Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/YOAz1XJ9iqxgNppGtSUtiUDoKvc.roa
File: YOAz1XJ9iqxgNppGtSUtiUDoKvc.roa (raw, json)
Hash identifier: oJDim/m50IZTz5srsPe83O+eXZvDXENuzqeUl1QtgQo=
Subject key identifier: 60:E0:33:D5:72:7D:8A:AC:60:36:9A:46:B5:25:2D:89:40:E8:2A:F7
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 018A697D84585D24B8C795003CFD3A13AA68
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/YOAz1XJ9iqxgNppGtSUtiUDoKvc.roa
Signing time: Wed 06 Sep 2023 07:55:48 +0000
ROA not before: Wed 06 Sep 2023 07:55:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35913
IP address blocks: 45.145.184.0/22 maxlen: 24
45.153.220.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:69:7d:84:58:5d:24:b8:c7:95:00:3c:fd:3a:13:aa:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Sep 6 07:55:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=60e033d5727d8aac60369a46b5252d8940e82af7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:16:67:4f:6e:a9:ba:71:cc:93:67:34:c0:d2:
d8:62:82:ab:ad:08:b4:36:f2:f2:6a:2b:3d:bf:07:
5a:2f:d3:2e:1f:fe:d0:0a:e1:ef:ba:24:c3:48:b5:
b7:f4:6a:d8:dd:13:fe:65:71:c1:2e:58:e7:f0:7b:
f9:2a:aa:c2:bf:2e:8b:3a:b3:a4:2b:89:de:17:88:
04:c2:ed:ec:67:e3:f6:f0:5f:70:f9:7e:af:e9:e7:
12:c0:1e:b6:47:16:b0:8a:82:f9:88:d4:c9:15:ed:
3f:0c:c1:9d:0b:9c:b1:57:58:1b:12:c0:85:73:03:
4c:2c:36:cc:ed:84:3b:66:a3:dc:69:3c:e7:6c:6e:
97:76:65:a0:2b:f1:78:e8:34:2e:6c:4e:27:c3:17:
5f:d0:7c:92:98:29:6b:89:b5:8d:0f:c6:2d:bb:90:
b8:34:ba:2e:f2:ff:38:e6:ec:6c:c8:3b:98:48:fe:
35:9d:49:19:05:12:31:38:60:3f:64:ad:be:3e:44:
b1:c7:81:96:dd:85:3c:1e:91:15:50:26:cf:b3:d8:
38:a4:61:72:97:14:2d:64:a6:31:de:97:99:c1:6f:
da:87:d8:cc:c1:a4:ea:c2:23:b2:b0:47:4d:c9:7a:
a4:c3:ef:24:63:3a:a5:2b:1f:0c:0d:b0:c6:c2:70:
78:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:E0:33:D5:72:7D:8A:AC:60:36:9A:46:B5:25:2D:89:40:E8:2A:F7
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/YOAz1XJ9iqxgNppGtSUtiUDoKvc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.145.184.0/22
45.153.220.0/22
Signature Algorithm: sha256WithRSAEncryption
48:a2:2d:88:a6:1c:85:24:22:01:e2:03:9e:1a:10:a7:6f:3b:
9c:7a:d4:cd:67:08:cf:e8:8a:2e:3c:4b:55:fe:cd:90:85:92:
54:47:a0:53:95:6c:43:e0:b6:b3:d0:e6:65:5d:a7:fe:fd:86:
3f:12:64:c8:c9:9d:b6:4d:fc:6f:26:24:82:74:20:3f:f9:8b:
ac:fe:09:6b:8c:33:d9:cb:15:92:37:fc:4c:54:be:e1:d0:dc:
7f:c3:2b:9b:9a:f0:f0:83:df:7f:0f:25:29:3e:58:71:eb:fe:
f3:70:32:a8:5e:08:76:36:91:af:82:7d:5d:86:bc:7c:c5:1f:
80:72:4d:b1:ed:99:53:79:c5:60:fd:2e:44:9b:f6:71:49:fd:
72:8c:54:cd:cb:28:1e:43:43:f1:a8:f6:fa:8e:59:27:3f:cf:
88:bb:9b:c5:d9:74:2f:71:c7:8b:5e:a0:cd:4a:da:c6:3d:1e:
57:74:48:66:4e:4c:7b:03:42:9d:a7:10:b0:32:b1:4a:0d:ae:
f8:aa:cd:98:46:4e:d0:0e:cd:05:2a:90:25:9b:ea:7f:cf:bd:
f3:76:90:66:dc:ac:7c:46:26:2c:83:5d:19:00:72:b9:f0:36:
f1:8d:81:6c:89:6e:d6:4a:1a:1f:32:42:c0:5e:07:1e:af:d1:
b2:ab:da:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYppfYRYXSS4x5UAPP06E6poMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwOTA2MDc1NTQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGUwMzNkNTcyN2Q4YWFjNjAzNjlhNDZiNTI1MmQ4OTQwZTgyYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BZnT26punHMk2c0wNLYYoKrrQi0
NvLyais9vwdaL9MuH/7QCuHvuiTDSLW39GrY3RP+ZXHBLljn8Hv5KqrCvy6LOrOk
K4neF4gEwu3sZ+P28F9w+X6v6ecSwB62RxawioL5iNTJFe0/DMGdC5yxV1gbEsCF
cwNMLDbM7YQ7ZqPcaTznbG6XdmWgK/F46DQubE4nwxdf0HySmClribWND8Ytu5C4
NLou8v845uxsyDuYSP41nUkZBRIxOGA/ZK2+PkSxx4GW3YU8HpEVUCbPs9g4pGFy
lxQtZKYx3peZwW/ah9jMwaTqwiOysEdNyXqkw+8kYzqlKx8MDbDGwnB4HQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGDgM9VyfYqsYDaaRrUlLYlA6Cr3MB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvWU9BejFYSjlpcXhnTnBwR3RTVXRpVURvS3ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZG4AwQC
LZncMA0GCSqGSIb3DQEBCwUAA4IBAQBIoi2IphyFJCIB4gOeGhCnbzucetTNZwjP
6IouPEtV/s2QhZJUR6BTlWxD4Laz0OZlXaf+/YY/EmTIyZ22TfxvJiSCdCA/+Yus
/glrjDPZyxWSN/xMVL7h0Nx/wyubmvDwg99/DyUpPlhx6/7zcDKoXgh2NpGvgn1d
hrx8xR+Ack2x7ZlTecVg/S5Em/ZxSf1yjFTNyygeQ0PxqPb6jlknP8+Iu5vF2XQv
cceLXqDNStrGPR5XdEhmTkx7A0KdpxCwMrFKDa74qs2YRk7QDs0FKpAlm+p/z73z
dpBm3Kx8RiYsg10ZAHK58DbxjYFsiW7WShofMkLAXgcer9Gyq9pM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org