Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/ffc311-3110-47f5-8c4f-0c9f76a34005/1/cEZTJcU-O0RWCkb0myWuOIm1wAM.roa
File: cEZTJcU-O0RWCkb0myWuOIm1wAM.roa (raw, json)
Hash identifier: Z6WvcRK6AzQA+MHJCWb2K4/IrzrjrBrNNjFA0H19ekI=
Subject key identifier: 70:46:53:25:C5:3E:3B:44:56:0A:46:F4:9B:25:AE:38:89:B5:C0:03
Certificate issuer: /CN=7d47d63346951d9316bbc2578645b5eae24531b9
Certificate serial: 01856CEF292E567E39C53A0EEF6128F1017A
Authority key identifier: 7D:47:D6:33:46:95:1D:93:16:BB:C2:57:86:45:B5:EA:E2:45:31:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fUfWM0aVHZMWu8JXhkW16uJFMbk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/ffc311-3110-47f5-8c4f-0c9f76a34005/1/cEZTJcU-O0RWCkb0myWuOIm1wAM.roa
Signing time: Sun 01 Jan 2023 10:44:51 +0000
ROA not before: Sun 01 Jan 2023 10:44:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62455
IP address blocks: 45.11.168.0/22 maxlen: 24
185.182.72.0/22 maxlen: 24
185.205.228.0/22 maxlen: 24
2a0b:bc0::/29 maxlen: 48
2a0a:e780::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ef:29:2e:56:7e:39:c5:3a:0e:ef:61:28:f1:01:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d47d63346951d9316bbc2578645b5eae24531b9
Validity
Not Before: Jan 1 10:44:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=70465325c53e3b44560a46f49b25ae3889b5c003
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:80:d5:e4:87:93:ab:5f:50:e9:11:34:c9:0b:
84:bb:41:7d:4f:64:3c:62:1e:35:66:7c:ec:ec:19:
86:26:5a:24:8f:e7:25:70:d4:41:26:f5:29:4c:d2:
fe:82:50:cd:6b:6d:63:62:f8:a2:2c:c7:ac:4b:00:
ee:c5:72:d3:da:db:11:89:09:a8:6f:5f:a5:ba:d8:
50:0f:2e:f4:c6:44:3f:3e:28:91:92:cd:96:2c:64:
25:71:de:c8:49:ee:fb:26:82:18:b0:1d:a3:a2:e3:
79:d9:07:69:4b:7c:41:83:e3:cd:09:c4:eb:60:3f:
5c:28:75:13:0a:a0:77:60:a5:11:81:c4:16:cc:7b:
34:74:95:d6:be:70:a3:5b:5f:ab:6a:70:90:0d:7e:
5c:93:4c:5b:b3:f6:e1:f4:12:ac:95:37:ae:a4:4d:
47:21:ff:c2:33:4c:41:10:6f:14:47:62:cd:06:68:
36:13:58:0d:a7:41:3e:53:2e:6b:bf:00:eb:6f:db:
fd:a8:42:d3:cb:58:2e:88:60:f9:a4:3a:12:32:8e:
18:40:6e:0c:35:91:64:18:18:5a:4e:b1:d9:f2:9f:
db:e0:51:45:3c:ef:ec:0f:ea:3b:dd:62:f2:6e:5a:
b7:1e:fe:77:0b:89:5c:a3:b2:85:1c:37:74:30:71:
bd:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:46:53:25:C5:3E:3B:44:56:0A:46:F4:9B:25:AE:38:89:B5:C0:03
X509v3 Authority Key Identifier:
keyid:7D:47:D6:33:46:95:1D:93:16:BB:C2:57:86:45:B5:EA:E2:45:31:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fUfWM0aVHZMWu8JXhkW16uJFMbk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/ffc311-3110-47f5-8c4f-0c9f76a34005/1/cEZTJcU-O0RWCkb0myWuOIm1wAM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/ffc311-3110-47f5-8c4f-0c9f76a34005/1/fUfWM0aVHZMWu8JXhkW16uJFMbk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.168.0/22
