Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/LZ0yw2yWk9f8APjgdskeNWRWoB0.roa
File: LZ0yw2yWk9f8APjgdskeNWRWoB0.roa (raw, json)
Hash identifier: tT5uvCUNl425kouFLEUYUGbmR8fYPoGMRSbepg1bl54=
Subject key identifier: 2D:9D:32:C3:6C:96:93:D7:FC:00:F8:E0:76:C9:1E:35:64:56:A0:1D
Certificate issuer: /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial: 01841DD1893765F0073E1A29526463CA57E4
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/LZ0yw2yWk9f8APjgdskeNWRWoB0.roa
Signing time: Fri 28 Oct 2022 08:59:42 +0000
ROA not before: Fri 28 Oct 2022 08:59:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49289
IP address blocks: 185.63.132.0/23 maxlen: 23
159.255.136.0/22 maxlen: 22
185.63.135.0/24 maxlen: 24
185.63.134.0/24 maxlen: 24
159.255.144.0/22 maxlen: 22
188.94.120.0/21 maxlen: 21
171.22.233.0/24 maxlen: 24
171.22.232.0/24 maxlen: 24
171.22.235.0/24 maxlen: 24
171.22.234.0/24 maxlen: 24
93.185.112.0/20 maxlen: 20
178.239.32.0/20 maxlen: 20
159.255.151.0/24 maxlen: 24
2a00:c50::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:1d:d1:89:37:65:f0:07:3e:1a:29:52:64:63:ca:57:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Validity
Not Before: Oct 28 08:59:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2d9d32c36c9693d7fc00f8e076c91e356456a01d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:34:d1:59:31:5a:4c:24:a5:76:66:b0:c5:de:
55:89:5d:8a:d9:9f:a4:3a:63:73:5f:86:b9:b0:1f:
a8:e3:2c:57:22:ab:e9:44:7d:1e:e3:df:a8:5d:d3:
e1:fd:1b:81:c7:98:58:2b:7d:f4:b5:d4:83:99:2c:
44:0e:b3:47:48:87:41:55:59:4e:7c:62:04:76:b3:
ae:62:02:12:fd:30:64:78:2d:a8:ce:f5:d4:34:4a:
f6:fa:77:1e:53:4a:46:ae:e7:5b:f9:2f:77:38:1b:
44:ad:5f:20:d9:fd:7f:34:d0:94:55:5c:13:dd:65:
74:2b:7a:42:a8:14:f1:89:bf:d4:ac:cc:84:54:03:
40:6c:7a:04:dd:bc:8f:44:e6:50:30:15:d0:8e:6c:
28:87:82:c7:19:56:38:bc:c5:1f:b9:14:88:8d:6b:
9e:b3:6a:4d:bd:5d:78:6a:a7:49:f3:73:d9:4e:26:
d1:e3:26:8a:65:1b:df:84:3f:76:76:9f:a2:02:d5:
59:5d:d4:46:35:ab:23:a7:7d:03:1b:29:a0:52:ed:
bf:83:28:20:42:0c:f7:dd:32:e2:10:9b:03:a7:9b:
09:a4:5d:f6:76:bb:0b:0c:c1:2c:47:34:ba:46:33:
6c:e8:0e:de:fc:82:54:95:70:e6:dc:90:43:ac:48:
ed:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:9D:32:C3:6C:96:93:D7:FC:00:F8:E0:76:C9:1E:35:64:56:A0:1D
X509v3 Authority Key Identifier:
keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/LZ0yw2yWk9f8APjgdskeNWRWoB0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.185.112.0/20
