Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/VWAGk8O6gYH0nVA-7vOJCLsb5OQ.roa
File: VWAGk8O6gYH0nVA-7vOJCLsb5OQ.roa (raw, json)
Hash identifier: xmVLJVlHv7NSdpSV1VLRlRFWbHBwrDeAsRLekf1hn1o=
Subject key identifier: 55:60:06:93:C3:BA:81:81:F4:9D:50:3E:EE:F3:89:08:BB:1B:E4:E4
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 01856BCA19F50BDF040F97F3D650D54CD822
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/VWAGk8O6gYH0nVA-7vOJCLsb5OQ.roa
Signing time: Sun 01 Jan 2023 05:24:45 +0000
ROA not before: Sun 01 Jan 2023 05:24:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35913
IP address blocks: 45.145.184.0/22 maxlen: 24
45.86.8.0/22 maxlen: 24
45.153.220.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ca:19:f5:0b:df:04:0f:97:f3:d6:50:d5:4c:d8:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Jan 1 05:24:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=55600693c3ba8181f49d503eeef38908bb1be4e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:3e:c7:33:66:c4:db:1d:83:5e:f3:94:54:49:
a9:0e:ee:27:23:23:b1:c1:36:3c:22:f2:07:84:c3:
ea:86:0a:a1:f6:d3:0a:ef:64:28:e2:7e:8e:c5:41:
84:85:a9:0a:c6:76:67:a9:88:f4:bd:04:87:5e:63:
a9:01:fd:e6:28:ac:6b:7c:6a:f0:ac:91:46:86:ef:
db:e0:ff:ef:9c:06:3b:ab:3a:c6:19:67:a5:7e:38:
c5:45:6d:8a:ca:22:6e:65:60:0e:31:41:e9:8c:94:
55:36:db:9a:a2:8a:e2:40:05:06:c5:51:bf:3a:9d:
f3:6b:6b:52:29:e9:9e:5b:ed:c3:eb:9a:18:5e:fe:
8e:ba:9e:5d:76:e3:8f:1a:70:78:d1:5a:00:0a:c3:
b4:cd:c5:2b:1f:07:d9:7d:3b:ef:e7:c0:b8:cd:64:
df:9f:08:85:ee:76:2e:09:58:9e:93:9c:e8:cd:e0:
a4:7e:c8:93:4f:7d:d4:57:8f:fb:86:29:1d:63:7b:
4d:2a:b9:9a:08:1f:7a:52:a4:bd:c9:7c:a4:e1:14:
38:be:aa:5d:52:94:30:fc:6e:8d:d4:c4:6f:b6:28:
26:07:6c:c6:3c:7a:bd:2f:c8:d3:1b:13:70:00:58:
52:72:09:8e:15:45:83:54:45:91:3c:3d:b5:f1:56:
a0:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:60:06:93:C3:BA:81:81:F4:9D:50:3E:EE:F3:89:08:BB:1B:E4:E4
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/VWAGk8O6gYH0nVA-7vOJCLsb5OQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.8.0/22
45.145.184.0/22
45.153.220.0/22
Signature Algorithm: sha256WithRSAEncryption
47:61:6d:31:e8:01:27:48:5f:a8:3e:51:b6:68:62:a1:de:3c:
a9:00:1a:79:42:f1:38:a0:8a:99:21:5f:61:2b:a8:bb:a1:8f:
ea:62:4d:5c:13:22:e9:0f:90:b0:fe:67:0a:4a:ba:69:7d:2c:
40:fe:dd:99:c1:51:7c:08:66:2f:96:14:ae:52:5a:75:9f:75:
e2:c5:08:ee:a8:74:a8:34:17:99:eb:c6:f4:1e:55:e8:c1:4a:
94:f9:0a:ea:1e:40:14:71:1a:03:7d:58:24:ff:ea:8d:fe:5b:
a2:02:8d:4e:22:68:cb:00:ef:64:7b:07:98:96:1d:08:ec:ff:
d3:1c:05:b7:48:42:b9:89:ac:0c:78:7b:c8:19:02:57:e4:10:
8c:13:ef:31:8f:a2:fa:27:0d:69:af:48:0b:0b:d3:24:b2:57:
84:1f:a9:1a:32:46:18:ae:0b:cc:f7:17:5c:39:d3:26:38:c2:
7d:8b:f9:84:7e:0c:ba:37:14:52:5f:6c:02:19:25:23:d4:3b:
84:c8:af:16:24:af:63:c4:3e:87:eb:62:e2:29:00:c7:66:94:
be:d7:a3:4f:d8:92:2d:98:11:7a:c4:31:3a:f3:d0:be:8f:70:
7d:73:f2:0c:3f:a0:93:f7:d8:ca:d7:ed:86:d7:1d:e2:64:fa:
37:9a:05:cb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVryhn1C98ED5fz1lDVTNgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwMTAxMDUyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTYwMDY5M2MzYmE4MTgxZjQ5ZDUwM2VlZWYzODkwOGJiMWJlNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiz7HM2bE2x2DXvOUVEmpDu4nIyOx
wTY8IvIHhMPqhgqh9tMK72Qo4n6OxUGEhakKxnZnqYj0vQSHXmOpAf3mKKxrfGrw
rJFGhu/b4P/vnAY7qzrGGWelfjjFRW2KyiJuZWAOMUHpjJRVNtuaooriQAUGxVG/
Op3za2tSKemeW+3D65oYXv6Oup5dduOPGnB40VoACsO0zcUrHwfZfTvv58C4zWTf
nwiF7nYuCViek5zozeCkfsiTT33UV4/7hikdY3tNKrmaCB96UqS9yXyk4RQ4vqpd
UpQw/G6N1MRvtigmB2zGPHq9L8jTGxNwAFhScgmOFUWDVEWRPD218VagDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFVgBpPDuoGB9J1QPu7ziQi7G+TkMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvVldBR2s4TzZnWUgwblZBLTd2T0pDTHNiNU9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVYIAwQC
LZG4AwQCLZncMA0GCSqGSIb3DQEBCwUAA4IBAQBHYW0x6AEnSF+oPlG2aGKh3jyp
ABp5QvE4oIqZIV9hK6i7oY/qYk1cEyLpD5Cw/mcKSrppfSxA/t2ZwVF8CGYvlhSu
Ulp1n3XixQjuqHSoNBeZ68b0HlXowUqU+QrqHkAUcRoDfVgk/+qN/luiAo1OImjL
AO9keweYlh0I7P/THAW3SEK5iawMeHvIGQJX5BCME+8xj6L6Jw1pr0gLC9MksleE
H6kaMkYYrgvM9xdcOdMmOMJ9i/mEfgy6NxRSX2wCGSUj1DuEyK8WJK9jxD6H62Li
KQDHZpS+16NP2JItmBF6xDE689C+j3B9c/IMP6CT99jK1+2G1x3iZPo3mgXL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org