Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/BAFoquU2zFh5js1OOfjJwYDVBHU.roa
File: BAFoquU2zFh5js1OOfjJwYDVBHU.roa (raw, json)
Hash identifier: qs9OpYcnQeqllpbEPDqITTlxrkR0frvrR21Mc9Qf6vs=
Subject key identifier: 04:01:68:AA:E5:36:CC:58:79:8E:CD:4E:39:F8:C9:C1:80:D5:04:75
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 510E8B
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/BAFoquU2zFh5js1OOfjJwYDVBHU.roa
Signing time: Sat 01 Jan 2022 02:52:00 +0000
ROA not before: Sat 01 Jan 2022 02:52:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3356
IP address blocks: 45.144.160.0/22 maxlen: 22
45.144.56.0/22 maxlen: 22
45.146.8.0/22 maxlen: 22
45.150.128.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5312139 (0x510e8b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Jan 1 02:52:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=040168aae536cc58798ecd4e39f8c9c180d50475
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:21:c9:db:c0:40:d4:c4:cd:2e:d3:3f:86:f2:
9d:26:64:a9:36:e8:86:34:6c:fd:bb:df:fe:67:f4:
d3:ac:c4:d2:66:4d:de:2c:61:aa:38:9e:98:e9:e1:
85:a8:a2:7b:0e:3a:a8:0c:03:6c:97:b0:aa:9f:2e:
04:31:e7:1c:6d:f6:91:11:33:e6:47:d1:69:de:0c:
08:df:f4:d0:ac:aa:ce:c3:d9:66:5c:2c:99:f3:41:
cf:1f:26:dc:18:06:56:c9:1b:7f:09:6a:75:f7:ae:
47:47:ad:d1:8b:34:c3:61:71:8a:12:f1:25:dc:ec:
3a:e3:54:10:66:c5:2b:ee:d0:3b:cf:d6:5f:31:a4:
37:e4:c8:72:07:00:83:9a:75:93:e1:05:2c:03:08:
2f:c2:f2:db:9c:a1:00:50:b2:f9:00:3e:57:e1:ef:
da:9a:84:b8:d9:dc:7c:2c:6d:1e:89:78:3d:32:44:
5f:b5:08:4b:5b:a5:75:3c:e3:ee:e0:63:bb:8b:fa:
c8:f3:b7:7b:54:84:94:df:40:f8:9d:1a:f4:7e:c4:
e9:f0:d5:9a:5c:31:d3:91:9d:8a:05:1f:1e:99:9f:
28:65:be:bb:1b:88:8a:66:e9:ef:02:8d:00:53:5b:
15:96:a3:94:fc:f8:d3:f1:f1:12:6c:11:ff:c9:7b:
0a:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:01:68:AA:E5:36:CC:58:79:8E:CD:4E:39:F8:C9:C1:80:D5:04:75
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/BAFoquU2zFh5js1OOfjJwYDVBHU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.144.56.0/22
45.144.160.0/22
45.146.8.0/22
45.150.128.0/22
Signature Algorithm: sha256WithRSAEncryption
37:f7:4a:92:d0:25:67:a7:1c:03:18:4c:f4:21:2d:15:61:e4:
af:3f:08:99:30:53:1c:1a:21:56:85:35:d0:2b:e0:c2:af:31:
55:1a:59:29:43:f5:b8:e4:4d:7c:c2:9b:8e:b0:2a:44:b4:bf:
43:43:4a:76:5d:96:a2:cb:33:14:0f:03:89:0a:fc:f4:1d:2a:
0c:f4:58:b4:62:b2:46:a7:76:cd:ae:63:07:7d:6e:75:94:69:
18:2a:d5:86:63:15:85:ba:df:17:d0:34:93:a5:c0:05:dc:d7:
65:0f:43:ea:c7:3b:d3:9f:59:9f:94:ff:ad:c5:6d:35:26:10:
b2:ea:bb:e1:6a:38:35:a9:98:c7:46:26:28:48:5a:d3:70:f5:
9d:29:61:09:ef:33:58:6e:ad:4a:b2:dc:ea:5a:2f:c5:63:81:
74:1a:ac:30:c1:a0:14:bc:e4:d2:04:9c:9d:91:8e:fb:dc:ad:
ee:69:da:7b:6d:99:0f:12:62:3e:92:47:fe:f9:b8:e2:b9:df:
f0:63:21:1a:af:1b:1b:5a:d7:76:44:05:5f:f7:bd:ce:1f:fa:
89:7a:dd:7a:50:3a:ad:56:f9:99:30:d3:db:d2:1a:32:03:ed:
a6:ef:e0:27:8a:f9:b4:40:2d:48:35:10:f6:5b:6c:f3:3c:bb:
a3:bd:af:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIDUQ6LMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDBk
Mjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVlNzM2NjQwHhcNMjIwMTAx
MDI1MjAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygwNDAxNjhhYWU1MzZj
YzU4Nzk4ZWNkNGUzOWY4YzljMTgwZDUwNDc1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA0SHJ28BA1MTNLtM/hvKdJmSpNuiGNGz9u9/+Z/TTrMTSZk3e
LGGqOJ6Y6eGFqKJ7DjqoDANsl7Cqny4EMeccbfaRETPmR9Fp3gwI3/TQrKrOw9lm
XCyZ80HPHybcGAZWyRt/CWp1965HR63RizTDYXGKEvEl3Ow641QQZsUr7tA7z9Zf
MaQ35MhyBwCDmnWT4QUsAwgvwvLbnKEAULL5AD5X4e/amoS42dx8LG0eiXg9MkRf
tQhLW6V1POPu4GO7i/rI87d7VISU30D4nRr0fsTp8NWaXDHTkZ2KBR8emZ8oZb67
G4iKZunvAo0AU1sVlqOU/PjT8fESbBH/yXsK9QIDAQABo4ICGzCCAhcwHQYDVR0O
BBYEFAQBaKrlNsxYeY7NTjn4ycGA1QR1MB8GA1UdIwQYMBaAFA0pmQQsXiAGvVrr
egXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
RFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5LzEv
QkFGb3F1VTJ6Rmg1anMxT09makp3WURWQkhVLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8y
YzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5LzEvRFNtWkJDeGVJQWE5
V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDEG
CCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLZA4AwQCLZCgAwQCLZIIAwQCLZaA
MA0GCSqGSIb3DQEBCwUAA4IBAQA390qS0CVnpxwDGEz0IS0VYeSvPwiZMFMcGiFW
hTXQK+DCrzFVGlkpQ/W45E18wpuOsCpEtL9DQ0p2XZaiyzMUDwOJCvz0HSoM9Fi0
YrJGp3bNrmMHfW51lGkYKtWGYxWFut8X0DSTpcAF3NdlD0PqxzvTn1mflP+txW01
JhCy6rvhajg1qZjHRiYoSFrTcPWdKWEJ7zNYbq1KstzqWi/FY4F0GqwwwaAUvOTS
BJydkY773K3uadp7bZkPEmI+kkf++bjiud/wYyEarxsbWtd2RAVf973OH/qJet16
UDqtVvmZMNPb0hoyA+2m7+Anivm0QC1INRD2W2zzPLujva8G
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:51 2023 by rpki-client on console-ams.rpki-client.org