159.255.136.0/22
159.255.144.0/22
159.255.151.0/24
171.22.232.0/22
178.239.32.0/20
185.63.132.0/22
188.94.120.0/21
IPv6:
2a00:c50::/29
Signature Algorithm: sha256WithRSAEncryption
99:d9:20:88:1b:5a:36:2d:31:e5:f2:25:24:f9:2f:32:34:20:
99:ba:03:26:ff:98:77:91:49:97:58:78:a0:12:0f:38:af:7b:
a8:97:5c:93:c6:1f:ac:fb:c2:1f:d3:e7:e4:6f:31:3e:64:b1:
6a:bc:97:bf:0d:73:e3:3f:d5:e5:fe:6b:a4:b1:01:7a:f7:06:
2b:cb:2b:14:a4:e3:ab:3b:dc:db:ef:68:ad:37:d3:15:40:6e:
e9:3a:a2:60:4f:d4:da:59:e8:3b:aa:e7:47:0d:bd:9f:88:d6:
80:45:aa:e5:cd:78:35:9a:68:bb:a2:ca:9f:93:81:5a:dd:c8:
26:99:9e:ef:d4:54:0c:09:61:e5:3b:f9:4d:1b:5e:41:5f:41:
6f:5c:42:b0:f4:8a:d8:07:40:6a:33:ed:c4:8e:6c:6b:e2:27:
e8:73:c6:00:96:e0:8b:b4:0f:5b:dd:14:62:41:14:08:45:7a:
f3:a5:35:81:b2:f5:ca:c4:56:1c:99:ec:84:ee:ca:bf:ba:81:
da:e5:1c:d5:0d:17:61:c1:f6:5b:03:17:a7:23:94:70:0f:89:
1e:2b:26:69:8f:41:29:e6:5c:52:b3:13:ec:37:2c:13:0b:27:
59:0e:63:22:08:1f:39:26:93:02:c4:7d:3c:13:4c:96:fe:06:
f1:53:72:ef
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYQd0Yk3ZfAHPhopUmRjylfkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjIxMDI4MDg1OTQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDlkMzJjMzZjOTY5M2Q3ZmMwMGY4ZTA3NmM5MWUzNTY0NTZhMDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDTRWTFaTCSldmawxd5ViV2K2Z+k
OmNzX4a5sB+o4yxXIqvpRH0e49+oXdPh/RuBx5hYK330tdSDmSxEDrNHSIdBVVlO
fGIEdrOuYgIS/TBkeC2ozvXUNEr2+nceU0pGrudb+S93OBtErV8g2f1/NNCUVVwT
3WV0K3pCqBTxib/UrMyEVANAbHoE3byPROZQMBXQjmwoh4LHGVY4vMUfuRSIjWue
s2pNvV14aqdJ83PZTibR4yaKZRvfhD92dp+iAtVZXdRGNasjp30DGymgUu2/gygg
Qgz33TLiEJsDp5sJpF32drsLDMEsRzS6RjNs6A7e/IJUlXDm3JBDrEjtWwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFC2dMsNslpPX/AD44HbJHjVkVqAdMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvTFoweXcyeVdrOWY4QVBqZ2Rza2VOV1JXb0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQEXblwAwQC
n/+IAwQCn/+QAwQAn/+XAwQCqxboAwQEsu8gAwQCuT+EAwQDvF54MA0EAgACMAcD
BQMqAAxQMA0GCSqGSIb3DQEBCwUAA4IBAQCZ2SCIG1o2LTHl8iUk+S8yNCCZugMm
/5h3kUmXWHigEg84r3uol1yTxh+s+8If0+fkbzE+ZLFqvJe/DXPjP9Xl/muksQF6
9wYryysUpOOrO9zb72itN9MVQG7pOqJgT9TaWeg7qudHDb2fiNaARarlzXg1mmi7
osqfk4Fa3cgmmZ7v1FQMCWHlO/lNG15BX0FvXEKw9IrYB0BqM+3Ejmxr4ifoc8YA
luCLtA9b3RRiQRQIRXrzpTWBsvXKxFYcmeyE7sq/uoHa5RzVDRdhwfZbAxenI5Rw
D4keKyZpj0Ep5lxSsxPsNywTCydZDmMiCB85JpMCxH08E0yW/gbxU3Lv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:05 2024 by rpki-client on console-ams.rpki-client.org