Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/2qZjwwDU56ehaK1Ko-PrqTOhkWo.roa
File: 2qZjwwDU56ehaK1Ko-PrqTOhkWo.roa (raw, json)
Hash identifier: yd1Ac4HE4OoJABPB6maS/XfDpV3qP3nRANpcImk1Cxg=
Subject key identifier: DA:A6:63:C3:00:D4:E7:A7:A1:68:AD:4A:A3:E3:EB:A9:33:A1:91:6A
Certificate issuer: /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial: 0958CF6C
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/2qZjwwDU56ehaK1Ko-PrqTOhkWo.roa
Signing time: Sat 01 Jan 2022 08:02:29 +0000
ROA not before: Sat 01 Jan 2022 08:02:29 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49289
IP address blocks: 185.63.132.0/23 maxlen: 23
159.255.136.0/22 maxlen: 22
185.63.135.0/24 maxlen: 24
185.63.134.0/24 maxlen: 24
159.255.144.0/21 maxlen: 21
188.94.120.0/21 maxlen: 21
171.22.233.0/24 maxlen: 24
171.22.232.0/24 maxlen: 24
171.22.235.0/24 maxlen: 24
171.22.234.0/24 maxlen: 24
93.185.112.0/20 maxlen: 20
178.239.32.0/20 maxlen: 20
2a00:c50::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 156815212 (0x958cf6c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Validity
Not Before: Jan 1 08:02:29 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=daa663c300d4e7a7a168ad4aa3e3eba933a1916a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:de:58:ef:3f:eb:26:16:27:63:27:07:3c:40:
f0:08:e1:72:9d:1c:07:de:00:e2:50:c5:7b:ac:ed:
2f:d1:52:c7:b0:1b:02:df:da:42:f5:c7:a0:46:5f:
7c:42:40:43:6a:a0:e2:1b:8a:94:b8:f9:cb:4d:a5:
b9:69:ba:0c:65:05:81:4e:7f:ad:e7:d7:f4:11:b7:
ea:91:5b:35:33:48:ef:30:3f:72:2e:a5:73:58:d5:
ce:a6:a8:e2:c7:eb:f6:63:52:04:1b:5d:46:ad:7c:
bc:05:c3:23:43:ae:f8:dc:93:81:15:31:15:ec:36:
8e:ad:4f:f1:20:cc:e2:0f:5c:3f:aa:ed:f4:f9:4e:
a6:bd:fa:02:5e:ba:f7:b0:d1:00:fb:6f:b8:83:64:
a1:f9:a5:b4:06:a9:63:3f:d2:43:f6:d4:ab:95:4c:
04:20:da:46:c2:8c:e6:f6:92:21:ff:32:5f:07:f5:
7f:d6:9f:34:9a:b7:dc:71:64:b5:49:17:40:6e:f2:
7c:90:31:cf:bc:0b:00:30:b0:23:d7:42:dd:3f:d9:
96:8b:3c:56:a6:69:38:b6:5a:51:d3:1e:53:14:7d:
fa:e1:38:1e:3f:ac:fc:4d:07:a8:8c:a4:f2:cf:2f:
22:a0:ff:56:cf:a5:8c:e0:73:ac:9d:f6:48:63:b7:
69:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:A6:63:C3:00:D4:E7:A7:A1:68:AD:4A:A3:E3:EB:A9:33:A1:91:6A
X509v3 Authority Key Identifier:
keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/2qZjwwDU56ehaK1Ko-PrqTOhkWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.185.112.0/20
159.255.136.0/22
159.255.144.0/21
171.22.232.0/22
178.239.32.0/20
185.63.132.0/22
188.94.120.0/21
IPv6:
2a00:c50::/29
Signature Algorithm: sha256WithRSAEncryption
7e:62:1f:96:13:f8:75:5f:6a:f7:66:84:1b:a3:6c:6c:f7:75:
