Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/jiSdNBqDrQppgEp6HnukSsWq_7E.roa
File: jiSdNBqDrQppgEp6HnukSsWq_7E.roa (raw, json)
Hash identifier: dxmbRoa97RpCp9aptUMSn9PauXSXInI3P0f0Qs1jgGI=
Subject key identifier: 8E:24:9D:34:1A:83:AD:0A:69:80:4A:7A:1E:7B:A4:4A:C5:AA:FF:B1
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 018A69916B930C89AAE7B0141019B3F8F1BC
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/jiSdNBqDrQppgEp6HnukSsWq_7E.roa
Signing time: Wed 06 Sep 2023 08:17:32 +0000
ROA not before: Wed 06 Sep 2023 08:17:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 45.145.184.0/22 maxlen: 24
45.153.220.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:69:91:6b:93:0c:89:aa:e7:b0:14:10:19:b3:f8:f1:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Sep 6 08:17:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8e249d341a83ad0a69804a7a1e7ba44ac5aaffb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:15:93:07:7d:6e:82:e9:78:79:8c:da:10:b7:
d0:03:7b:56:11:bc:fd:21:11:88:0d:4a:29:c3:dc:
36:86:a7:a7:b1:39:b3:4c:70:ed:ee:3a:5a:f7:c9:
39:58:28:23:e1:8f:0a:15:2d:b0:55:0d:e9:15:b0:
55:b7:a9:57:48:e9:77:2f:db:cc:ec:80:9d:ff:d0:
ea:7b:36:31:ab:c7:bc:25:66:28:d7:b5:ce:f3:68:
50:8f:f1:e6:7e:45:1d:c5:e3:3f:15:84:81:73:b5:
3a:a5:46:78:c8:a9:cb:67:d6:87:2f:69:d3:fa:b5:
65:0f:e7:3e:b3:c5:e3:ca:70:49:c7:e1:c9:da:30:
84:a0:b9:dd:c0:95:d6:6d:d3:b0:83:61:9e:a0:6c:
4d:d9:7f:cc:26:a7:ad:80:60:f8:52:e9:ea:e7:60:
09:e4:1a:85:40:88:55:82:0a:8e:4c:22:a8:e2:7b:
73:70:d2:fa:0a:9b:e7:c6:3b:7f:8d:89:59:b5:aa:
18:be:95:55:9c:ea:55:e6:a2:21:ed:f6:fc:4d:5b:
4a:f2:77:e7:56:a4:17:0d:2e:61:54:0b:dd:e1:0c:
32:33:c0:ff:f1:81:6c:01:a0:93:59:83:f9:d7:43:
02:e8:5f:d9:70:37:18:f2:63:39:ad:85:e7:c6:e4:
92:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:24:9D:34:1A:83:AD:0A:69:80:4A:7A:1E:7B:A4:4A:C5:AA:FF:B1
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/jiSdNBqDrQppgEp6HnukSsWq_7E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.145.184.0/22
45.153.220.0/22
Signature Algorithm: sha256WithRSAEncryption
a1:2d:a4:20:f0:92:ae:23:db:1d:82:ff:63:fa:9c:46:af:58:
82:52:fc:d6:68:5b:1b:f0:0e:14:c5:d5:42:2a:dd:ed:a2:1e:
ef:47:a1:23:3c:91:1a:33:42:bd:05:df:cd:fe:35:ec:5e:46:
62:b2:92:a6:cb:03:20:25:3c:09:a6:53:97:7f:d4:ec:ef:72:
7d:f6:bd:e6:5f:e3:05:09:f5:fe:dc:5a:64:d5:67:7b:17:e7:
48:af:e5:79:91:66:ef:16:f0:ba:2b:56:27:74:4d:db:24:4a:
29:c7:d5:1b:ab:e6:e2:9c:ca:85:cd:d9:89:c4:b4:03:99:de:
90:14:23:e3:87:75:f9:2e:d2:f3:8f:e1:fd:1b:12:ff:34:a5:
96:c0:51:ce:99:1c:35:f1:0d:39:a6:2b:2f:27:a5:bd:1a:70:
d3:3c:ea:c8:28:7a:16:75:f3:c0:31:c3:9a:94:31:70:f7:02:
d2:b1:69:45:e4:f6:18:36:f5:a0:d9:66:a9:d8:88:c7:bf:7c:
ac:0c:5c:9d:0a:c8:96:39:78:6b:b5:d5:48:63:87:95:b9:1b:
bb:ab:ac:2f:b7:dd:30:69:4b:68:20:83:e4:bf:a1:19:c4:93:
6e:7e:75:b5:00:c6:34:06:3d:7c:c3:9a:38:07:17:26:0a:bc:
7b:b8:61:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYppkWuTDImq57AUEBmz+PG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMwOTA2MDgxNzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTI0OWQzNDFhODNhZDBhNjk4MDRhN2ExZTdiYTQ0YWM1YWFmZmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxWTB31ugul4eYzaELfQA3tWEbz9
IRGIDUopw9w2hqensTmzTHDt7jpa98k5WCgj4Y8KFS2wVQ3pFbBVt6lXSOl3L9vM
7ICd/9DqezYxq8e8JWYo17XO82hQj/HmfkUdxeM/FYSBc7U6pUZ4yKnLZ9aHL2nT
+rVlD+c+s8XjynBJx+HJ2jCEoLndwJXWbdOwg2GeoGxN2X/MJqetgGD4Uunq52AJ
5BqFQIhVggqOTCKo4ntzcNL6Cpvnxjt/jYlZtaoYvpVVnOpV5qIh7fb8TVtK8nfn
VqQXDS5hVAvd4QwyM8D/8YFsAaCTWYP510MC6F/ZcDcY8mM5rYXnxuSSewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI4knTQag60KaYBKeh57pErFqv+xMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvamlTZE5CcURyUXBwZ0VwNkhudWtTc1dxXzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZG4AwQC
LZncMA0GCSqGSIb3DQEBCwUAA4IBAQChLaQg8JKuI9sdgv9j+pxGr1iCUvzWaFsb
8A4UxdVCKt3toh7vR6EjPJEaM0K9Bd/N/jXsXkZispKmywMgJTwJplOXf9Ts73J9
9r3mX+MFCfX+3Fpk1Wd7F+dIr+V5kWbvFvC6K1YndE3bJEopx9Ubq+binMqFzdmJ
xLQDmd6QFCPjh3X5LtLzj+H9GxL/NKWWwFHOmRw18Q05pisvJ6W9GnDTPOrIKHoW
dfPAMcOalDFw9wLSsWlF5PYYNvWg2Wap2IjHv3ysDFydCsiWOXhrtdVIY4eVuRu7
q6wvt90waUtoIIPkv6EZxJNufnW1AMY0Bj18w5o4BxcmCrx7uGFg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:24 2024 by rpki-client on console-fra.rpki-client.org