Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/RrScDbrup49q6LnwaUpBK0cbh1M.roa
File: RrScDbrup49q6LnwaUpBK0cbh1M.roa (raw, json)
Hash identifier: p+wEaDVrJRZK+esmq8gnGWm0aqkPZAb7qluw27426+Y=
Subject key identifier: 46:B4:9C:0D:BA:EE:A7:8F:6A:E8:B9:F0:69:4A:41:2B:47:1B:87:53
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018571A7BB59CD53882053B1B0C83A5F6EDE
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/RrScDbrup49q6LnwaUpBK0cbh1M.roa
Signing time: Mon 02 Jan 2023 08:44:55 +0000
ROA not before: Mon 02 Jan 2023 08:44:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207238
IP address blocks: 45.150.44.0/22 maxlen: 22
91.242.102.0/24 maxlen: 24
2.57.212.0/22 maxlen: 22
91.242.68.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:a7:bb:59:cd:53:88:20:53:b1:b0:c8:3a:5f:6e:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 2 08:44:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=46b49c0dbaeea78f6ae8b9f0694a412b471b8753
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b0:52:49:0a:3e:71:7b:2d:a8:da:e6:94:3b:
b3:4e:f2:ff:a3:49:95:ff:ff:22:8c:a6:43:53:06:
bf:a0:8a:0b:23:79:28:9a:9d:ec:f6:31:a7:fb:8d:
4d:01:a3:80:a8:46:5c:11:75:9a:9a:ce:6b:e7:82:
0c:77:4c:77:1d:dd:92:b7:b4:2b:75:e1:68:2d:39:
b7:18:1a:d3:ce:20:50:fe:ac:41:ff:d9:ac:39:3a:
fa:44:05:5d:36:6d:2c:15:a7:d3:1a:d4:4e:b1:61:
f4:fc:6b:9d:68:7a:ae:77:56:dd:ce:8f:4b:ef:e1:
35:ed:35:9a:49:89:27:60:68:6f:e3:44:b1:76:33:
33:92:f4:77:8d:6b:2a:9f:8f:79:f5:28:1d:8b:db:
1a:42:2d:8b:21:91:56:5a:21:53:30:0f:27:a6:21:
57:48:b4:62:93:cb:31:fb:78:bd:db:3d:09:df:92:
e9:a6:c3:69:75:85:08:50:f6:4f:50:3e:9c:a2:3a:
66:dd:c0:75:9a:7a:c3:80:e9:b7:4d:e3:11:9e:2e:
14:c0:3a:82:ab:c9:28:48:ef:ab:7c:dd:f9:8d:32:
64:30:37:93:a7:0d:75:86:54:b7:f3:da:11:50:da:
b3:9d:01:c1:bf:41:ee:c4:aa:e7:c8:46:f8:5c:1e:
fa:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:B4:9C:0D:BA:EE:A7:8F:6A:E8:B9:F0:69:4A:41:2B:47:1B:87:53
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/RrScDbrup49q6LnwaUpBK0cbh1M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.212.0/22
45.150.44.0/22
91.242.68.0/23
91.242.102.0/24
Signature Algorithm: sha256WithRSAEncryption
70:6b:c6:9b:1e:15:48:a6:17:20:eb:2f:21:d6:f8:1d:d9:bb:
7b:22:a4:93:c2:57:6d:8f:13:a1:6a:e6:72:64:62:d9:0f:79:
00:c6:8c:b3:c3:c8:97:e2:f3:a3:2c:7f:ee:4d:8a:e4:63:51:
d8:a5:2a:7f:a4:4e:59:32:c6:19:b8:5e:99:24:f0:ee:91:6d:
3f:83:05:de:05:ba:6e:37:1e:22:0d:aa:34:00:75:f4:68:00:
9a:ea:3f:2a:b6:a5:f5:46:ea:87:ab:81:82:4c:76:67:ec:ee:
c0:7d:ae:82:32:ab:59:3f:5a:08:b3:85:74:99:d0:7b:3b:77:
3e:9f:c0:22:9c:45:a7:61:0f:4b:91:ec:81:39:0a:14:90:aa:
0d:88:01:58:c5:ce:28:c9:fc:25:2e:be:21:ec:72:f5:0a:0c:
9f:61:e4:fb:f9:da:a7:4a:3c:9f:60:2e:b6:38:0a:a6:b9:62:
ac:bc:dc:be:e5:9f:05:7a:51:96:e8:10:d5:ac:ae:54:3e:f1:
81:21:8d:1b:b7:51:14:9c:4c:a8:36:a6:ac:46:6e:97:71:e4:
14:df:d2:af:98:5c:07:ab:80:d5:71:93:78:e0:73:ce:86:21:
d8:7e:b3:ca:99:f7:c6:af:b2:6f:47:b4:9b:33:86:7b:08:cb:
a6:22:4c:04
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVxp7tZzVOIIFOxsMg6X27eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwMTAyMDg0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmI0OWMwZGJhZWVhNzhmNmFlOGI5ZjA2OTRhNDEyYjQ3MWI4NzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbBSSQo+cXstqNrmlDuzTvL/o0mV
//8ijKZDUwa/oIoLI3komp3s9jGn+41NAaOAqEZcEXWams5r54IMd0x3Hd2St7Qr
deFoLTm3GBrTziBQ/qxB/9msOTr6RAVdNm0sFafTGtROsWH0/GudaHqud1bdzo9L
7+E17TWaSYknYGhv40SxdjMzkvR3jWsqn4959Sgdi9saQi2LIZFWWiFTMA8npiFX
SLRik8sx+3i92z0J35LppsNpdYUIUPZPUD6cojpm3cB1mnrDgOm3TeMRni4UwDqC
q8koSO+rfN35jTJkMDeTpw11hlS389oRUNqznQHBv0HuxKrnyEb4XB76BwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEa0nA267qePaui58GlKQStHG4dTMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUnJTY0RicnVwNDlxNkxud2FVcEJLMGNiaDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCAjnUAwQC
LZYsAwQBW/JEAwQAW/JmMA0GCSqGSIb3DQEBCwUAA4IBAQBwa8abHhVIphcg6y8h
1vgd2bt7IqSTwldtjxOhauZyZGLZD3kAxoyzw8iX4vOjLH/uTYrkY1HYpSp/pE5Z
MsYZuF6ZJPDukW0/gwXeBbpuNx4iDao0AHX0aACa6j8qtqX1RuqHq4GCTHZn7O7A
fa6CMqtZP1oIs4V0mdB7O3c+n8AinEWnYQ9LkeyBOQoUkKoNiAFYxc4oyfwlLr4h
7HL1CgyfYeT7+dqnSjyfYC62OAqmuWKsvNy+5Z8FelGW6BDVrK5UPvGBIY0bt1EU
nEyoNqasRm6XceQU39KvmFwHq4DVcZN44HPOhiHYfrPKmffGr7JvR7SbM4Z7CMum
IkwE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org