Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hd-_ys8cmXfwo4H0WlqrJdeosJM.roa
File: hd-_ys8cmXfwo4H0WlqrJdeosJM.roa (raw, json)
Hash identifier: KAo/2c+vQufWOr9t7/inQjDjg9heKRh2Opx+ZHP3VnM=
Subject key identifier: 85:DF:BF:CA:CF:1C:99:77:F0:A3:81:F4:5A:5A:AB:25:D7:A8:B0:93
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 01904ADED0A60C69B23B9CE47DE5570C1693
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hd-_ys8cmXfwo4H0WlqrJdeosJM.roa
Signing time: Mon 24 Jun 2024 15:30:34 +0000
ROA not before: Mon 24 Jun 2024 15:30:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39690
IP address blocks: 45.86.16.0/21 maxlen: 24
45.143.44.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:4a:de:d0:a6:0c:69:b2:3b:9c:e4:7d:e5:57:0c:16:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jun 24 15:30:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=85dfbfcacf1c9977f0a381f45a5aab25d7a8b093
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:75:db:43:f4:2d:81:be:93:c0:11:2a:c9:8a:
0f:1d:6c:67:06:80:77:50:78:fa:8e:e3:16:81:da:
24:cb:d0:75:c4:1f:1a:6c:28:da:01:db:d0:82:d1:
5c:ae:fb:fd:25:2e:36:e3:c8:a8:ec:c4:4b:2d:82:
5e:a4:57:83:f4:c5:dd:38:2a:91:0f:08:51:7b:f4:
3b:64:dc:eb:cc:2e:91:e7:fc:8d:e9:87:92:f2:9d:
af:a9:99:19:dd:bf:6c:ab:b3:6b:21:60:5b:c9:23:
cc:4a:04:b4:c0:95:c1:9f:b2:64:70:61:c4:77:5b:
85:d4:65:c4:b2:6d:0a:d2:24:36:35:d4:39:29:71:
26:9e:83:96:db:74:c3:fb:78:12:c0:d8:07:56:d6:
e2:cc:d7:ad:9e:fa:3a:24:81:91:a3:c0:85:24:f9:
94:18:8a:1a:55:7a:a5:91:2d:03:51:37:69:20:e7:
a5:e9:33:c9:20:25:e8:8f:40:71:fd:78:f5:89:9a:
7e:c1:3b:52:ac:5b:94:53:49:f9:29:08:a9:21:c6:
90:38:c2:5c:9f:77:2b:65:82:cc:fa:15:6d:72:4b:
6e:50:0a:36:12:09:93:7d:54:72:20:24:41:31:26:
ea:64:96:8b:21:5a:e1:d8:d5:0a:4f:cb:18:69:08:
c3:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:DF:BF:CA:CF:1C:99:77:F0:A3:81:F4:5A:5A:AB:25:D7:A8:B0:93
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hd-_ys8cmXfwo4H0WlqrJdeosJM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.16.0/21
45.143.44.0/22
Signature Algorithm: sha256WithRSAEncryption
19:8d:56:40:0f:23:ef:11:87:1a:16:6e:e8:66:c8:88:14:57:
b6:4d:78:47:7f:4b:75:b9:41:60:e1:e3:f0:58:27:3d:9f:53:
92:98:03:b4:aa:56:23:93:60:f2:c4:1c:60:a7:82:75:cc:81:
2e:49:5c:67:75:23:4b:fb:f8:65:c4:da:9b:c7:e0:24:13:d9:
a4:86:6e:26:c0:18:b2:53:9b:cf:71:fe:d5:bf:40:aa:8f:3c:
8e:f4:11:5e:6a:1e:c0:eb:10:d7:d5:be:99:0e:26:a5:ae:9e:
88:64:95:39:cf:b2:c1:13:68:3c:b6:13:17:f5:48:f5:73:5b:
4f:c0:33:8e:55:1d:2d:98:e1:ba:3a:63:ac:cc:2b:55:65:f9:
d9:e7:ea:27:70:e6:f2:13:9d:1f:e4:b8:48:40:e9:20:2b:06:
23:fe:90:cd:fc:b3:32:84:02:f9:d5:69:b3:8c:37:17:c4:f1:
56:0e:93:d8:db:7c:15:dc:bc:c3:2d:73:88:0a:3c:0e:f6:ee:
c0:66:57:cb:67:79:89:b8:4d:83:59:c7:71:8b:07:9e:12:7f:
db:8c:82:46:18:d8:8b:6b:4b:bc:dd:1b:09:18:24:b7:f7:ba:
ff:5b:a0:0d:74:b5:fc:83:8c:2a:04:43:a3:52:1e:53:cd:88:
c6:34:26:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBK3tCmDGmyO5zkfeVXDBaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNjI0MTUzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWRmYmZjYWNmMWM5OTc3ZjBhMzgxZjQ1YTVhYWIyNWQ3YThiMDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnXbQ/Qtgb6TwBEqyYoPHWxnBoB3
UHj6juMWgdoky9B1xB8abCjaAdvQgtFcrvv9JS4248io7MRLLYJepFeD9MXdOCqR
DwhRe/Q7ZNzrzC6R5/yN6YeS8p2vqZkZ3b9sq7NrIWBbySPMSgS0wJXBn7JkcGHE
d1uF1GXEsm0K0iQ2NdQ5KXEmnoOW23TD+3gSwNgHVtbizNetnvo6JIGRo8CFJPmU
GIoaVXqlkS0DUTdpIOel6TPJICXoj0Bx/Xj1iZp+wTtSrFuUU0n5KQipIcaQOMJc
n3crZYLM+hVtcktuUAo2EgmTfVRyICRBMSbqZJaLIVrh2NUKT8sYaQjDgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIXfv8rPHJl38KOB9FpaqyXXqLCTMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaGQtX3lzOGNtWGZ3bzRIMFdscXJKZGVvc0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLVYQAwQC
LY8sMA0GCSqGSIb3DQEBCwUAA4IBAQAZjVZADyPvEYcaFm7oZsiIFFe2TXhHf0t1
uUFg4ePwWCc9n1OSmAO0qlYjk2DyxBxgp4J1zIEuSVxndSNL+/hlxNqbx+AkE9mk
hm4mwBiyU5vPcf7Vv0CqjzyO9BFeah7A6xDX1b6ZDialrp6IZJU5z7LBE2g8thMX
9Uj1c1tPwDOOVR0tmOG6OmOszCtVZfnZ5+oncObyE50f5LhIQOkgKwYj/pDN/LMy
hAL51WmzjDcXxPFWDpPY23wV3LzDLXOICjwO9u7AZlfLZ3mJuE2DWcdxiweeEn/b
jIJGGNiLa0u83RsJGCS397r/W6ANdLX8g4wqBEOjUh5TzYjGNCaY
-----END CERTIFICATE-----
Generated at Tue Jun 25 18:30:27 2024 by rpki-client on console-fra.rpki-client.org