Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/wrw7bFiUQOyiR_3By88v5zUqGV0.roa
File: wrw7bFiUQOyiR_3By88v5zUqGV0.roa (raw, json)
Hash identifier: WONyg0CjiG79jb4y7d/lJUFLMF535G+szKfnPkkud3s=
Subject key identifier: C2:BC:3B:6C:58:94:40:EC:A2:47:FD:C1:CB:CF:2F:E7:35:2A:19:5D
Certificate issuer: /CN=d24f497d157847005336b777361b1d20905c5213
Certificate serial: 018CC56E9AEDAA543412AF9C28C7806B5BD6
Authority key identifier: D2:4F:49:7D:15:78:47:00:53:36:B7:77:36:1B:1D:20:90:5C:52:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0k9JfRV4RwBTNrd3NhsdIJBcUhM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/wrw7bFiUQOyiR_3By88v5zUqGV0.roa
Signing time: Mon 01 Jan 2024 14:30:09 +0000
ROA not before: Mon 01 Jan 2024 14:30:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208431
IP address blocks: 45.136.222.0/24 maxlen: 24
45.136.220.0/23 maxlen: 24
2a0e:9b41::/32 maxlen: 48
2a0e:9b40::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:9a:ed:aa:54:34:12:af:9c:28:c7:80:6b:5b:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d24f497d157847005336b777361b1d20905c5213
Validity
Not Before: Jan 1 14:30:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c2bc3b6c589440eca247fdc1cbcf2fe7352a195d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:db:87:11:4f:65:c7:27:6e:9c:2a:11:43:b8:
58:57:34:30:f4:6f:50:c9:b7:19:bf:01:9d:ad:fd:
13:d2:79:ac:91:96:a6:89:2a:4e:d1:76:13:99:4d:
5d:ac:47:42:41:00:ef:27:1c:5b:ba:95:20:c0:04:
c4:16:1e:5e:ae:d5:11:94:d5:f9:80:f8:ef:7a:ce:
4e:93:0d:ea:3c:15:32:8b:cb:02:44:db:5d:ea:5a:
0b:82:e7:5f:20:9d:20:2a:7a:75:f4:80:9f:1d:48:
1d:99:4c:e3:01:05:2c:4f:91:f6:f1:42:5e:9e:79:
86:fa:a5:d5:4b:f7:e3:9b:a3:b0:bd:25:0f:53:81:
57:47:22:fe:ba:b6:e2:e0:9e:0d:0e:6e:48:87:a9:
23:02:9e:08:b8:c7:ef:ca:d6:0d:e8:04:f4:d8:5a:
32:c5:c0:b0:20:02:3b:a5:b8:f4:0e:c6:0c:7c:d6:
18:a5:d1:7c:cd:1d:cf:0e:6a:87:fd:65:99:24:a7:
28:17:19:11:e8:69:7b:8b:4e:3e:65:f4:9d:1c:d1:
ae:c6:fb:b6:42:3a:98:5a:38:c4:f7:e1:5f:06:c8:
0b:d8:dd:45:5d:28:e1:05:ab:84:52:4b:e4:f1:c7:
d1:df:cc:ba:43:d2:cd:b7:43:fb:75:60:87:84:5c:
42:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:BC:3B:6C:58:94:40:EC:A2:47:FD:C1:CB:CF:2F:E7:35:2A:19:5D
X509v3 Authority Key Identifier:
keyid:D2:4F:49:7D:15:78:47:00:53:36:B7:77:36:1B:1D:20:90:5C:52:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0k9JfRV4RwBTNrd3NhsdIJBcUhM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/wrw7bFiUQOyiR_3By88v5zUqGV0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cf3ca3-1cd7-4312-ba73-83c8596229fa/1/0k9JfRV4RwBTNrd3NhsdIJBcUhM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.136.220.0-45.136.222.255
