Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/tw8h1zDHJ4sCqpNv7Bl0VNvw5WM.roa
File: tw8h1zDHJ4sCqpNv7Bl0VNvw5WM.roa (raw, json)
Hash identifier: MqL4isTF5iyfzzIfIO7IQ+5ejEzXgG10o0ytqS+iF5o=
Subject key identifier: B7:0F:21:D7:30:C7:27:8B:02:AA:93:6F:EC:19:74:54:DB:F0:E5:63
Certificate issuer: /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial: 01833D26819009DC08AA9B724D32284DE881
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/tw8h1zDHJ4sCqpNv7Bl0VNvw5WM.roa
Signing time: Wed 14 Sep 2022 17:57:57 +0000
ROA not before: Wed 14 Sep 2022 17:57:57 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 22773
IP address blocks: 45.146.192.0/22 maxlen: 22
45.146.60.0/22 maxlen: 22
2a10:6080::/29 maxlen: 29
2a10:6680::/29 maxlen: 29
2a10:5e80::/29 maxlen: 29
2a10:6480::/29 maxlen: 29
2a10:5f80::/29 maxlen: 29
2a10:6580::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:3d:26:81:90:09:dc:08:aa:9b:72:4d:32:28:4d:e8:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Validity
Not Before: Sep 14 17:57:57 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b70f21d730c7278b02aa936fec197454dbf0e563
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:ef:f9:63:ed:e5:ca:68:37:df:d8:89:bf:24:
63:f2:5a:f3:db:da:62:e6:50:0f:ba:e6:7c:cd:eb:
f9:6d:58:09:2a:98:7a:16:d5:e0:ac:0e:40:e9:00:
c6:87:46:e1:a6:a0:17:89:f6:4f:01:a0:8d:40:1a:
6b:a0:74:ea:92:70:5d:ee:26:f9:2c:1f:45:56:96:
9e:b8:b8:bc:df:0f:3a:f1:02:42:24:90:25:bd:ea:
86:6b:c3:93:4f:99:8b:4c:58:42:e8:e6:a4:2d:8e:
5d:fb:5b:f0:97:45:05:be:3b:f0:1d:0c:e6:d9:2e:
65:6f:18:30:a5:4b:1f:cd:61:fa:67:17:93:72:21:
55:f4:55:2c:05:a6:44:31:d5:10:9e:99:15:c3:09:
0e:75:a2:05:8a:d6:73:46:4f:6c:98:a1:dd:c7:3c:
bf:d9:05:08:0a:dd:50:fc:6a:4e:22:1d:5f:72:ab:
a9:0e:06:2c:61:7d:98:fb:e1:1b:5c:11:87:1f:f2:
48:55:42:8f:02:38:cd:a3:2c:98:61:7c:26:c0:85:
37:8d:05:62:d0:67:cb:af:fa:10:ff:5f:5c:2e:a9:
2b:c7:53:79:7d:45:25:42:33:12:e1:ab:37:9c:86:
c3:ca:e1:13:95:21:88:a8:85:26:d5:10:ff:73:6b:
59:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:0F:21:D7:30:C7:27:8B:02:AA:93:6F:EC:19:74:54:DB:F0:E5:63
X509v3 Authority Key Identifier:
keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/tw8h1zDHJ4sCqpNv7Bl0VNvw5WM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.60.0/22
45.146.192.0/22
IPv6:
2a10:5e80::/29
2a10:5f80::/29
2a10:6080::/29
2a10:6480::/29
2a10:6580::/29
2a10:6680::/29
Signature Algorithm: sha256WithRSAEncryption
49:5b:f2:3f:3f:ae:ac:06:d2:11:15:3c:17:65:0c:78:5e:5a:
16:fa:0f:98:e3:98:40:53:82:3a:84:be:ea:b0:11:55:8d:c3:
40:53:51:84:e0:e2:50:78:38:f0:c1:ce:52:9c:d2:9b:b0:51:
79:b1:7c:34:e3:bb:02:dc:55:95:34:8c:7d:78:bb:6c:2c:4d:
94:ad:c1:8a:16:81:90:59:ae:5b:2e:a2:72:60:5c:70:a1:d6:
0d:8d:93:5d:cf:d6:65:06:fd:4b:fc:4d:5d:0d:7e:99:e2:13:
cb:ce:99:90:59:14:e1:73:bc:5f:ec:47:82:22:45:70:a3:ba:
0a:ef:67:25:3c:86:f0:86:ef:fd:08:20:53:d0:86:57:37:bf:
f3:e3:a8:b7:b8:39:2f:06:65:1a:9b:b1:f0:51:88:c1:60:92:
45:06:11:61:1a:3b:c3:85:76:aa:7c:bc:1c:83:b7:85:8b:6a:
17:da:07:bf:31:3f:ab:a7:73:05:ad:10:80:91:56:1e:e0:c2:
3e:f2:70:f2:73:0a:5f:8f:ea:49:d6:46:a2:5d:0a:c5:4d:cb:
69:03:60:05:22:b1:43:e3:cb:a4:05:6f:04:7a:df:02:45:f2:
21:f9:0f:d7:88:3c:ea:d9:e2:b1:24:ad:a3:4e:ce:aa:8e:93:
0f:ee:5b:c1
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYM9JoGQCdwIqptyTTIoTeiBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjIwOTE0MTc1NzU3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzBmMjFkNzMwYzcyNzhiMDJhYTkzNmZlYzE5NzQ1NGRiZjBlNTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiO/5Y+3lymg339iJvyRj8lrz29pi
5lAPuuZ8zev5bVgJKph6FtXgrA5A6QDGh0bhpqAXifZPAaCNQBproHTqknBd7ib5
LB9FVpaeuLi83w868QJCJJAlveqGa8OTT5mLTFhC6OakLY5d+1vwl0UFvjvwHQzm
2S5lbxgwpUsfzWH6ZxeTciFV9FUsBaZEMdUQnpkVwwkOdaIFitZzRk9smKHdxzy/
2QUICt1Q/GpOIh1fcqupDgYsYX2Y++EbXBGHH/JIVUKPAjjNoyyYYXwmwIU3jQVi
0GfLr/oQ/19cLqkrx1N5fUUlQjMS4as3nIbDyuETlSGIqIUm1RD/c2tZjwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFLcPIdcwxyeLAqqTb+wZdFTb8OVjMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvdHc4aDF6REhKNHNDcXBOdjdCbDBWTnZ3NVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjASBAIAATAMAwQCLZI8AwQC
LZLAMDAEAgACMCoDBQMqEF6AAwUDKhBfgAMFAyoQYIADBQMqEGSAAwUDKhBlgAMF
AyoQZoAwDQYJKoZIhvcNAQELBQADggEBAElb8j8/rqwG0hEVPBdlDHheWhb6D5jj
mEBTgjqEvuqwEVWNw0BTUYTg4lB4OPDBzlKc0puwUXmxfDTjuwLcVZU0jH14u2ws
TZStwYoWgZBZrlsuonJgXHCh1g2Nk13P1mUG/Uv8TV0NfpniE8vOmZBZFOFzvF/s
R4IiRXCjugrvZyU8hvCG7/0IIFPQhlc3v/PjqLe4OS8GZRqbsfBRiMFgkkUGEWEa
O8OFdqp8vByDt4WLahfaB78xP6uncwWtEICRVh7gwj7ycPJzCl+P6knWRqJdCsVN
y2kDYAUisUPjy6QFbwR63wJF8iH5D9eIPOrZ4rEkraNOzqqOkw/uW8E=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:02 2023 by rpki-client on console-fra.rpki-client.org