Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/IWDzy2hIBKXp82oWyhyvLGRLEME.roa
File: IWDzy2hIBKXp82oWyhyvLGRLEME.roa (raw, json)
Hash identifier: hmvDaYMqS5FOVX9yUa4+gzY3oeSgRd34YmPLOqnpBVY=
Subject key identifier: 21:60:F3:CB:68:48:04:A5:E9:F3:6A:16:CA:1C:AF:2C:64:4B:10:C1
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 01856BCA1560B9305897D736F85AA605D328
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/IWDzy2hIBKXp82oWyhyvLGRLEME.roa
Signing time: Sun 01 Jan 2023 05:24:43 +0000
ROA not before: Sun 01 Jan 2023 05:24:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 91.228.231.0/24 maxlen: 24
91.228.251.0/24 maxlen: 24
91.229.25.0/24 maxlen: 24
45.128.136.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ca:15:60:b9:30:58:97:d7:36:f8:5a:a6:05:d3:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Jan 1 05:24:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2160f3cb684804a5e9f36a16ca1caf2c644b10c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:ae:88:82:ca:0d:a2:07:b8:c4:d9:62:75:0f:
50:84:b2:2a:6e:e2:a4:5d:ab:e8:10:16:50:de:c5:
9b:20:89:b9:7b:f0:d2:be:d8:1e:82:0c:fd:64:98:
2e:90:65:fe:46:67:3d:2d:0d:f7:9e:cb:bc:4d:90:
68:43:2d:66:41:30:3f:0f:dc:f7:eb:18:1f:64:9f:
04:6d:9e:c4:7e:c7:7e:02:3f:a9:86:a6:50:e8:89:
29:c6:e8:80:0f:3d:ef:4b:81:18:25:eb:2d:7b:10:
c5:e4:fd:b4:74:68:6b:bf:b5:dd:b9:0d:d7:4d:2b:
8b:4f:e9:06:5c:e6:72:32:61:82:fb:41:89:48:4c:
85:55:22:42:21:7b:ca:bb:7b:86:00:b2:cf:7b:70:
ac:b7:cb:27:6a:2d:5c:6a:81:b8:a9:46:c8:c7:1d:
0d:0e:3c:95:a6:3b:4f:09:aa:61:02:5a:33:83:54:
a2:10:32:bf:99:20:b5:d6:91:ff:af:72:24:c6:b0:
74:f9:58:9f:30:b6:8c:23:24:21:c8:98:64:46:e7:
cc:17:55:0a:46:fb:c5:df:f0:c3:73:34:d0:79:49:
e5:e5:18:a0:1c:ac:e0:2b:b3:10:41:05:09:95:be:
e9:c5:e6:63:0b:9a:55:93:1f:90:d3:48:f9:ef:13:
95:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:60:F3:CB:68:48:04:A5:E9:F3:6A:16:CA:1C:AF:2C:64:4B:10:C1
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/IWDzy2hIBKXp82oWyhyvLGRLEME.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.136.0/22
91.228.231.0/24
91.228.251.0/24
91.229.25.0/24
Signature Algorithm: sha256WithRSAEncryption
39:35:62:09:79:a9:df:fa:ad:f2:90:a3:ef:02:fb:ad:ff:26:
1f:82:e6:43:ac:43:12:70:93:29:f1:72:c0:b5:95:33:e2:2f:
e5:1e:88:b1:36:6e:9f:b3:a3:48:4c:c9:c8:3d:dd:d6:97:49:
a5:0e:e9:6d:a7:d2:74:e5:61:1a:75:46:da:f4:17:21:9e:2d:
03:ad:30:25:51:f6:be:7c:39:f0:36:d5:e1:98:42:3b:bd:e4:
09:79:a3:10:e9:e5:44:b2:7c:98:b2:b1:4d:92:68:38:91:69:
b3:81:18:b6:ed:b9:e5:1e:44:b9:49:bd:6b:e9:21:20:fc:7a:
9f:ac:95:d3:87:b1:b5:b8:54:3f:d6:1c:5f:51:df:dc:77:55:
5c:0b:eb:1f:9d:f0:23:95:39:dc:fa:53:a1:ca:95:84:90:a9:
5f:11:87:65:e8:50:84:ce:e7:f8:60:25:84:b5:5a:f2:0a:ca:
0c:ed:a6:39:9a:31:17:73:09:ad:7a:af:ed:24:d4:e2:21:4b:
8f:e2:87:c6:15:1c:7d:c3:02:98:16:75:a3:40:2c:0a:8c:8c:
04:15:92:b3:e8:e7:c1:a8:43:e5:f4:06:25:4d:07:12:2c:f3:
fa:f9:49:14:5d:4b:a1:1a:81:68:4c:6a:ed:2b:03:fd:18:eb:
5b:e9:16:7a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVryhVguTBYl9c2+FqmBdMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwMTAxMDUyNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTYwZjNjYjY4NDgwNGE1ZTlmMzZhMTZjYTFjYWYyYzY0NGIxMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq6IgsoNoge4xNlidQ9QhLIqbuKk
XavoEBZQ3sWbIIm5e/DSvtgeggz9ZJgukGX+Rmc9LQ33nsu8TZBoQy1mQTA/D9z3
6xgfZJ8EbZ7Efsd+Aj+phqZQ6IkpxuiADz3vS4EYJestexDF5P20dGhrv7XduQ3X
TSuLT+kGXOZyMmGC+0GJSEyFVSJCIXvKu3uGALLPe3Cst8snai1caoG4qUbIxx0N
DjyVpjtPCaphAlozg1SiEDK/mSC11pH/r3IkxrB0+VifMLaMIyQhyJhkRufMF1UK
RvvF3/DDczTQeUnl5RigHKzgK7MQQQUJlb7pxeZjC5pVkx+Q00j57xOVvwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCFg88toSASl6fNqFsocryxkSxDBMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvSVdEenkyaElCS1hwODJvV3loeXZMR1JMRU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLYCIAwQA
W+TnAwQAW+T7AwQAW+UZMA0GCSqGSIb3DQEBCwUAA4IBAQA5NWIJeanf+q3ykKPv
Avut/yYfguZDrEMScJMp8XLAtZUz4i/lHoixNm6fs6NITMnIPd3Wl0mlDultp9J0
5WEadUba9Bchni0DrTAlUfa+fDnwNtXhmEI7veQJeaMQ6eVEsnyYsrFNkmg4kWmz
gRi27bnlHkS5Sb1r6SEg/HqfrJXTh7G1uFQ/1hxfUd/cd1VcC+sfnfAjlTnc+lOh
ypWEkKlfEYdl6FCEzuf4YCWEtVryCsoM7aY5mjEXcwmteq/tJNTiIUuP4ofGFRx9
wwKYFnWjQCwKjIwEFZKz6OfBqEPl9AYlTQcSLPP6+UkUXUuhGoFoTGrtKwP9GOtb
6RZ6
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:51 2023 by rpki-client on console-ams.rpki-client.org