Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/VifrpnFOu3eRS4RDxnVw9KFBbKM.roa
File: VifrpnFOu3eRS4RDxnVw9KFBbKM.roa (raw, json)
Hash identifier: FvDQj7BhbY4qHcmVVL3bfpRv8H75PBMKj5WNm5wcuFU=
Subject key identifier: 56:27:EB:A6:71:4E:BB:77:91:4B:84:43:C6:75:70:F4:A1:41:6C:A3
Certificate issuer: /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial: 01856C6EFE298AE320725FBF2065ADF49593
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/VifrpnFOu3eRS4RDxnVw9KFBbKM.roa
Signing time: Sun 01 Jan 2023 08:24:51 +0000
ROA not before: Sun 01 Jan 2023 08:24:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44854
IP address blocks: 45.113.236.0/23 maxlen: 24
185.219.6.0/24 maxlen: 24
103.243.124.0/22 maxlen: 24
27.123.244.0/22 maxlen: 22
93.114.180.0/23 maxlen: 24
2a10:e300:35::/48 maxlen: 48
2a10:e300::/32 maxlen: 48
2a10:e300:26::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:6e:fe:29:8a:e3:20:72:5f:bf:20:65:ad:f4:95:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Validity
Not Before: Jan 1 08:24:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5627eba6714ebb77914b8443c67570f4a1416ca3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:1f:91:e1:87:b0:4b:f1:b5:b4:9a:c1:a4:72:
1c:68:a9:0b:2e:8e:1d:ca:35:e6:d8:50:e4:3b:3b:
94:3a:f0:68:cb:b3:80:49:76:d9:f6:e1:2d:61:30:
c7:24:a3:54:f0:55:31:d8:e6:65:ef:ad:b1:5d:3b:
ab:4d:a3:94:22:c6:bf:93:23:27:ce:a8:00:52:c0:
27:56:1d:66:c3:ab:c0:6a:69:38:8e:50:09:5c:77:
f9:c8:21:c4:35:ef:6e:15:dc:3d:75:87:d7:8a:9c:
fa:b5:f7:28:6c:0b:d9:50:da:0d:dd:cc:cd:b4:93:
0a:61:8b:df:41:63:f3:91:1c:03:de:ea:eb:96:a3:
90:ed:95:8e:d8:42:d2:54:b5:0f:0a:a8:b3:8a:fd:
b9:f1:ba:97:24:61:3d:29:51:03:e7:c6:cd:23:e5:
e4:ab:19:3e:20:54:e6:f5:ab:d7:8f:9b:7e:45:97:
76:84:2c:c0:da:7d:b4:42:9c:f6:63:1d:95:5a:13:
ec:a2:69:9a:1b:29:d7:20:c3:69:5a:f2:cd:cf:4a:
97:54:fa:ca:d5:81:46:65:44:2e:00:99:fa:cd:b2:
99:67:86:4b:11:96:68:bc:ad:8a:d8:2a:da:52:ef:
69:6e:01:16:59:08:c8:87:2e:df:9b:f9:30:be:f8:
d7:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:27:EB:A6:71:4E:BB:77:91:4B:84:43:C6:75:70:F4:A1:41:6C:A3
X509v3 Authority Key Identifier:
keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/VifrpnFOu3eRS4RDxnVw9KFBbKM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
27.123.244.0/22
45.113.236.0/23
93.114.180.0/23
103.243.124.0/22
185.219.6.0/24
IPv6:
2a10:e300::/32
Signature Algorithm: sha256WithRSAEncryption
83:df:6c:17:d0:5f:31:8d:cb:83:e1:46:0f:fa:a2:e8:be:00:
7e:0c:4f:6a:6e:a7:4a:0c:ac:4a:32:fc:9b:df:35:e6:4e:1f:
af:e3:a9:bb:6a:e4:72:e1:40:d9:8e:e5:c8:46:66:ab:53:89:
12:4f:90:35:a3:db:52:ae:63:1a:08:ef:5f:f8:9d:5d:b3:6f:
a8:16:f9:a4:25:62:7a:c6:0f:6e:15:ca:7c:25:9f:3b:e3:67:
6b:89:4e:a2:10:85:08:7d:1d:42:14:94:3a:71:3b:60:f1:52:
b4:8f:27:f1:53:07:b5:8a:5b:24:9b:33:df:8f:c2:84:c6:94:
fd:1f:84:36:2e:a4:38:42:9a:ac:45:47:78:d3:02:06:20:6e:
dc:d1:3e:b6:51:ad:d5:08:74:61:8e:fd:a0:6a:0a:5c:25:75:
60:79:c5:fb:af:ed:36:97:6e:30:a8:a6:da:f7:43:9a:c3:ef:
47:01:33:ae:18:9b:61:cd:ad:ea:cd:69:da:3c:e5:ae:78:0a:
a0:92:7a:c5:0f:55:88:13:98:93:98:ec:3e:2c:fc:c1:ce:29:
29:ee:26:c1:0d:50:af:d2:bc:8b:54:65:21:e4:d5:ce:43:e2:
54:d8:d2:9c:84:bb:e6:d8:ad:97:66:1c:33:5b:25:81:03:4d:
38:be:62:e3
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVsbv4piuMgcl+/IGWt9JWTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjMwMTAxMDgyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjI3ZWJhNjcxNGViYjc3OTE0Yjg0NDNjNjc1NzBmNGExNDE2Y2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4h+R4YewS/G1tJrBpHIcaKkLLo4d
yjXm2FDkOzuUOvBoy7OASXbZ9uEtYTDHJKNU8FUx2OZl762xXTurTaOUIsa/kyMn
zqgAUsAnVh1mw6vAamk4jlAJXHf5yCHENe9uFdw9dYfXipz6tfcobAvZUNoN3czN
tJMKYYvfQWPzkRwD3urrlqOQ7ZWO2ELSVLUPCqiziv258bqXJGE9KVED58bNI+Xk
qxk+IFTm9avXj5t+RZd2hCzA2n20Qpz2Yx2VWhPsommaGynXIMNpWvLNz0qXVPrK
1YFGZUQuAJn6zbKZZ4ZLEZZovK2K2CraUu9pbgEWWQjIhy7fm/kwvvjXswIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFFYn66ZxTrt3kUuEQ8Z1cPShQWyjMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvVmlmcnBuRk91M2VSUzRSRHhuVnc5S0ZCYktNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCG3v0AwQB
LXHsAwQBXXK0AwQCZ/N8AwQAudsGMA0EAgACMAcDBQAqEOMAMA0GCSqGSIb3DQEB
CwUAA4IBAQCD32wX0F8xjcuD4UYP+qLovgB+DE9qbqdKDKxKMvyb3zXmTh+v46m7
auRy4UDZjuXIRmarU4kST5A1o9tSrmMaCO9f+J1ds2+oFvmkJWJ6xg9uFcp8JZ87
42driU6iEIUIfR1CFJQ6cTtg8VK0jyfxUwe1ilskmzPfj8KExpT9H4Q2LqQ4Qpqs
RUd40wIGIG7c0T62Ua3VCHRhjv2gagpcJXVgecX7r+02l24wqKba90Oaw+9HATOu
GJthza3qzWnaPOWueAqgknrFD1WIE5iTmOw+LPzBzikp7ibBDVCv0ryLVGUh5NXO
Q+JU2NKchLvm2K2XZhwzWyWBA004vmLj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:09 2024 by rpki-client on console-fra.rpki-client.org