IPv6:
2a0e:9b40::/31
Signature Algorithm: sha256WithRSAEncryption
58:6b:02:86:e3:e3:88:95:3c:77:bc:a7:96:5f:08:c8:6c:ab:
0b:f0:8b:da:f1:1b:11:da:90:23:73:eb:c7:98:af:7a:3c:56:
f4:ed:28:c9:ce:12:41:a7:9e:e1:de:c0:6b:f3:69:b4:c0:78:
1f:40:0a:99:8d:35:e4:13:01:1e:bd:81:28:a6:cc:df:09:ab:
b7:37:01:70:3f:32:e3:0f:6d:81:81:af:a6:70:a6:d4:8a:50:
b1:25:f9:12:a9:41:ee:85:90:f4:36:11:8f:77:8e:9b:f8:04:
72:59:d9:0d:31:25:d2:13:6a:bf:c0:ce:56:26:03:6d:d6:76:
cc:97:1b:00:1c:08:c7:e1:6c:c0:e7:15:1f:7e:7a:5f:f1:3b:
46:c3:49:30:cd:71:95:3b:e6:77:84:fa:74:3e:0a:c6:e6:1d:
de:c5:1a:5c:68:53:e4:62:28:5e:ef:9c:00:f6:38:97:ef:32:
f7:01:f4:22:d6:fc:2f:30:20:86:d3:8d:48:59:41:d2:6b:e4:
2b:90:1e:85:f3:e2:1e:85:c2:bd:0d:56:da:bb:5c:84:de:cb:
43:f8:0e:aa:9a:5c:ab:40:e3:61:c1:ee:b8:9e:ed:23:33:6a:
9e:7e:4d:52:a3:17:4e:ee:e8:35:3f:b2:d8:0e:68:6f:a3:f9:
36:d2:2d:51
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzFbprtqlQ0Eq+cKMeAa1vWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNGY0OTdkMTU3ODQ3MDA1MzM2Yjc3NzM2MWIxZDIwOTA1
YzUyMTMwHhcNMjQwMTAxMTQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmJjM2I2YzU4OTQ0MGVjYTI0N2ZkYzFjYmNmMmZlNzM1MmExOTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0duHEU9lxydunCoRQ7hYVzQw9G9Q
ybcZvwGdrf0T0nmskZamiSpO0XYTmU1drEdCQQDvJxxbupUgwATEFh5ertURlNX5
gPjves5Okw3qPBUyi8sCRNtd6loLgudfIJ0gKnp19ICfHUgdmUzjAQUsT5H28UJe
nnmG+qXVS/fjm6OwvSUPU4FXRyL+urbi4J4NDm5Ih6kjAp4IuMfvytYN6AT02Foy
xcCwIAI7pbj0DsYMfNYYpdF8zR3PDmqH/WWZJKcoFxkR6Gl7i04+ZfSdHNGuxvu2
QjqYWjjE9+FfBsgL2N1FXSjhBauEUkvk8cfR38y6Q9LNt0P7dWCHhFxCgwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMK8O2xYlEDsokf9wcvPL+c1KhldMB8GA1UdIwQY
MBaAFNJPSX0VeEcAUza3dzYbHSCQXFITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGs5SmZSVjRSd0JUTnJkM05oc2RJSkJjVWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9jZjNjYTMtMWNkNy00MzEyLWJhNzMt
ODNjODU5NjIyOWZhLzEvd3J3N2JGaVVRT3lpUl8zQnk4OHY1elVxR1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9jZjNjYTMtMWNkNy00MzEyLWJhNzMtODNjODU5NjIyOWZh
LzEvMGs5SmZSVjRSd0JUTnJkM05oc2RJSkJjVWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAItiNwD
BAAtiN4wDQQCAAIwBwMFASoOm0AwDQYJKoZIhvcNAQELBQADggEBAFhrAobj44iV
PHe8p5ZfCMhsqwvwi9rxGxHakCNz68eYr3o8VvTtKMnOEkGnnuHewGvzabTAeB9A
CpmNNeQTAR69gSimzN8Jq7c3AXA/MuMPbYGBr6ZwptSKULEl+RKpQe6FkPQ2EY93
jpv4BHJZ2Q0xJdITar/AzlYmA23WdsyXGwAcCMfhbMDnFR9+el/xO0bDSTDNcZU7
5neE+nQ+CsbmHd7FGlxoU+RiKF7vnAD2OJfvMvcB9CLW/C8wIIbTjUhZQdJr5CuQ
HoXz4h6Fwr0NVtq7XITey0P4DqqaXKtA42HB7rie7SMzap5+TVKjF07u6DU/stgO
aG+j+TbSLVE=
-----END CERTIFICATE-----
Generated at Thu May 2 16:58:44 2024 by rpki-client on console-fra.rpki-client.org