Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/L9gDwVKK-U5p21q9Nu04soOURAA.roa
File: L9gDwVKK-U5p21q9Nu04soOURAA.roa (raw, json)
Hash identifier: 1javzuF2T+oKS3UQQMzKAohfxwdHqZg4SgHJ31c4UZ8=
Subject key identifier: 2F:D8:03:C1:52:8A:F9:4E:69:DB:5A:BD:36:ED:38:B2:83:94:44:00
Certificate issuer: /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial: 01843299C887360B5BE83669D9CEFDAA10DF
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/L9gDwVKK-U5p21q9Nu04soOURAA.roa
Signing time: Tue 01 Nov 2022 09:50:49 +0000
ROA not before: Tue 01 Nov 2022 09:50:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 45.11.70.0/24 maxlen: 24
45.11.68.0/22 maxlen: 22
2.58.144.0/22 maxlen: 24
45.131.16.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:32:99:c8:87:36:0b:5b:e8:36:69:d9:ce:fd:aa:10:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Validity
Not Before: Nov 1 09:50:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2fd803c1528af94e69db5abd36ed38b283944400
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:85:80:90:61:7f:61:f5:7a:df:6d:ab:58:0f:
91:62:39:48:e3:50:9c:86:d0:d1:c1:b7:67:4d:67:
5f:67:71:8b:0f:6f:0a:ea:38:bc:a7:41:11:3a:82:
b3:2d:af:f2:07:4a:59:79:ad:c7:bc:83:1b:5b:20:
93:40:3b:56:68:f6:6a:36:21:ff:1a:df:07:f6:14:
f8:bc:27:5b:ac:0e:6a:54:20:11:25:cc:59:e7:12:
e8:bd:2c:72:47:98:64:4b:02:d6:97:d6:3c:01:b7:
01:d8:01:39:ef:33:63:d4:37:a4:c4:3b:8f:16:92:
e9:6d:e7:6b:a2:58:ee:a4:4b:6d:76:bc:7a:6f:8a:
6c:50:18:b5:c9:e7:d3:fe:d4:ca:05:71:61:45:8e:
13:65:05:2e:7e:34:37:7f:73:7b:a9:70:e5:52:dc:
e7:a5:6b:14:36:8e:17:0f:09:88:bf:57:e5:1c:6d:
d5:a8:65:c6:9a:f7:e6:f3:10:3e:0e:54:4b:64:13:
8e:94:05:35:74:30:f6:86:df:1e:ce:36:81:6d:ea:
42:27:00:c2:bb:c8:45:90:a1:5e:39:68:ed:f6:1f:
8d:0c:ab:29:4b:8c:8b:0e:6a:6f:47:e6:c6:f7:8b:
af:6f:20:00:ac:68:f1:05:b8:ab:fe:d8:96:0a:0b:
9d:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:D8:03:C1:52:8A:F9:4E:69:DB:5A:BD:36:ED:38:B2:83:94:44:00
X509v3 Authority Key Identifier:
keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/L9gDwVKK-U5p21q9Nu04soOURAA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.144.0/22
45.11.68.0/22
45.131.16.0/22
Signature Algorithm: sha256WithRSAEncryption
8a:e9:9e:ef:47:9b:00:ca:d2:de:b3:ff:87:ec:4d:44:f0:f9:
f9:29:b7:df:d6:ae:99:02:a3:d5:11:44:3d:2b:c8:e9:a1:31:
50:32:b9:d0:87:c8:29:0c:5c:cb:23:24:b2:23:6c:01:b2:f2:
a8:b3:01:92:e1:2c:30:25:4b:50:63:35:48:e9:04:69:bf:8f:
71:a8:17:64:22:65:3d:e7:90:fb:ed:16:64:9b:cd:bb:74:25:
84:25:f5:f5:b0:7a:e3:6c:2f:d3:75:27:17:66:ad:fa:1e:ea:
af:96:14:e4:6c:ec:0d:88:04:a6:e0:ce:99:dc:06:24:e5:80:
5f:08:27:ef:4e:e4:0e:75:84:05:47:6f:36:ee:3a:b3:5d:92:
24:98:7e:87:82:a2:61:92:d1:bd:2d:34:9b:bb:19:d7:f2:6e:
5a:ee:c7:6e:3e:04:57:3a:13:76:6d:50:8c:99:ac:41:fa:14:
5f:19:fd:2c:33:02:27:01:63:a8:03:9f:59:8a:87:75:42:5d:
8f:f6:29:f9:60:54:c2:69:45:ba:3b:57:fa:45:6f:b1:9c:79:
c4:62:ee:be:a7:75:4a:7d:2b:84:0c:08:e0:c2:8a:09:78:2c:
99:14:58:5c:9a:8f:d5:dc:5f:3a:a8:ce:72:7d:18:13:38:85:
f2:a3:0e:ab
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYQymciHNgtb6DZp2c79qhDfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjIxMTAxMDk1MDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmQ4MDNjMTUyOGFmOTRlNjlkYjVhYmQzNmVkMzhiMjgzOTQ0NDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYWAkGF/YfV6322rWA+RYjlI41Cc
htDRwbdnTWdfZ3GLD28K6ji8p0EROoKzLa/yB0pZea3HvIMbWyCTQDtWaPZqNiH/
Gt8H9hT4vCdbrA5qVCARJcxZ5xLovSxyR5hkSwLWl9Y8AbcB2AE57zNj1DekxDuP
FpLpbedroljupEttdrx6b4psUBi1yefT/tTKBXFhRY4TZQUufjQ3f3N7qXDlUtzn
pWsUNo4XDwmIv1flHG3VqGXGmvfm8xA+DlRLZBOOlAU1dDD2ht8ezjaBbepCJwDC
u8hFkKFeOWjt9h+NDKspS4yLDmpvR+bG94uvbyAArGjxBbir/tiWCgudpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC/YA8FSivlOadtavTbtOLKDlEQAMB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEvTDlnRHdWS0stVTVwMjFxOU51MDRzb09VUkFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjqQAwQC
LQtEAwQCLYMQMA0GCSqGSIb3DQEBCwUAA4IBAQCK6Z7vR5sAytLes/+H7E1E8Pn5
Kbff1q6ZAqPVEUQ9K8jpoTFQMrnQh8gpDFzLIySyI2wBsvKoswGS4SwwJUtQYzVI
6QRpv49xqBdkImU955D77RZkm827dCWEJfX1sHrjbC/TdScXZq36HuqvlhTkbOwN
iASm4M6Z3AYk5YBfCCfvTuQOdYQFR2827jqzXZIkmH6HgqJhktG9LTSbuxnX8m5a
7sduPgRXOhN2bVCMmaxB+hRfGf0sMwInAWOoA59Ziod1Ql2P9in5YFTCaUW6O1f6
RW+xnHnEYu6+p3VKfSuEDAjgwooJeCyZFFhcmo/V3F86qM5yfRgTOIXyow6r
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:50:02 2023 by rpki-client on console-ams.rpki-client.org