Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/buaKQGCCQveUIUoGfsWzlm3w3sk.roa
File: buaKQGCCQveUIUoGfsWzlm3w3sk.roa (raw, json)
Hash identifier: bJQF9ZyFQoHzdJlSjtBIdE4+X0MkYFe3aZd+3vX24Us=
Subject key identifier: 6E:E6:8A:40:60:82:42:F7:94:21:4A:06:7E:C5:B3:96:6D:F0:DE:C9
Certificate issuer: /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial: 0184D16A655D6BC1B409BE761D944324E0D5
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/buaKQGCCQveUIUoGfsWzlm3w3sk.roa
Signing time: Fri 02 Dec 2022 05:58:41 +0000
ROA not before: Fri 02 Dec 2022 05:58:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 194.99.58.0/23 maxlen: 23
45.11.68.0/22 maxlen: 22
2.58.144.0/22 maxlen: 24
45.150.96.0/22 maxlen: 22
45.137.4.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:d1:6a:65:5d:6b:c1:b4:09:be:76:1d:94:43:24:e0:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Validity
Not Before: Dec 2 05:58:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6ee68a40608242f794214a067ec5b3966df0dec9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:8a:5b:8f:aa:ec:d7:6e:b8:9c:fa:ea:80:e2:
b4:fd:e4:54:ee:a8:91:6b:db:64:69:d7:8f:74:00:
ec:67:12:1b:69:24:09:aa:0e:64:0e:4b:2d:a0:2d:
69:48:51:97:85:10:1e:7a:11:9b:26:3e:0d:66:44:
58:d8:60:23:94:76:99:16:8a:1e:6c:3d:a6:71:66:
03:db:88:19:fb:6d:c8:0f:12:52:e3:f6:6a:fa:2d:
9d:bb:24:0c:22:9b:63:77:4f:8e:6c:54:44:dd:ed:
5b:82:9f:10:a3:77:96:bc:1d:cc:4f:cc:c2:87:cb:
51:71:95:4c:d1:2a:e1:66:b7:97:78:4e:4e:a4:6a:
51:d8:ab:e5:31:9b:56:73:64:37:c3:ae:c2:e3:75:
8b:ce:45:25:4b:be:81:9e:d5:8a:c9:a5:cb:5e:07:
01:6e:bd:8a:ea:8d:da:d5:ed:da:b0:2c:8d:54:ba:
85:1c:78:b1:81:16:bd:22:95:8c:ca:8a:ff:c4:4d:
0f:fe:81:f0:87:83:72:ef:7e:97:d5:68:8a:7f:c3:
a2:c1:05:21:b7:f2:90:cf:08:0f:fc:ea:bb:0f:b6:
85:a1:11:b4:5b:30:b0:e5:c9:7b:f6:23:3f:18:90:
10:35:79:0e:be:48:af:61:10:7e:db:4e:94:73:f1:
76:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:E6:8A:40:60:82:42:F7:94:21:4A:06:7E:C5:B3:96:6D:F0:DE:C9
X509v3 Authority Key Identifier:
keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/buaKQGCCQveUIUoGfsWzlm3w3sk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.144.0/22
45.11.68.0/22
45.137.4.0/22
45.150.96.0/22
194.99.58.0/23
Signature Algorithm: sha256WithRSAEncryption
80:73:8f:ff:9b:df:37:db:ec:28:f7:1a:67:1b:e1:61:70:95:
93:06:33:a6:b5:a7:a5:55:64:12:70:48:2c:ce:5e:1f:6a:47:
40:88:7c:22:76:c3:41:b5:fd:77:ae:ff:b4:9f:d9:6e:7d:0c:
80:53:e0:ac:56:1d:38:b7:4a:b8:b6:e7:55:87:14:00:c4:f5:
33:3a:d8:8f:39:78:99:21:15:2a:ee:4e:68:72:3a:cc:b2:4f:
a3:af:59:5c:c5:83:94:bf:66:86:a1:9b:08:14:77:47:7e:67:
7d:d0:0b:ff:4b:ad:fe:7c:9f:7b:4c:91:20:0e:62:8b:fe:8e:
8e:72:96:f3:75:e3:d9:08:cc:fa:9b:b2:64:89:93:a4:07:f7:
8c:e1:9f:09:c6:f4:f4:b8:ca:2d:35:4d:87:2d:bf:1b:6f:bd:
0d:fa:d6:ee:57:0f:1a:4f:e2:53:92:08:1d:e4:cc:d3:c0:8d:
09:bc:c0:2f:da:be:db:31:be:aa:ce:89:0b:b8:b6:2f:7c:b8:
9b:00:29:a7:c1:3e:b4:f8:f8:d0:7c:99:42:3e:fb:68:9f:14:
b7:79:47:2c:6d:d6:e7:52:a9:a0:28:be:6e:4a:fe:b2:ea:eb:
1a:db:43:44:7d:1a:30:de:11:50:a7:66:d6:51:5d:bc:7c:34:
68:97:47:8d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYTRamVda8G0Cb52HZRDJODVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjIxMjAyMDU1ODQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWU2OGE0MDYwODI0MmY3OTQyMTRhMDY3ZWM1YjM5NjZkZjBkZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4pbj6rs1264nPrqgOK0/eRU7qiR
a9tkadePdADsZxIbaSQJqg5kDkstoC1pSFGXhRAeehGbJj4NZkRY2GAjlHaZFooe
bD2mcWYD24gZ+23IDxJS4/Zq+i2duyQMIptjd0+ObFRE3e1bgp8Qo3eWvB3MT8zC
h8tRcZVM0SrhZreXeE5OpGpR2KvlMZtWc2Q3w67C43WLzkUlS76BntWKyaXLXgcB
br2K6o3a1e3asCyNVLqFHHixgRa9IpWMyor/xE0P/oHwh4Ny736X1WiKf8OiwQUh
t/KQzwgP/Oq7D7aFoRG0WzCw5cl79iM/GJAQNXkOvkivYRB+206Uc/F2zQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFG7mikBggkL3lCFKBn7Fs5Zt8N7JMB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEvYnVhS1FHQ0NRdmVVSVVvR2ZzV3psbTN3M3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCAjqQAwQC
LQtEAwQCLYkEAwQCLZZgAwQBwmM6MA0GCSqGSIb3DQEBCwUAA4IBAQCAc4//m983
2+wo9xpnG+FhcJWTBjOmtaelVWQScEgszl4fakdAiHwidsNBtf13rv+0n9lufQyA
U+CsVh04t0q4tudVhxQAxPUzOtiPOXiZIRUq7k5ocjrMsk+jr1lcxYOUv2aGoZsI
FHdHfmd90Av/S63+fJ97TJEgDmKL/o6OcpbzdePZCMz6m7JkiZOkB/eM4Z8JxvT0
uMotNU2HLb8bb70N+tbuVw8aT+JTkggd5MzTwI0JvMAv2r7bMb6qzokLuLYvfLib
ACmnwT60+PjQfJlCPvtonxS3eUcsbdbnUqmgKL5uSv6y6usa20NEfRow3hFQp2bW
UV28fDRol0eN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:50 2024 by rpki-client on console-fra.rpki-client.org