Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/BTxczWsLn8i3lxOIhxFtpdNmd04.roa
File: BTxczWsLn8i3lxOIhxFtpdNmd04.roa (raw, json)
Hash identifier: WvAA7jfuhGAKSLjlVfDGkG3D5M5HjaAFOAXgc0wrKRU=
Subject key identifier: 05:3C:5C:CD:6B:0B:9F:C8:B7:97:13:88:87:11:6D:A5:D3:66:77:4E
Certificate issuer: /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial: 018D2D6E2D2B063C25F9C9F1216E49866789
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/BTxczWsLn8i3lxOIhxFtpdNmd04.roa
Signing time: Sun 21 Jan 2024 19:10:11 +0000
ROA not before: Sun 21 Jan 2024 19:10:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212667
IP address blocks: 37.221.80.0/24 maxlen: 24
45.11.22.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2d:6e:2d:2b:06:3c:25:f9:c9:f1:21:6e:49:86:67:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Validity
Not Before: Jan 21 19:10:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=053c5ccd6b0b9fc8b797138887116da5d366774e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:9b:ef:b8:7a:22:86:ce:ce:fb:a5:8b:43:94:
6b:dd:cb:e6:1f:db:b9:c9:34:79:29:4b:39:2d:08:
43:c8:c6:de:c1:01:7b:7d:d9:a2:91:8c:78:3a:f4:
38:a5:7b:4b:12:18:2a:5b:77:90:d2:84:2a:b5:d8:
f9:ce:6c:1e:47:08:dd:11:8b:30:41:8d:0d:0d:c9:
47:66:bc:c3:13:b1:0b:97:43:19:0c:14:81:11:7b:
fa:02:e4:b1:9b:85:12:15:9d:04:a6:4c:67:ed:bc:
de:38:90:82:e2:16:8a:85:73:34:52:dc:90:3c:b4:
07:7e:2d:28:bb:b0:17:d7:87:f0:67:da:71:ec:28:
35:af:ee:50:57:7d:b6:21:81:1f:6a:c9:60:44:58:
a6:81:1e:6a:96:1d:56:d5:1b:9b:01:df:b8:4d:43:
01:71:24:8d:37:fa:ac:42:cb:fe:4a:47:6e:94:d2:
fe:ea:83:e3:91:87:ce:05:b7:e7:f9:de:e5:b7:18:
ce:4a:a9:bc:6f:96:7f:74:3f:78:b5:0e:82:92:25:
7b:34:78:88:77:69:f4:83:7b:65:0a:9b:9b:07:d0:
c6:c1:55:94:a6:e7:28:fb:c1:e9:71:b1:8d:9f:05:
f3:a5:1f:5d:13:2e:3b:df:c0:3c:e1:96:84:c0:cb:
9e:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:3C:5C:CD:6B:0B:9F:C8:B7:97:13:88:87:11:6D:A5:D3:66:77:4E
X509v3 Authority Key Identifier:
keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/BTxczWsLn8i3lxOIhxFtpdNmd04.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.80.0/24
45.11.22.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:74:4e:3d:e1:66:4e:89:37:1e:68:81:05:cd:a9:2b:ca:02:
b8:ec:76:f9:ee:80:b0:00:33:25:b3:6e:98:61:05:eb:d4:bb:
3a:6d:65:86:f8:ba:df:52:5f:02:59:a4:e5:5f:38:8d:3f:94:
24:8b:5e:51:1e:cb:d1:14:1c:46:2f:44:a1:8c:69:1e:7f:3b:
98:6d:69:17:a4:3e:0b:70:8f:bd:52:f3:70:ba:8a:43:30:96:
3d:12:d2:78:5b:5f:03:88:58:16:70:ab:9c:e7:4b:49:62:b5:
74:82:9a:9b:6c:fe:ae:67:13:d9:50:82:de:99:50:fd:db:f6:
93:bb:be:42:ec:30:dc:36:28:81:8c:40:ed:54:54:39:03:3d:
c1:5e:1f:77:d2:59:df:5f:8c:d9:38:6e:28:cf:06:33:4d:91:
01:c4:9d:74:a6:6f:96:b3:da:17:fd:f8:3b:4c:b9:58:3e:e3:
b5:68:56:5c:08:c1:37:be:7b:2b:0f:b0:d3:da:36:3b:8a:11:
c6:84:a8:4a:fc:30:f6:d0:bf:4c:a3:00:1c:50:19:35:b8:ec:
33:79:59:18:92:70:7f:88:c4:b6:92:2b:23:92:7a:3b:fe:74:
cc:9a:a6:b9:0f:14:30:fd:78:83:10:c0:f9:a1:f6:3f:72:2a:
b9:b1:18:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0tbi0rBjwl+cnxIW5JhmeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjQwMTIxMTkxMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTNjNWNjZDZiMGI5ZmM4Yjc5NzEzODg4NzExNmRhNWQzNjY3NzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZvvuHoihs7O+6WLQ5Rr3cvmH9u5
yTR5KUs5LQhDyMbewQF7fdmikYx4OvQ4pXtLEhgqW3eQ0oQqtdj5zmweRwjdEYsw
QY0NDclHZrzDE7ELl0MZDBSBEXv6AuSxm4USFZ0Epkxn7bzeOJCC4haKhXM0UtyQ
PLQHfi0ou7AX14fwZ9px7Cg1r+5QV322IYEfaslgRFimgR5qlh1W1RubAd+4TUMB
cSSNN/qsQsv+SkdulNL+6oPjkYfOBbfn+d7ltxjOSqm8b5Z/dD94tQ6CkiV7NHiI
d2n0g3tlCpubB9DGwVWUpuco+8HpcbGNnwXzpR9dEy4738A84ZaEwMueEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAU8XM1rC5/It5cTiIcRbaXTZndOMB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvQlR4Y3pXc0xuOGkzbHhPSWh4RnRwZE5tZDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJd1QAwQA
LQsWMA0GCSqGSIb3DQEBCwUAA4IBAQCidE494WZOiTceaIEFzakrygK47Hb57oCw
ADMls26YYQXr1Ls6bWWG+LrfUl8CWaTlXziNP5Qki15RHsvRFBxGL0ShjGkefzuY
bWkXpD4LcI+9UvNwuopDMJY9EtJ4W18DiFgWcKuc50tJYrV0gpqbbP6uZxPZUILe
mVD92/aTu75C7DDcNiiBjEDtVFQ5Az3BXh930lnfX4zZOG4ozwYzTZEBxJ10pm+W
s9oX/fg7TLlYPuO1aFZcCME3vnsrD7DT2jY7ihHGhKhK/DD20L9MowAcUBk1uOwz
eVkYknB/iMS2kisjkno7/nTMmqa5DxQw/XiDEMD5ofY/ciq5sRjz
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:37 2024 by rpki-client on console-ams.rpki-client.org