Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/bzJhhkKbVNV2p_ZA0iFHzUpMXik.roa
File: bzJhhkKbVNV2p_ZA0iFHzUpMXik.roa (raw, json)
Hash identifier: H5aKNHbF3+Yjx22kOBy+8PxM3xVhYg+ZDpRImAna1pg=
Subject key identifier: 6F:32:61:86:42:9B:54:D5:76:A7:F6:40:D2:21:47:CD:4A:4C:5E:29
Certificate issuer: /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial: 018CC9BC4466D9500F6379C9BA4F64CE75BE
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/bzJhhkKbVNV2p_ZA0iFHzUpMXik.roa
Signing time: Tue 02 Jan 2024 10:33:27 +0000
ROA not before: Tue 02 Jan 2024 10:33:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202656
IP address blocks: 45.138.156.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:44:66:d9:50:0f:63:79:c9:ba:4f:64:ce:75:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Validity
Not Before: Jan 2 10:33:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6f326186429b54d576a7f640d22147cd4a4c5e29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:17:fc:6e:56:d9:44:bd:79:a5:63:63:93:67:
40:88:20:03:ca:a3:ce:0f:09:5c:f7:d0:c7:52:ad:
c2:c2:27:e9:06:c7:b3:e5:80:82:60:78:78:fc:ea:
fd:98:d6:99:88:10:70:a4:55:77:f1:bb:ea:dd:96:
94:2a:2e:7f:4b:b0:ae:d7:91:be:e7:ee:2a:b7:0a:
a0:b9:30:91:58:31:ce:74:a7:15:ab:b1:0b:ae:30:
46:a4:fa:3f:ec:bb:88:5e:ad:24:ec:c9:9d:ba:1b:
1b:01:8a:ec:74:2b:63:e5:63:15:67:4a:c4:b6:54:
5c:f2:5e:8a:18:d0:a3:76:6b:16:c3:ff:e9:f6:2f:
69:54:18:fd:d3:50:d4:27:ff:47:36:a2:d4:b4:68:
8d:4d:46:28:42:23:41:e6:cb:cd:a2:cb:d0:80:84:
3f:d5:32:dc:c5:d6:bf:84:6f:4d:73:34:21:41:89:
f0:ca:a3:cf:b5:e9:ff:35:ac:41:5c:eb:c8:e2:3e:
7a:c3:7a:d7:6b:e3:24:7a:95:8c:80:55:df:74:b1:
d3:ae:01:19:99:ff:03:52:3a:87:d4:eb:15:b7:50:
cd:af:a7:04:12:96:9e:5c:3f:3c:1e:b2:88:20:60:
6c:b0:cf:0a:47:fd:c9:8c:1f:65:bf:56:d9:05:45:
7c:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:32:61:86:42:9B:54:D5:76:A7:F6:40:D2:21:47:CD:4A:4C:5E:29
X509v3 Authority Key Identifier:
keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/bzJhhkKbVNV2p_ZA0iFHzUpMXik.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.138.156.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:53:9e:69:09:38:0f:b8:52:28:9d:0a:b3:7c:19:2f:a9:d4:
c5:e3:d6:0f:68:00:b8:8a:55:6f:e1:40:1e:44:05:af:8b:95:
50:ad:18:d0:5d:bd:76:ab:40:ce:9a:4e:c2:45:e6:31:0e:58:
57:cc:34:15:c2:c7:cf:a3:6a:58:38:0c:83:86:86:5a:0a:bb:
86:b2:e9:0c:b0:4f:8f:37:d7:5e:9d:f4:5a:df:74:0a:d0:eb:
61:6d:fb:32:26:2d:b5:fc:ad:58:ab:58:ec:d2:97:a2:5f:73:
9c:73:53:b1:36:e6:66:28:7c:39:dc:61:96:b2:dc:8d:79:8d:
5d:f4:2d:fa:94:4c:10:a6:e2:8b:52:18:97:57:5e:a5:82:f2:
ff:be:28:e0:3c:e7:fa:f4:1a:eb:97:42:08:c4:2c:e7:ba:fe:
e5:64:32:11:1a:8d:26:f5:da:15:a1:4b:79:f7:2c:94:05:8e:
56:f5:0f:14:ed:2d:2f:a4:3f:5b:1a:c7:0e:63:b1:31:fb:dd:
bf:c5:ed:e9:e5:1b:5d:70:4d:b4:90:a1:75:12:4b:36:54:22:
fd:02:6b:1d:7d:0b:3c:64:ea:fa:fd:5a:a6:ce:ee:9d:d4:21:
c4:b0:5b:1d:31:30:2c:22:fe:0a:ad:55:90:5e:4e:2a:f1:df:
24:56:0c:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvERm2VAPY3nJuk9kznW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwMTAyMTAzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjMyNjE4NjQyOWI1NGQ1NzZhN2Y2NDBkMjIxNDdjZDRhNGM1ZTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRf8blbZRL15pWNjk2dAiCADyqPO
Dwlc99DHUq3CwifpBsez5YCCYHh4/Or9mNaZiBBwpFV38bvq3ZaUKi5/S7Cu15G+
5+4qtwqguTCRWDHOdKcVq7ELrjBGpPo/7LuIXq0k7MmduhsbAYrsdCtj5WMVZ0rE
tlRc8l6KGNCjdmsWw//p9i9pVBj901DUJ/9HNqLUtGiNTUYoQiNB5svNosvQgIQ/
1TLcxda/hG9NczQhQYnwyqPPten/NaxBXOvI4j56w3rXa+MkepWMgFXfdLHTrgEZ
mf8DUjqH1OsVt1DNr6cEEpaeXD88HrKIIGBssM8KR/3JjB9lv1bZBUV8lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8yYYZCm1TVdqf2QNIhR81KTF4pMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvYnpKaGhrS2JWTlYycF9aQTBpRkh6VXBNWGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYqcMA0G
CSqGSIb3DQEBCwUAA4IBAQBaU55pCTgPuFIonQqzfBkvqdTF49YPaAC4ilVv4UAe
RAWvi5VQrRjQXb12q0DOmk7CReYxDlhXzDQVwsfPo2pYOAyDhoZaCruGsukMsE+P
N9denfRa33QK0OthbfsyJi21/K1Yq1js0peiX3Occ1OxNuZmKHw53GGWstyNeY1d
9C36lEwQpuKLUhiXV16lgvL/vijgPOf69Brrl0IIxCznuv7lZDIRGo0m9doVoUt5
9yyUBY5W9Q8U7S0vpD9bGscOY7Ex+92/xe3p5RtdcE20kKF1Eks2VCL9AmsdfQs8
ZOr6/Vqmzu6d1CHEsFsdMTAsIv4KrVWQXk4q8d8kVgzD
-----END CERTIFICATE-----
Generated at Thu Feb 22 18:05:49 2024 by rpki-client on console-fra.rpki-client.org