Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/r8heuo138iYtm8Ux5MxfESC2ePk.roa
File: r8heuo138iYtm8Ux5MxfESC2ePk.roa (raw, json)
Hash identifier: 6g94x7zZQwySo86e2E+JkpZzu73kfuJVBPdRYyjFS7g=
Subject key identifier: AF:C8:5E:BA:8D:77:F2:26:2D:9B:C5:31:E4:CC:5F:11:20:B6:78:F9
Certificate issuer: /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial: 018C3EEDC0B2BA0EEC46507853FFAB6D57C0
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/r8heuo138iYtm8Ux5MxfESC2ePk.roa
Signing time: Wed 06 Dec 2023 11:40:17 +0000
ROA not before: Wed 06 Dec 2023 11:40:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 45.11.68.0/22 maxlen: 22
2.58.144.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3e:ed:c0:b2:ba:0e:ec:46:50:78:53:ff:ab:6d:57:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Validity
Not Before: Dec 6 11:40:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=afc85eba8d77f2262d9bc531e4cc5f1120b678f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:45:fe:41:95:1e:fa:f7:c3:57:80:7d:4e:78:
17:cb:b0:c6:3d:96:3e:90:9a:5a:e6:ac:3e:e6:7b:
5e:99:0d:8a:24:2d:21:44:ea:6b:1c:37:4b:dd:cf:
e7:d2:a4:62:88:bb:cc:6b:45:60:1a:82:36:f3:8d:
71:3f:ae:fb:b0:94:86:c5:98:cf:9c:22:e2:d1:83:
e8:b2:c8:38:1c:13:d9:c4:35:7e:d4:32:e1:ab:74:
cf:8a:d9:11:1c:d7:41:aa:7d:5a:11:60:e4:98:aa:
41:2b:3a:e7:a6:72:33:ed:b2:3b:ee:0b:44:fb:6e:
f5:64:06:06:89:ce:3b:d1:1f:7b:05:90:a2:2f:36:
45:b5:b1:12:35:56:32:b4:55:c6:1c:d6:ef:34:4b:
a7:fe:db:12:7c:f3:0a:b4:19:d8:26:1a:8d:e1:50:
78:cc:1f:cb:c7:ac:27:05:48:a5:9c:4e:ee:cc:2a:
f3:7c:27:aa:b1:10:1b:5a:1f:7f:0c:9e:ce:da:28:
d3:90:6e:0e:74:3f:42:84:b5:3e:42:a1:d0:83:23:
62:2b:ae:81:51:2a:ff:83:53:c2:a6:03:44:20:82:
92:1f:49:af:35:e5:ae:f2:74:2c:04:8a:47:cb:18:
4e:7e:c2:2d:6f:26:8a:ae:ad:b2:2a:ba:0a:71:33:
74:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:C8:5E:BA:8D:77:F2:26:2D:9B:C5:31:E4:CC:5F:11:20:B6:78:F9
X509v3 Authority Key Identifier:
keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/r8heuo138iYtm8Ux5MxfESC2ePk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.144.0/22
45.11.68.0/22
Signature Algorithm: sha256WithRSAEncryption
3c:a2:1c:73:6d:c6:7e:18:fd:af:e1:18:84:46:3f:47:1a:2b:
e8:6a:40:84:c0:c1:be:fa:26:89:6f:45:9b:a4:6a:ca:58:41:
f4:dc:4a:f9:e5:c1:89:9b:3d:61:fb:b8:e0:5d:5d:88:38:61:
a5:2d:70:a1:d3:7f:51:12:38:a8:ff:3b:ea:ff:4c:8e:8b:19:
73:fa:34:65:6b:7f:b4:e1:3c:d1:21:2a:83:bc:77:11:26:49:
44:f6:3e:97:7f:84:4d:f4:e5:82:07:b7:a5:af:cf:8e:4a:91:
79:42:33:dc:bb:4f:a0:ce:bb:48:71:06:40:74:07:d0:f6:11:
71:09:c3:73:ca:0c:f8:69:ac:59:6b:13:59:a9:2e:e6:db:ad:
3c:80:cb:f4:65:d3:d2:6f:1f:fb:36:ca:8a:2c:f1:58:23:1b:
a7:ca:74:ca:eb:6b:8a:d8:74:95:63:be:94:ac:91:49:7a:4d:
cd:cf:e9:f0:3f:e3:a1:f1:be:3f:98:e6:23:35:f3:cd:9d:63:
10:ef:c8:58:19:e3:df:55:3f:fb:ae:21:69:29:7b:20:fc:5d:
ab:e5:d1:85:11:2a:36:81:66:3d:9c:b6:6a:af:b9:3f:7d:7e:
5d:8d:23:55:31:f4:d7:8f:79:ae:6b:3e:88:0f:e4:14:5e:6e:
37:b6:0d:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYw+7cCyug7sRlB4U/+rbVfAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjMxMjA2MTE0MDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmM4NWViYThkNzdmMjI2MmQ5YmM1MzFlNGNjNWYxMTIwYjY3OGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEX+QZUe+vfDV4B9TngXy7DGPZY+
kJpa5qw+5ntemQ2KJC0hROprHDdL3c/n0qRiiLvMa0VgGoI2841xP677sJSGxZjP
nCLi0YPossg4HBPZxDV+1DLhq3TPitkRHNdBqn1aEWDkmKpBKzrnpnIz7bI77gtE
+271ZAYGic470R97BZCiLzZFtbESNVYytFXGHNbvNEun/tsSfPMKtBnYJhqN4VB4
zB/Lx6wnBUilnE7uzCrzfCeqsRAbWh9/DJ7O2ijTkG4OdD9ChLU+QqHQgyNiK66B
USr/g1PCpgNEIIKSH0mvNeWu8nQsBIpHyxhOfsItbyaKrq2yKroKcTN0ZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK/IXrqNd/ImLZvFMeTMXxEgtnj5MB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEvcjhoZXVvMTM4aVl0bThVeDVNeGZFU0MyZVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjqQAwQC
LQtEMA0GCSqGSIb3DQEBCwUAA4IBAQA8ohxzbcZ+GP2v4RiERj9HGivoakCEwMG+
+iaJb0WbpGrKWEH03Er55cGJmz1h+7jgXV2IOGGlLXCh039REjio/zvq/0yOixlz
+jRla3+04TzRISqDvHcRJklE9j6Xf4RN9OWCB7elr8+OSpF5QjPcu0+gzrtIcQZA
dAfQ9hFxCcNzygz4aaxZaxNZqS7m2608gMv0ZdPSbx/7NsqKLPFYIxunynTK62uK
2HSVY76UrJFJek3Nz+nwP+Oh8b4/mOYjNfPNnWMQ78hYGePfVT/7riFpKXsg/F2r
5dGFESo2gWY9nLZqr7k/fX5djSNVMfTXj3muaz6ID+QUXm43tg3S
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:06 2024 by rpki-client on console-ams.rpki-client.org