Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/3Iar8MLsn0TcTVYhL9HEiiiO0h0.roa
File: 3Iar8MLsn0TcTVYhL9HEiiiO0h0.roa (raw, json)
Hash identifier: OYl4PPKu2ALiag55LXpkX4ahViavHrza+zR4EsFVEXU=
Subject key identifier: DC:86:AB:F0:C2:EC:9F:44:DC:4D:56:21:2F:D1:C4:8A:28:8E:D2:1D
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 0183A14CC2AF5B71A379FCD9E8D41E106E5F
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/3Iar8MLsn0TcTVYhL9HEiiiO0h0.roa
Signing time: Tue 04 Oct 2022 04:41:45 +0000
ROA not before: Tue 04 Oct 2022 04:41:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35913
IP address blocks: 45.153.220.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:a1:4c:c2:af:5b:71:a3:79:fc:d9:e8:d4:1e:10:6e:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Oct 4 04:41:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dc86abf0c2ec9f44dc4d56212fd1c48a288ed21d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:36:27:7b:03:d2:07:4f:5a:4a:67:85:0a:d6:
49:29:d7:45:b8:3e:ae:0b:00:a6:58:da:ce:91:62:
61:8e:b7:a8:48:0c:f4:be:9f:bf:11:54:0d:72:4c:
2f:36:e6:86:d9:a4:af:a8:de:6c:53:f6:13:50:48:
23:f3:f3:72:46:6b:0d:6e:a5:0b:46:08:88:0c:49:
c1:bf:26:85:6a:50:22:3b:4e:42:95:99:1d:43:b3:
98:4d:18:99:66:a9:ff:e1:bd:fa:24:f1:bb:de:67:
94:73:99:c3:c5:07:15:30:bb:9d:e0:e0:48:b4:d4:
2d:a6:ca:5f:a7:0d:f4:ff:70:d0:0d:fa:43:b4:61:
ae:41:6b:d3:92:4f:f3:71:ee:9d:08:7f:3d:81:0a:
97:8f:29:9a:3e:93:45:4f:27:4f:c6:78:75:7c:bc:
d9:31:ac:36:1e:41:90:8b:54:ee:25:88:2a:7b:13:
a5:de:02:d4:cc:5f:10:b4:83:cc:e1:ac:70:08:f0:
2e:29:8c:b4:1a:65:d2:f2:7c:9b:1e:49:be:5b:d7:
e6:51:55:ce:a6:42:3f:46:ab:e6:6c:63:b8:23:00:
9a:37:5e:fd:27:50:39:87:6e:23:88:fc:04:43:73:
88:b3:7b:01:7f:49:d3:5f:e4:7f:cd:30:0e:b3:65:
b0:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:86:AB:F0:C2:EC:9F:44:DC:4D:56:21:2F:D1:C4:8A:28:8E:D2:1D
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/3Iar8MLsn0TcTVYhL9HEiiiO0h0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.220.0/22
Signature Algorithm: sha256WithRSAEncryption
a6:c4:a5:38:9c:f7:93:cd:b0:18:1d:c1:1e:bc:88:be:1a:8d:
1e:7e:f9:06:03:88:29:cd:38:9c:4c:5b:ac:47:e2:d7:e6:95:
a2:e6:0f:63:12:60:2f:b6:5b:1e:a1:bc:2a:9b:83:1b:d8:c8:
c1:5a:3e:86:c9:69:4e:65:6b:66:df:7d:33:aa:5f:2f:1e:18:
c2:fd:3f:8b:64:77:b5:c2:89:53:39:fe:a5:d4:7a:b5:74:63:
f1:87:ca:25:98:92:a2:67:61:b9:3e:2a:a0:72:35:d8:42:b3:
f4:b6:24:cc:46:45:4c:6d:5b:b8:f1:da:63:31:79:a7:6e:67:
c2:87:ba:bc:13:87:de:37:f4:13:ad:e8:cc:fe:c9:0b:6d:7f:
38:77:9e:d4:b7:f3:6f:31:d1:de:ff:76:26:16:35:81:2a:30:
57:b4:a2:f2:04:d6:4f:63:74:3d:81:c7:ae:01:74:f0:4e:92:
71:ab:d0:91:df:7e:68:4a:e1:fa:40:c5:4e:af:eb:a6:8d:fd:
d4:ff:12:23:ac:4c:8d:e5:0e:95:a0:59:0d:6f:eb:95:18:75:
60:00:d2:a4:8d:3b:5d:97:20:72:bf:e2:ad:8e:a5:8d:0d:db:
5f:6a:2d:11:7e:ce:7e:f7:3c:f7:23:18:0e:a8:fc:63:e4:ac:
10:87:ec:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYOhTMKvW3GjefzZ6NQeEG5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjIxMDA0MDQ0MTQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzg2YWJmMGMyZWM5ZjQ0ZGM0ZDU2MjEyZmQxYzQ4YTI4OGVkMjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTYnewPSB09aSmeFCtZJKddFuD6u
CwCmWNrOkWJhjreoSAz0vp+/EVQNckwvNuaG2aSvqN5sU/YTUEgj8/NyRmsNbqUL
RgiIDEnBvyaFalAiO05ClZkdQ7OYTRiZZqn/4b36JPG73meUc5nDxQcVMLud4OBI
tNQtpspfpw30/3DQDfpDtGGuQWvTkk/zce6dCH89gQqXjymaPpNFTydPxnh1fLzZ
Maw2HkGQi1TuJYgqexOl3gLUzF8QtIPM4axwCPAuKYy0GmXS8nybHkm+W9fmUVXO
pkI/RqvmbGO4IwCaN179J1A5h24jiPwEQ3OIs3sBf0nTX+R/zTAOs2WwUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyGq/DC7J9E3E1WIS/RxIoojtIdMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvM0lhcjhNTHNuMFRjVFZZaEw5SEVpaWlPMGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZncMA0G
CSqGSIb3DQEBCwUAA4IBAQCmxKU4nPeTzbAYHcEevIi+Go0efvkGA4gpzTicTFus
R+LX5pWi5g9jEmAvtlseobwqm4Mb2MjBWj6GyWlOZWtm330zql8vHhjC/T+LZHe1
wolTOf6l1Hq1dGPxh8olmJKiZ2G5PiqgcjXYQrP0tiTMRkVMbVu48dpjMXmnbmfC
h7q8E4feN/QTrejM/skLbX84d57Ut/NvMdHe/3YmFjWBKjBXtKLyBNZPY3Q9gceu
AXTwTpJxq9CR335oSuH6QMVOr+umjf3U/xIjrEyN5Q6VoFkNb+uVGHVgANKkjTtd
lyByv+KtjqWNDdtfai0Rfs5+9zz3IxgOqPxj5KwQh+wJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org