Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/yjoWRlAmxFT4256ApfZMLjSwR9w.roa
File: yjoWRlAmxFT4256ApfZMLjSwR9w.roa (raw, json)
Hash identifier: rn62gMzCi4jOXvn/vWYleJfhFZHOIb/yUxX4ISrVO5M=
Subject key identifier: CA:3A:16:46:50:26:C4:54:F8:DB:9E:80:A5:F6:4C:2E:34:B0:47:DC
Certificate issuer: /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial: 018A93134C5EE523ACF340FBB7C34A9B55E7
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/yjoWRlAmxFT4256ApfZMLjSwR9w.roa
Signing time: Thu 14 Sep 2023 09:43:50 +0000
ROA not before: Thu 14 Sep 2023 09:43:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 45.11.68.0/22 maxlen: 22
2.58.144.0/22 maxlen: 22
45.150.96.0/22 maxlen: 22
45.137.4.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:93:13:4c:5e:e5:23:ac:f3:40:fb:b7:c3:4a:9b:55:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Validity
Not Before: Sep 14 09:43:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ca3a16465026c454f8db9e80a5f64c2e34b047dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:7e:22:93:b1:f6:68:35:55:2d:9b:40:7b:fa:
14:0e:4e:10:0e:14:8d:e8:b9:08:dc:59:44:78:12:
c0:1a:ae:9e:c4:92:a6:45:a1:ed:fb:a3:3a:1c:eb:
19:aa:a9:60:73:3c:12:84:ac:3b:bb:b3:a9:cb:74:
4a:30:a1:51:a6:39:98:41:e5:97:2a:93:73:3d:4f:
3d:df:7a:2f:60:a0:d3:19:31:b7:65:00:3f:d1:36:
c7:21:16:f4:a0:bf:b9:9c:3b:8e:0d:2d:b9:52:8d:
d3:8c:09:f9:e7:5e:f7:19:ca:33:94:59:21:f3:1f:
62:13:c1:8d:e1:bc:11:fc:e7:3d:08:e7:95:27:e2:
bc:8f:52:19:6c:09:f9:5d:5c:d4:96:8f:a5:1e:8c:
a5:c6:0e:55:1e:8c:54:39:c9:dd:f1:8f:ce:c8:c7:
70:d3:94:00:27:aa:c2:73:86:69:34:65:eb:f8:57:
55:c9:bf:22:60:34:9b:10:77:e5:ba:61:88:ca:e0:
9a:80:ad:1c:a3:fe:30:7b:e4:c8:73:99:64:f7:66:
ab:03:d1:83:20:5d:38:6e:67:3f:13:f4:0b:8f:a6:
3c:01:94:e6:04:11:2a:0d:42:e1:51:1a:eb:6b:a9:
ea:12:32:78:f3:10:50:30:c1:12:6f:1b:b0:14:73:
7b:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:3A:16:46:50:26:C4:54:F8:DB:9E:80:A5:F6:4C:2E:34:B0:47:DC
X509v3 Authority Key Identifier:
keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/yjoWRlAmxFT4256ApfZMLjSwR9w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.144.0/22
45.11.68.0/22
45.137.4.0/22
45.150.96.0/22
Signature Algorithm: sha256WithRSAEncryption
1c:b5:34:66:10:08:aa:3c:b1:6e:48:55:c7:c8:d7:14:ea:55:
07:3b:74:7e:8e:9a:16:fd:f2:1e:2a:7e:0b:dc:09:35:d4:e4:
9b:3a:fe:c6:e2:d7:62:56:05:86:a4:25:37:ac:a8:05:4f:dd:
38:0d:e3:c3:79:3e:b0:9b:ca:bc:f5:6c:85:a3:ec:c3:f2:02:
49:11:00:09:af:33:6a:b0:31:19:b4:7a:f1:62:34:70:0d:81:
51:af:d5:3c:19:95:81:80:4d:69:0b:99:c8:82:f8:0c:b2:89:
00:91:e3:7e:e5:7f:9e:f6:ca:89:e5:1c:58:7f:24:b1:cf:d6:
fa:8a:37:e2:40:f5:43:7d:b4:4d:d8:a2:92:e8:f8:5c:d6:0c:
6c:be:a4:80:26:02:ed:8a:97:fa:64:9f:fe:82:3a:46:d9:73:
77:16:5d:25:a0:ca:31:01:a4:2b:38:7b:21:94:6f:d5:93:96:
23:95:be:1e:e0:e4:4f:e8:82:9b:41:3f:fb:2a:6a:ec:bd:67:
52:ef:fe:1d:38:19:fa:48:a4:b1:47:af:c0:90:76:e5:47:91:
39:95:b3:52:d6:08:57:0c:4e:ca:a9:c3:1c:ed:b1:4b:db:57:
22:01:87:7c:f1:9c:10:71:11:3a:e0:87:ca:55:47:3b:40:74:
cb:70:21:9b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYqTE0xe5SOs80D7t8NKm1XnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjMwOTE0MDk0MzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTNhMTY0NjUwMjZjNDU0ZjhkYjllODBhNWY2NGMyZTM0YjA0N2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX4ik7H2aDVVLZtAe/oUDk4QDhSN
6LkI3FlEeBLAGq6exJKmRaHt+6M6HOsZqqlgczwShKw7u7Opy3RKMKFRpjmYQeWX
KpNzPU8933ovYKDTGTG3ZQA/0TbHIRb0oL+5nDuODS25Uo3TjAn55173GcozlFkh
8x9iE8GN4bwR/Oc9COeVJ+K8j1IZbAn5XVzUlo+lHoylxg5VHoxUOcnd8Y/OyMdw
05QAJ6rCc4ZpNGXr+FdVyb8iYDSbEHflumGIyuCagK0co/4we+TIc5lk92arA9GD
IF04bmc/E/QLj6Y8AZTmBBEqDULhURrra6nqEjJ48xBQMMESbxuwFHN7twIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMo6FkZQJsRU+NuegKX2TC40sEfcMB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEveWpvV1JsQW14RlQ0MjU2QXBmWk1MalN3Ujl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCAjqQAwQC
LQtEAwQCLYkEAwQCLZZgMA0GCSqGSIb3DQEBCwUAA4IBAQActTRmEAiqPLFuSFXH
yNcU6lUHO3R+jpoW/fIeKn4L3Ak11OSbOv7G4tdiVgWGpCU3rKgFT904DePDeT6w
m8q89WyFo+zD8gJJEQAJrzNqsDEZtHrxYjRwDYFRr9U8GZWBgE1pC5nIgvgMsokA
keN+5X+e9sqJ5RxYfySxz9b6ijfiQPVDfbRN2KKS6Phc1gxsvqSAJgLtipf6ZJ/+
gjpG2XN3Fl0loMoxAaQrOHshlG/Vk5Yjlb4e4ORP6IKbQT/7KmrsvWdS7/4dOBn6
SKSxR6/AkHblR5E5lbNS1ghXDE7KqcMc7bFL21ciAYd88ZwQcRE64IfKVUc7QHTL
cCGb
-----END CERTIFICATE-----
Generated at Fri Nov 10 10:32:34 2023 by rpki-client on console-fra.rpki-client.org