Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ixP-wJvbL2wg7wWjkNsO7V7qZFg.roa
File: ixP-wJvbL2wg7wWjkNsO7V7qZFg.roa (raw, json)
Hash identifier: tMfReP4sr3TiuPmOn+ztSc46sWHp33AjhJng2Nl+3kU=
Subject key identifier: 8B:13:FE:C0:9B:DB:2F:6C:20:EF:05:A3:90:DB:0E:ED:5E:EA:64:58
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 0182D5271BA6EA7DCBF2E11C84CEB9056377
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ixP-wJvbL2wg7wWjkNsO7V7qZFg.roa
Signing time: Thu 25 Aug 2022 13:18:06 +0000
ROA not before: Thu 25 Aug 2022 13:18:06 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 22773
IP address blocks: 45.144.160.0/22 maxlen: 22
45.144.56.0/22 maxlen: 22
45.146.8.0/22 maxlen: 22
45.150.128.0/22 maxlen: 22
2a11:df80::/29 maxlen: 29
2a11:9180::/29 maxlen: 29
2a11:9280::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:d5:27:1b:a6:ea:7d:cb:f2:e1:1c:84:ce:b9:05:63:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Aug 25 13:18:06 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8b13fec09bdb2f6c20ef05a390db0eed5eea6458
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:f0:7b:1a:c1:79:48:e0:67:19:95:00:f6:63:
85:6f:6e:92:dc:9a:dc:3b:aa:82:0b:5b:9c:55:86:
f1:c5:c7:0d:92:e9:26:a2:74:39:4e:3e:d6:bc:b9:
d4:b1:c3:ba:eb:e2:5f:8a:1f:00:95:4b:b7:b9:91:
3b:2d:07:95:d3:66:0f:4f:59:29:4b:d0:3a:8f:61:
6e:95:23:b2:94:05:94:2d:ba:a5:3a:90:96:3e:5c:
ce:36:2e:96:da:00:9d:a9:87:d7:24:f4:95:dd:90:
52:4b:1a:ff:0b:c2:32:c0:8f:08:c5:b4:66:75:6c:
af:c1:61:c7:1e:f5:d7:c4:0e:86:b9:12:bf:a3:bd:
1a:11:82:41:9e:5f:ae:fa:38:36:e6:81:16:5c:d3:
08:7d:f7:e8:2b:bc:73:ae:37:3f:c4:44:f3:4d:e4:
e8:ee:e4:54:b4:a2:35:cf:6a:f3:47:63:87:b5:6c:
c0:a0:e3:8f:44:f0:81:54:ed:48:89:c9:76:2f:a7:
1c:45:57:ec:f1:b3:22:94:ac:03:96:2f:4a:75:92:
03:7b:cb:b6:43:ce:4e:7f:32:8c:26:43:8f:80:c8:
88:4b:99:d0:6b:7f:17:b8:8b:55:84:70:d6:3e:53:
95:72:ac:13:99:01:d9:ae:8c:99:84:9c:9b:bf:5c:
db:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:13:FE:C0:9B:DB:2F:6C:20:EF:05:A3:90:DB:0E:ED:5E:EA:64:58
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ixP-wJvbL2wg7wWjkNsO7V7qZFg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.144.56.0/22
45.144.160.0/22
45.146.8.0/22
45.150.128.0/22
IPv6:
2a11:9180::/29
2a11:9280::/29
2a11:df80::/29
Signature Algorithm: sha256WithRSAEncryption
81:9e:26:bf:98:ec:f8:de:6b:76:42:db:87:5e:6a:bc:ac:21:
ae:e8:ca:e4:3c:5f:f0:d9:61:a7:b6:1f:e3:f7:98:10:45:53:
48:7f:3b:52:61:3e:41:cc:3d:bd:4d:8b:01:e4:91:05:55:ad:
09:5b:30:67:e0:d3:5b:2d:4c:44:27:89:6b:bd:eb:70:00:83:
9c:bd:23:63:35:71:2d:82:44:12:8f:b9:03:7c:4f:3a:fb:92:
05:3a:eb:95:eb:88:21:b5:3a:69:c9:32:26:5b:7d:67:5a:79:
35:7d:9c:2a:b0:65:a4:dd:29:50:91:bf:4a:c7:bd:cb:5e:1e:
44:63:06:28:fd:71:0c:98:00:c9:a2:1d:c1:f7:7d:aa:85:ff:
d4:02:60:49:e8:5a:99:a4:91:50:1c:a7:7a:2d:04:3b:07:97:
71:61:e3:6e:4d:51:d4:3c:ce:28:e5:a4:66:4f:c3:32:8c:db:
51:fc:69:fb:a8:f8:70:47:ed:23:5e:3b:50:09:d4:02:07:28:
d0:bd:8c:5b:ee:8c:01:3d:5a:06:9a:0a:27:44:5b:5d:b4:19:
4f:74:59:3f:39:c2:ff:0e:a3:00:0a:1a:32:2a:10:ab:93:e0:
c7:6f:f8:5e:b1:41:9f:af:6f:7c:b9:3b:88:ed:46:c9:23:3a:
6e:e8:8e:fa
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYLVJxum6n3L8uEchM65BWN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjIwODI1MTMxODA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjEzZmVjMDliZGIyZjZjMjBlZjA1YTM5MGRiMGVlZDVlZWE2NDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/B7GsF5SOBnGZUA9mOFb26S3Jrc
O6qCC1ucVYbxxccNkukmonQ5Tj7WvLnUscO66+Jfih8AlUu3uZE7LQeV02YPT1kp
S9A6j2FulSOylAWULbqlOpCWPlzONi6W2gCdqYfXJPSV3ZBSSxr/C8IywI8IxbRm
dWyvwWHHHvXXxA6GuRK/o70aEYJBnl+u+jg25oEWXNMIfffoK7xzrjc/xETzTeTo
7uRUtKI1z2rzR2OHtWzAoOOPRPCBVO1Iicl2L6ccRVfs8bMilKwDli9KdZIDe8u2
Q85OfzKMJkOPgMiIS5nQa38XuItVhHDWPlOVcqwTmQHZroyZhJybv1zbKQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFIsT/sCb2y9sIO8Fo5DbDu1e6mRYMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvaXhQLXdKdmJMMndnN3dXamtOc083VjdxWkZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAeBAIAATAYAwQCLZA4AwQC
LZCgAwQCLZIIAwQCLZaAMBsEAgACMBUDBQMqEZGAAwUDKhGSgAMFAyoR34AwDQYJ
KoZIhvcNAQELBQADggEBAIGeJr+Y7Pjea3ZC24dearysIa7oyuQ8X/DZYae2H+P3
mBBFU0h/O1JhPkHMPb1NiwHkkQVVrQlbMGfg01stTEQniWu963AAg5y9I2M1cS2C
RBKPuQN8Tzr7kgU665XriCG1OmnJMiZbfWdaeTV9nCqwZaTdKVCRv0rHvcteHkRj
Bij9cQyYAMmiHcH3faqF/9QCYEnoWpmkkVAcp3otBDsHl3Fh425NUdQ8zijlpGZP
wzKM21H8afuo+HBH7SNeO1AJ1AIHKNC9jFvujAE9WgaaCidEW120GU90WT85wv8O
owAKGjIqEKuT4Mdv+F6xQZ+vb3y5O4jtRskjOm7ojvo=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:06 2023 by rpki-client on console-fra.rpki-client.org