719
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:56:22:32:3a:f9:a1:80:c2:e5:9c:60:4c:2f:
fc:22:81:52:6c:4a:6b:c6:89:ef:70:ab:91:b9:4e:
db:21:29:8f:5a:f6:3a:b6:68:67:8f:8c:2c:c8:1a:
25:5b:83:79:91:e5:f8:a7:14:e7:65:7e:58:9d:f6:
57:cc:b6:fb:b1:74:15:78:2d:cc:71:1a:1b:9c:51:
0c:5e:b6:a9:0c:af:2f:41:d3:cc:99:e8:61:f2:81:
dc:fd:1f:c9:4b:c4:59:87:4c:37:d7:5d:d2:d3:3a:
a3:3d:b7:94:1c:f2:2f:3e:17:f9:79:a1:63:36:5b:
4a:dc:c2:84:50:20:58:16:ec:4e:cb:4a:69:07:72:
82:2c:8f:24:8b:0e:f3:f1:b9:52:e7:2b:63:0a:8d:
6a:a7:e8:77:f3:54:d2:5f:be:8a:eb:08:f7:96:79:
b7:fc:5d:70:2f:59:7d:40:59:48:f2:2b:3b:31:24:
ea:3f:95:0b:24:5d:ed:03:5d:ec:6a:06:10:fd:3a:
6b:01:7f:92:ff:a2:1f:0a:6d:bc:81:47:55:a5:eb:
c5:71:3a:cd:7e:4b:7d:8e:17:86:a5:f1:d9:da:53:
8b:03:ac:d7:58:2d:3d:f6:96:0f:fb:4a:0b:45:ce:
eb:81:b5:99:3f:76:d9:8c:b7:85:8c:4d:c8:89:8f:
7d:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:32:30:6D:8F:09:12:39:17:75:EA:AF:11:23:E8:32:3A:3E:27:19
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/KDIwbY8JEjkXdeqvESPoMjo-Jxk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.12.0/22
85.159.117.0/24
91.214.200.0/22
Signature Algorithm: sha256WithRSAEncryption
ad:7b:dc:80:31:a8:4c:76:6b:7b:b7:58:6e:44:8f:25:73:99:
1e:3c:0f:b1:a8:bf:90:32:59:d6:b0:f7:54:86:11:2f:be:10:
f2:22:57:e5:f7:d6:9a:9c:3d:3c:e9:06:a8:18:e8:97:bf:d6:
e8:67:46:57:cd:26:2c:e9:ff:ec:28:a3:5c:6d:59:45:a1:9f:
3a:f0:19:c7:19:95:ba:03:c5:76:5c:39:b6:10:c1:0f:5c:8d:
20:3f:f6:e8:df:ff:73:77:db:1a:b5:13:26:75:55:8b:24:7a:
ea:db:a4:66:e4:fd:9b:f2:5d:5a:ff:48:a8:de:20:56:53:80:
b3:d0:ad:0b:e4:d5:06:64:71:ed:99:7d:eb:97:93:d2:23:85:
fe:e9:83:a8:19:25:91:64:f9:13:06:a6:98:e7:91:ec:bc:8c:
18:d3:00:a5:07:d0:6f:26:47:a3:8b:3f:fc:03:fa:7a:6e:1f:
73:81:65:41:e3:40:05:73:53:20:e7:12:93:7c:da:6f:b9:75:
2e:72:99:75:68:bd:05:d1:d0:7d:62:bf:12:9b:83:5f:e8:51:
c9:5c:af:ff:be:7f:dd:7b:4a:66:f7:e5:08:f0:90:87:d9:50:
c4:99:65:84:25:6c:4d:4b:54:de:87:f7:69:9c:e4:b9:b2:36:
5a:90:67:a2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVxp6OplAIIuAzYW8cLn6qrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwMTAyMDg0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODMyMzA2ZDhmMDkxMjM5MTc3NWVhYWYxMTIzZTgzMjNhM2UyNzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglYiMjr5oYDC5ZxgTC/8IoFSbEpr
xonvcKuRuU7bISmPWvY6tmhnj4wsyBolW4N5keX4pxTnZX5YnfZXzLb7sXQVeC3M
cRobnFEMXrapDK8vQdPMmehh8oHc/R/JS8RZh0w3113S0zqjPbeUHPIvPhf5eaFj
NltK3MKEUCBYFuxOy0ppB3KCLI8kiw7z8blS5ytjCo1qp+h381TSX76K6wj3lnm3
/F1wL1l9QFlI8is7MSTqP5ULJF3tA13sagYQ/TprAX+S/6IfCm28gUdVpevFcTrN
fkt9jheGpfHZ2lOLA6zXWC099pYP+0oLRc7rgbWZP3bZjLeFjE3IiY99dQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCgyMG2PCRI5F3XqrxEj6DI6PicZMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvS0RJd2JZOEpFamtYZGVxdkVTUG9Nam8tSnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLQoMAwQA
VZ91AwQCW9bIMA0GCSqGSIb3DQEBCwUAA4IBAQCte9yAMahMdmt7t1huRI8lc5ke
PA+xqL+QMlnWsPdUhhEvvhDyIlfl99aanD086QaoGOiXv9boZ0ZXzSYs6f/sKKNc
bVlFoZ868BnHGZW6A8V2XDm2EMEPXI0gP/bo3/9zd9satRMmdVWLJHrq26Rm5P2b
8l1a/0io3iBWU4Cz0K0L5NUGZHHtmX3rl5PSI4X+6YOoGSWRZPkTBqaY55HsvIwY
0wClB9BvJkejiz/8A/p6bh9zgWVB40AFc1Mg5xKTfNpvuXUucpl1aL0F0dB9Yr8S
m4Nf6FHJXK//vn/de0pm9+UI8JCH2VDEmWWEJWxNS1Teh/dpnOS5sjZakGei
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org