Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/gi2BjeToYCv0SMUwRgZ4tpZ0nkA.roa
File: gi2BjeToYCv0SMUwRgZ4tpZ0nkA.roa (raw, json)
Hash identifier: RHo7GQU4/ksUfCnHoXUSw03oo61Oo3uSZjPWgJ7De4w=
Subject key identifier: 82:2D:81:8D:E4:E8:60:2B:F4:48:C5:30:46:06:78:B6:96:74:9E:40
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 018A9752F23D73DFE6429B3AF62718671604
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/gi2BjeToYCv0SMUwRgZ4tpZ0nkA.roa
Signing time: Fri 15 Sep 2023 05:31:50 +0000
ROA not before: Fri 15 Sep 2023 05:31:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 45.145.184.0/22 maxlen: 24
45.86.8.0/22 maxlen: 24
45.153.220.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:97:52:f2:3d:73:df:e6:42:9b:3a:f6:27:18:67:16:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Sep 15 05:31:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=822d818de4e8602bf448c530460678b696749e40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:90:f5:a0:28:ac:86:14:14:c0:ec:82:f5:f7:
59:34:35:06:a1:a0:73:6c:28:93:77:be:fb:7c:f0:
29:ec:3e:f0:35:e1:d0:c5:15:4b:94:d0:7b:95:7d:
1c:4b:45:cb:08:66:9d:2c:2d:65:0b:1f:e1:23:9c:
48:28:1a:25:dd:8f:2a:ed:2b:c2:e3:e7:0a:72:6c:
cc:86:a4:e7:ac:fc:05:a0:e2:df:fb:fa:cc:6a:c8:
e1:ba:e6:8d:c1:82:7e:cc:64:df:b9:58:36:55:b3:
ad:cf:37:1f:01:44:ce:b1:eb:d7:95:f4:6b:b8:05:
13:11:66:0e:cd:38:79:05:54:18:a2:35:87:6b:1f:
e4:3b:b4:5b:28:27:54:74:cd:b1:03:f8:d7:1a:8a:
3b:bc:a2:cf:b6:aa:70:7e:6b:4a:a3:ab:45:5c:86:
34:e7:74:3a:4c:bf:f9:8e:8e:2f:55:f0:ff:0c:c4:
ce:01:64:99:cf:3e:22:04:9b:bd:8b:2b:4b:35:19:
1d:82:94:11:f7:64:d8:63:5a:e7:d2:33:15:13:ee:
41:69:cb:10:3b:a9:f1:3d:15:27:8a:47:70:44:8e:
f4:1e:7a:27:12:ce:f1:e7:16:7c:ce:d3:5d:4d:0d:
d0:00:30:1a:c0:a2:7d:00:a3:0b:e6:c8:80:8f:95:
e5:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:2D:81:8D:E4:E8:60:2B:F4:48:C5:30:46:06:78:B6:96:74:9E:40
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/gi2BjeToYCv0SMUwRgZ4tpZ0nkA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.8.0/22
45.145.184.0/22
45.153.220.0/22
Signature Algorithm: sha256WithRSAEncryption
3e:de:14:05:e8:4a:16:a0:82:6d:b4:53:6e:c3:5e:06:e9:1c:
f8:90:12:2a:b8:2f:ee:07:9f:8f:4c:c3:a1:fe:96:a4:74:c4:
e8:1b:f5:71:f9:60:c9:45:29:13:a5:c3:d3:73:74:6c:fa:f8:
2d:2a:33:7d:dc:bd:da:4f:ec:77:f4:87:bc:60:e0:db:6f:22:
73:bd:a4:98:53:52:0f:65:63:cf:d2:02:72:32:80:9f:bc:e3:
8f:79:a8:53:1f:6f:9b:be:21:0a:ff:e1:cc:00:1e:72:1d:07:
f7:96:25:62:dc:0c:79:5b:09:32:c7:ac:97:2c:b8:6d:f6:82:
a5:b8:10:74:41:b3:a6:de:7e:14:c9:a6:7b:ed:5f:0c:7e:53:
5b:b7:1d:21:ce:70:e5:d6:ac:8c:f2:21:49:86:8f:a4:6e:69:
d6:c5:35:3e:25:64:eb:84:58:d2:b8:0a:f1:b2:77:11:c3:ed:
e4:fc:1a:85:cf:85:6e:39:04:ff:fb:f1:cb:f8:1c:ec:35:d9:
94:85:13:f1:1e:b8:d2:e5:d4:98:3d:44:de:5f:0d:02:c1:ac:
6c:e1:fd:d3:3e:9e:97:27:fb:14:d7:3b:49:22:53:66:6a:d3:
46:97:c5:a3:8c:98:1b:b1:a6:e0:bf:68:3d:2a:d4:5c:71:2d:
72:e4:8f:27
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYqXUvI9c9/mQps69icYZxYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwOTE1MDUzMTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJkODE4ZGU0ZTg2MDJiZjQ0OGM1MzA0NjA2NzhiNjk2NzQ5ZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpD1oCishhQUwOyC9fdZNDUGoaBz
bCiTd777fPAp7D7wNeHQxRVLlNB7lX0cS0XLCGadLC1lCx/hI5xIKBol3Y8q7SvC
4+cKcmzMhqTnrPwFoOLf+/rMasjhuuaNwYJ+zGTfuVg2VbOtzzcfAUTOsevXlfRr
uAUTEWYOzTh5BVQYojWHax/kO7RbKCdUdM2xA/jXGoo7vKLPtqpwfmtKo6tFXIY0
53Q6TL/5jo4vVfD/DMTOAWSZzz4iBJu9iytLNRkdgpQR92TYY1rn0jMVE+5BacsQ
O6nxPRUnikdwRI70HnonEs7x5xZ8ztNdTQ3QADAawKJ9AKML5siAj5XlrwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIItgY3k6GAr9EjFMEYGeLaWdJ5AMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvZ2kyQmplVG9ZQ3YwU01Vd1JnWjR0cFowbmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVYIAwQC
LZG4AwQCLZncMA0GCSqGSIb3DQEBCwUAA4IBAQA+3hQF6EoWoIJttFNuw14G6Rz4
kBIquC/uB5+PTMOh/pakdMToG/Vx+WDJRSkTpcPTc3Rs+vgtKjN93L3aT+x39Ie8
YODbbyJzvaSYU1IPZWPP0gJyMoCfvOOPeahTH2+bviEK/+HMAB5yHQf3liVi3Ax5
Wwkyx6yXLLht9oKluBB0QbOm3n4UyaZ77V8MflNbtx0hznDl1qyM8iFJho+kbmnW
xTU+JWTrhFjSuArxsncRw+3k/BqFz4VuOQT/+/HL+BzsNdmUhRPxHrjS5dSYPUTe
Xw0Cwaxs4f3TPp6XJ/sU1ztJIlNmatNGl8WjjJgbsabgv2g9KtRccS1y5I8n
-----END CERTIFICATE-----
Generated at Mon Oct 2 07:29:15 2023 by rpki-client on console-ams.rpki-client.org