Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/GyZFp7DJKJITF_yiMlFjUYuh0uU.roa
File: GyZFp7DJKJITF_yiMlFjUYuh0uU.roa (raw, json)
Hash identifier: n6UETmO4YeGT2Usj8Y0kjTA35+5lvBI3dm3MFVCvA5o=
Subject key identifier: 1B:26:45:A7:B0:C9:28:92:13:17:FC:A2:32:51:63:51:8B:A1:D2:E5
Certificate issuer: /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial: 018CC9BC42ACF70E1EC48DB294F4166EF599
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/GyZFp7DJKJITF_yiMlFjUYuh0uU.roa
Signing time: Tue 02 Jan 2024 10:33:27 +0000
ROA not before: Tue 02 Jan 2024 10:33:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34665
IP address blocks: 91.188.221.0/24 maxlen: 24
92.119.162.0/24 maxlen: 24
45.138.156.0/24 maxlen: 24
45.138.159.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:42:ac:f7:0e:1e:c4:8d:b2:94:f4:16:6e:f5:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Validity
Not Before: Jan 2 10:33:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1b2645a7b0c928921317fca2325163518ba1d2e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:1c:56:d6:44:3e:82:d4:af:52:db:6b:78:d7:
c4:a0:a5:2c:74:69:fa:ca:29:e4:1a:96:da:88:93:
2a:bf:aa:e8:30:76:ae:ac:70:a7:be:89:08:a5:59:
47:fa:9f:90:7d:92:83:5b:2d:88:b1:08:a5:e9:4d:
3e:5a:0a:90:a9:62:35:3f:96:bd:b2:85:ff:29:e4:
12:0e:93:5a:23:36:a8:35:aa:6d:96:6f:c5:d0:01:
23:e6:82:1c:be:67:5f:27:6f:04:2e:2e:79:23:95:
72:91:38:be:2f:d6:98:62:25:e1:52:57:e8:8f:ae:
e8:bb:be:61:3d:7b:1b:4d:c4:75:2d:57:18:3e:51:
26:9a:6e:1c:8b:63:96:29:e4:15:79:63:8c:6a:d3:
93:47:e8:5a:bb:91:e3:38:15:db:e6:af:05:dc:7f:
51:96:43:23:e9:c0:cb:88:6c:01:f9:f8:d1:b7:84:
64:b7:c0:c1:6c:d1:ff:13:a3:1e:a3:bb:11:7d:9f:
b5:cd:44:77:17:3f:17:3f:20:3f:d9:be:35:cc:aa:
ba:dd:a4:cd:b3:ab:cc:86:c3:ef:3a:dd:16:05:e2:
d1:b2:69:21:45:2a:b1:ee:25:dc:67:44:e5:94:be:
ba:34:6a:ee:d4:ee:8e:98:b3:95:e6:a1:5a:0c:67:
b8:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:26:45:A7:B0:C9:28:92:13:17:FC:A2:32:51:63:51:8B:A1:D2:E5
X509v3 Authority Key Identifier:
keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/GyZFp7DJKJITF_yiMlFjUYuh0uU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.138.156.0/24
45.138.159.0/24
91.188.221.0/24
92.119.162.0/24
Signature Algorithm: sha256WithRSAEncryption
82:4a:57:3d:72:ec:52:67:8f:0e:7c:c9:e0:d7:b0:bf:84:b1:
82:f3:79:ff:a4:a5:48:f5:2f:4c:63:50:df:79:19:7d:da:56:
02:90:4b:b1:f0:02:7e:06:2d:b8:e8:71:2e:10:ce:b0:2d:e8:
d6:16:02:5f:ad:8f:68:98:9d:5e:b5:61:d8:59:98:26:69:27:
95:2d:c0:31:df:1a:aa:e0:f2:98:53:66:88:57:d2:10:bb:79:
01:77:3f:15:ee:a5:ca:a3:cb:6d:13:5d:50:13:c1:cf:55:6d:
6d:76:f1:66:87:6a:89:62:b8:72:f1:1f:b3:29:a0:58:99:8d:
78:a8:1c:29:20:df:ac:ae:b7:3c:3a:90:fd:10:a9:75:87:6b:
e8:2e:cb:1f:c7:8b:45:55:8d:1c:6f:58:7a:a6:1c:ed:69:2a:
e3:c1:60:90:55:2c:e1:5b:dc:00:f5:c6:73:dd:af:58:46:81:
c9:2d:d2:a2:08:e7:4f:32:db:db:d0:cb:b4:d8:61:1b:0f:e2:
d5:dd:69:6f:ae:f9:a4:dc:6e:3c:12:2b:29:0d:79:64:e7:c6:
d2:3b:65:ca:6f:55:80:c2:31:f8:0c:9e:0a:99:83:fa:d8:b1:
af:cc:52:8e:c0:7c:0f:7c:e3:11:13:20:db:9b:e7:ed:15:a7:
9b:e3:ca:48
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzJvEKs9w4exI2ylPQWbvWZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwMTAyMTAzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjI2NDVhN2IwYzkyODkyMTMxN2ZjYTIzMjUxNjM1MThiYTFkMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhxW1kQ+gtSvUttreNfEoKUsdGn6
yinkGpbaiJMqv6roMHaurHCnvokIpVlH+p+QfZKDWy2IsQil6U0+WgqQqWI1P5a9
soX/KeQSDpNaIzaoNaptlm/F0AEj5oIcvmdfJ28ELi55I5VykTi+L9aYYiXhUlfo
j67ou75hPXsbTcR1LVcYPlEmmm4ci2OWKeQVeWOMatOTR+hau5HjOBXb5q8F3H9R
lkMj6cDLiGwB+fjRt4Rkt8DBbNH/E6Meo7sRfZ+1zUR3Fz8XPyA/2b41zKq63aTN
s6vMhsPvOt0WBeLRsmkhRSqx7iXcZ0TllL66NGru1O6OmLOV5qFaDGe4GwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBsmRaewySiSExf8ojJRY1GLodLlMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvR3laRnA3REpLSklURl95aU1sRmpVWXVoMHVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALYqcAwQA
LYqfAwQAW7zdAwQAXHeiMA0GCSqGSIb3DQEBCwUAA4IBAQCCSlc9cuxSZ48OfMng
17C/hLGC83n/pKVI9S9MY1DfeRl92lYCkEux8AJ+Bi246HEuEM6wLejWFgJfrY9o
mJ1etWHYWZgmaSeVLcAx3xqq4PKYU2aIV9IQu3kBdz8V7qXKo8ttE11QE8HPVW1t
dvFmh2qJYrhy8R+zKaBYmY14qBwpIN+srrc8OpD9EKl1h2voLssfx4tFVY0cb1h6
phztaSrjwWCQVSzhW9wA9cZz3a9YRoHJLdKiCOdPMtvb0Mu02GEbD+LV3Wlvrvmk
3G48EispDXlk58bSO2XKb1WAwjH4DJ4KmYP62LGvzFKOwHwPfOMREyDbm+ftFaeb
48pI
-----END CERTIFICATE-----
Generated at Thu Feb 22 18:05:49 2024 by rpki-client on console-fra.rpki-client.org