1e:ae:4a:6c:5a:98:f5:4e:9f:ab:6c:ed:9f:1c:cd:60:ac:bc:
20:13:8f:d0:17:c0:0f:ae:ff:06:b4:84:14:58:8d:cf:d1:13:
bf:ba:3c:be:86:cc:2b:8b:75:cb:7f:c7:3e:d1:10:37:2d:b0:
fd:98:14:d2:a1:c4:55:7a:7f:b1:29:40:a8:65:fc:df:6e:28:
e3:20:3e:b9:36:8b:32:98:fb:3b:5e:89:7f:80:fd:e9:9b:02:
ef:16:b4:50:ea:03:32:b6:30:c9:f6:04:85:88:14:cf:2a:8f:
0a:d1:4e:ca:0b:14:26:39:8b:2e:91:91:c2:39:72:b4:fd:d4:
a9:4e:84:dc:db:aa:49:66:94:40:82:43:2e:46:e9:d2:70:05:
34:c0:7b:95:5f:67:15:da:15:27:a7:e9:3a:ed:7c:da:a3:31:
61:e1:87:f9:14:d1:57:9f:6c:71:f1:25:f8:c0:9d:38:6c:de:
67:b6:4c:f8:c6:f3:94:ca:4d:2d:28:5e:71:2e:f5:80:ef:72:
f1:65:ed:63:9d:58:be:72:d6:1b:94:23:2c:bd:ec:f0:96:3f:
1e:72:de:9c:9d:69:2b:af:37:de:8f:67:41:27:a0:f5:b5:2a:
b0:49:b5:ac
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIECVjPbDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
NWY5ZTMyZmY2YWYzZDVlNWQ3N2JkYmI5OGRhMzdkMGI4ZTQ0NTE5MB4XDTIyMDEw
MTA4MDIyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGFhNjYzYzMwMGQ0
ZTdhN2ExNjhhZDRhYTNlM2ViYTkzM2ExOTE2YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALXeWO8/6yYWJ2MnBzxA8Ajhcp0cB94A4lDFe6ztL9FSx7Ab
At/aQvXHoEZffEJAQ2qg4huKlLj5y02luWm6DGUFgU5/refX9BG36pFbNTNI7zA/
ci6lc1jVzqao4sfr9mNSBBtdRq18vAXDI0Ou+NyTgRUxFew2jq1P8SDM4g9cP6rt
9PlOpr36Al6697DRAPtvuINkofmltAapYz/SQ/bUq5VMBCDaRsKM5vaSIf8yXwf1
f9afNJq33HFktUkXQG7yfJAxz7wLADCwI9dC3T/Zlos8VqZpOLZaUdMeUxR9+uE4
Hj+s/E0HqIyk8s8vIqD/Vs+ljOBzrJ32SGO3aVcCAwEAAaOCAjwwggI4MB0GA1Ud
DgQWBBTapmPDANTnp6ForUqj4+upM6GRajAfBgNVHSMEGDAWgBRF+eMv9q89Xl13
vbuY2jfQuORFGTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1JmbmpMX2F2UFY1ZGQ3MjdtTm8zMExqa1JSay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDAvOWRlZjA4LTc1NTItNGI1YS05NjZmLThlZTBhMTJhMzU5Yi8x
LzJxWmp3d0RVNTZlaGFLMUtvLVBycVRPaGtXby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAv
OWRlZjA4LTc1NTItNGI1YS05NjZmLThlZTBhMTJhMzU5Yi8xL1JmbmpMX2F2UFY1
ZGQ3MjdtTm8zMExqa1JSay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBS
BggrBgEFBQcBBwEB/wRDMEEwMAQCAAEwKgMEBF25cAMEAp//iAMEA5//kAMEAqsW
6AMEBLLvIAMEArk/hAMEA7xeeDANBAIAAjAHAwUDKgAMUDANBgkqhkiG9w0BAQsF
AAOCAQEAfmIflhP4dV9q92aEG6NsbPd1Hq5KbFqY9U6fq2ztnxzNYKy8IBOP0BfA
D67/BrSEFFiNz9ETv7o8vobMK4t1y3/HPtEQNy2w/ZgU0qHEVXp/sSlAqGX8324o
4yA+uTaLMpj7O16Jf4D96ZsC7xa0UOoDMrYwyfYEhYgUzyqPCtFOygsUJjmLLpGR
wjlytP3UqU6E3NuqSWaUQIJDLkbp0nAFNMB7lV9nFdoVJ6fpOu182qMxYeGH+RTR
V59scfEl+MCdOGzeZ7ZM+MbzlMpNLShecS71gO9y8WXtY51YvnLWG5QjLL3s8JY/
HnLenJ1pK6833o9nQSeg9bUqsEm1rA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:09:09 2025 by rpki-client