185.182.72.0/22
185.205.228.0/22
IPv6:
2a0a:e780::/29
2a0b:bc0::/29
Signature Algorithm: sha256WithRSAEncryption
4b:d0:10:48:67:a2:6b:8d:31:a1:63:9a:ed:f0:8e:7c:c1:9d:
4e:c3:eb:8d:20:20:d1:7b:7b:cb:c8:25:ee:56:39:76:5d:f8:
15:7c:38:53:39:f7:f0:1b:d1:fd:f5:12:03:37:69:ca:f8:ee:
88:a0:1a:28:b9:6d:30:38:e3:4d:5b:2e:97:54:c2:b7:66:21:
8f:87:5f:04:6d:29:08:7e:e6:1c:ff:d2:ad:23:b5:cb:06:5a:
11:ca:4c:c3:e3:a6:0b:e8:f9:5a:e7:3c:d1:b3:32:b2:db:aa:
4d:fb:cc:ed:1a:e5:ca:ec:1e:3d:38:3c:f0:31:5c:81:bf:b3:
8a:b3:d9:f9:87:8c:6a:7b:26:82:9c:62:74:d6:4f:04:87:68:
b0:06:bd:0c:ee:b2:7b:75:7c:6f:7e:60:fa:c9:dc:cf:01:df:
b0:96:f0:6d:22:32:c8:a3:c8:04:d2:17:7c:35:58:a3:6f:8e:
1c:5c:93:21:e6:04:b4:05:cb:aa:ca:3c:f3:e4:de:ce:74:49:
3d:27:57:61:17:73:57:21:f4:d5:90:76:79:99:8a:c3:0f:de:
0a:8d:08:e9:fe:19:87:8f:b0:9c:1e:b6:9f:71:a6:24:40:b4:
06:40:c4:4d:69:71:e2:aa:f2:5e:24:77:a2:74:6a:5a:be:17:
61:a8:d9:7d
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYVs7ykuVn45xToO72Eo8QF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNDdkNjMzNDY5NTFkOTMxNmJiYzI1Nzg2NDViNWVhZTI0
NTMxYjkwHhcNMjMwMTAxMTA0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDQ2NTMyNWM1M2UzYjQ0NTYwYTQ2ZjQ5YjI1YWUzODg5YjVjMDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYDV5IeTq19Q6RE0yQuEu0F9T2Q8
Yh41Znzs7BmGJlokj+clcNRBJvUpTNL+glDNa21jYviiLMesSwDuxXLT2tsRiQmo
b1+luthQDy70xkQ/PiiRks2WLGQlcd7ISe77JoIYsB2jouN52QdpS3xBg+PNCcTr
YD9cKHUTCqB3YKURgcQWzHs0dJXWvnCjW1+ranCQDX5ck0xbs/bh9BKslTeupE1H
If/CM0xBEG8UR2LNBmg2E1gNp0E+Uy5rvwDrb9v9qELTy1guiGD5pDoSMo4YQG4M
NZFkGBhaTrHZ8p/b4FFFPO/sD+o73WLyblq3Hv53C4lco7KFHDd0MHG9vQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFHBGUyXFPjtEVgpG9JslrjiJtcADMB8GA1UdIwQY
MBaAFH1H1jNGlR2TFrvCV4ZFteriRTG5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlVmV00wYVZIWk1XdThKWGhrVzE2dUpGTWJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZmMzMTEtMzExMC00N2Y1LThjNGYt
MGM5Zjc2YTM0MDA1LzEvY0VaVEpjVS1PMFJXQ2tiMG15V3VPSW0xd0FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZmMzMTEtMzExMC00N2Y1LThjNGYtMGM5Zjc2YTM0MDA1
LzEvZlVmV00wYVZIWk1XdThKWGhrVzE2dUpGTWJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCLQuoAwQC
ubZIAwQCuc3kMBQEAgACMA4DBQMqCueAAwUDKgsLwDANBgkqhkiG9w0BAQsFAAOC
AQEAS9AQSGeia40xoWOa7fCOfMGdTsPrjSAg0Xt7y8gl7lY5dl34FXw4Uzn38BvR
/fUSAzdpyvjuiKAaKLltMDjjTVsul1TCt2Yhj4dfBG0pCH7mHP/SrSO1ywZaEcpM
w+OmC+j5Wuc80bMystuqTfvM7RrlyuwePTg88DFcgb+zirPZ+YeMansmgpxidNZP
BIdosAa9DO6ye3V8b35g+snczwHfsJbwbSIyyKPIBNIXfDVYo2+OHFyTIeYEtAXL
qso88+TeznRJPSdXYRdzVyH01ZB2eZmKww/eCo0I6f4Zh4+wnB62n3GmJEC0BkDE
TWlx4qryXiR3onRqWr4XYajZfQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:54 2023 by rpki-client on console-fra.rpki-client.org