Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/usdimstwfKvIPwk_4Bc5npNvXlc.roa
File: usdimstwfKvIPwk_4Bc5npNvXlc.roa (raw, json)
Hash identifier: N9vVOgke0XpNQhfeegYuxPJxj5IPjJwlxKOTbISeoWo=
Subject key identifier: BA:C7:62:9A:CB:70:7C:AB:C8:3F:09:3F:E0:17:39:9E:93:6F:5E:57
Certificate issuer: /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial: 018D4B883C2943E9656BFBC860631FDC84A4
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/usdimstwfKvIPwk_4Bc5npNvXlc.roa
Signing time: Sat 27 Jan 2024 15:27:15 +0000
ROA not before: Sat 27 Jan 2024 15:27:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43754
IP address blocks: 45.159.148.0/24 maxlen: 24
2a05:9080:2::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:4b:88:3c:29:43:e9:65:6b:fb:c8:60:63:1f:dc:84:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Validity
Not Before: Jan 27 15:27:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bac7629acb707cabc83f093fe017399e936f5e57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:3f:70:ee:4b:0e:95:5d:1e:c5:4d:e3:78:b6:
27:55:29:7f:c7:31:28:62:bf:78:b4:6f:59:64:a7:
4e:48:46:bb:dd:5c:99:5c:ff:bf:b0:8a:24:80:8a:
fe:15:62:c5:e7:41:9c:95:ac:b7:70:f9:9b:5e:f4:
17:05:0d:e2:19:14:3c:0c:82:dc:df:2c:41:99:7f:
19:95:60:0e:6d:52:b4:bd:d6:0e:3a:a3:87:09:2b:
df:16:e0:02:bc:8f:f3:6a:1c:a9:fa:5b:ed:16:52:
fa:63:70:ba:e5:2e:6d:38:94:92:ce:b2:10:03:e2:
88:22:89:0a:25:2b:78:f0:0c:df:b4:d3:4c:ab:14:
ce:b5:51:5c:c8:c9:38:64:bd:34:b3:57:85:76:71:
67:62:d4:ce:bd:77:20:01:88:79:ef:b4:7a:55:92:
6b:4a:30:21:a1:12:8c:10:09:03:fa:64:22:f6:c4:
6e:50:31:2e:45:80:a3:af:75:11:96:10:86:e4:52:
e3:c3:d8:61:2b:b1:2a:8f:2e:fc:b9:03:2c:a2:01:
57:eb:d5:f2:f3:d0:20:5d:fb:dc:82:49:1a:74:ca:
7a:84:53:6d:91:9a:39:56:a4:3c:a9:d5:87:6c:6a:
c2:ad:09:ff:7d:23:ea:f4:f6:c1:23:a4:08:e1:1c:
ce:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:C7:62:9A:CB:70:7C:AB:C8:3F:09:3F:E0:17:39:9E:93:6F:5E:57
X509v3 Authority Key Identifier:
keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/usdimstwfKvIPwk_4Bc5npNvXlc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.148.0/24
IPv6:
2a05:9080:2::/48
Signature Algorithm: sha256WithRSAEncryption
45:20:c2:f7:73:27:db:f7:4f:4e:d6:a8:1a:5d:5b:15:fc:aa:
67:87:30:0b:29:d5:03:81:4a:e8:af:23:d9:e4:24:a9:dd:13:
6a:77:13:b4:66:f7:17:e9:ad:52:98:61:9b:c6:dd:00:74:9a:
b3:73:1a:e9:26:dd:21:31:2f:e6:9b:53:53:5c:58:a6:e0:ef:
6d:e2:8f:4b:34:a7:87:bf:d1:b4:61:a1:c0:39:6d:23:ac:76:
af:3d:e7:29:fa:75:71:34:63:2a:05:24:ee:49:16:e8:1a:93:
19:7c:a2:da:df:ce:1b:1a:48:bf:32:d5:8c:79:7f:fd:a6:2e:
95:d8:d5:ee:89:6a:68:d4:26:f2:29:6c:2f:6f:5f:53:b6:af:
46:bf:62:8c:c3:f3:00:c5:43:11:cd:cf:ce:b4:24:4c:fd:19:
fd:c2:27:1e:f3:1a:e5:e4:12:8c:3b:dc:d3:f5:ed:85:d4:96:
7d:ce:2c:b1:09:2b:9c:90:d0:27:bd:12:8f:45:58:b2:b6:46:
1d:60:1b:8f:6d:95:e6:cc:fd:4f:f3:c6:8d:d6:7f:bf:2d:8f:
04:07:66:2d:e2:8e:a4:82:e6:35:b3:ae:dd:46:ba:fe:6c:bb:
ed:39:cc:b5:f5:c7:7d:4f:8d:3a:5a:f5:37:b9:18:10:0f:61:
5e:ad:83:42
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY1LiDwpQ+lla/vIYGMf3ISkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQwMTI3MTUyNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWM3NjI5YWNiNzA3Y2FiYzgzZjA5M2ZlMDE3Mzk5ZTkzNmY1ZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj9w7ksOlV0exU3jeLYnVSl/xzEo
Yr94tG9ZZKdOSEa73VyZXP+/sIokgIr+FWLF50Gclay3cPmbXvQXBQ3iGRQ8DILc
3yxBmX8ZlWAObVK0vdYOOqOHCSvfFuACvI/zahyp+lvtFlL6Y3C65S5tOJSSzrIQ
A+KIIokKJSt48AzftNNMqxTOtVFcyMk4ZL00s1eFdnFnYtTOvXcgAYh577R6VZJr
SjAhoRKMEAkD+mQi9sRuUDEuRYCjr3URlhCG5FLjw9hhK7Eqjy78uQMsogFX69Xy
89AgXfvcgkkadMp6hFNtkZo5VqQ8qdWHbGrCrQn/fSPq9PbBI6QI4RzOTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLrHYprLcHyryD8JP+AXOZ6Tb15XMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvdXNkaW1zdHdmS3ZJUHdrXzRCYzVucE52WGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZ+UMA8E
AgACMAkDBwAqBZCAAAIwDQYJKoZIhvcNAQELBQADggEBAEUgwvdzJ9v3T07WqBpd
WxX8qmeHMAsp1QOBSuivI9nkJKndE2p3E7Rm9xfprVKYYZvG3QB0mrNzGukm3SEx
L+abU1NcWKbg723ij0s0p4e/0bRhocA5bSOsdq895yn6dXE0YyoFJO5JFugakxl8
otrfzhsaSL8y1Yx5f/2mLpXY1e6JamjUJvIpbC9vX1O2r0a/YozD8wDFQxHNz860
JEz9Gf3CJx7zGuXkEow73NP17YXUln3OLLEJK5yQ0Ce9Eo9FWLK2Rh1gG49tlebM
/U/zxo3Wf78tjwQHZi3ijqSC5jWzrt1Guv5su+05zLX1x31PjTpa9Te5GBAPYV6t
g0I=
-----END CERTIFICATE-----
Generated at Tue May 14 16:18:17 2024 by rpki-client on console-fra.rpki-client.org