Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/2BOctr16PeIYk635D0_Kz3WuJu8.roa
File: 2BOctr16PeIYk635D0_Kz3WuJu8.roa (raw, json)
Hash identifier: x9CFsTSoqxargWfquSwEcbLfDiRxrfskkrvRwG1sv3o=
Subject key identifier: D8:13:9C:B6:BD:7A:3D:E2:18:93:AD:F9:0F:4F:CA:CF:75:AE:26:EF
Certificate issuer: /CN=c8d5e37178d8524c72660a1d796165999e586622
Certificate serial: 0184D1AC4CBA73A457738773C075850C922A
Authority key identifier: C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/2BOctr16PeIYk635D0_Kz3WuJu8.roa
Signing time: Fri 02 Dec 2022 07:10:40 +0000
ROA not before: Fri 02 Dec 2022 07:10:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 45.151.204.0/22 maxlen: 24
45.67.44.0/22 maxlen: 22
91.239.24.0/24 maxlen: 24
45.12.44.0/22 maxlen: 24
45.95.140.0/22 maxlen: 24
45.86.192.0/22 maxlen: 22
2.57.180.0/22 maxlen: 24
45.15.52.0/22 maxlen: 22
2.59.116.0/24 maxlen: 24
91.238.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:d1:ac:4c:ba:73:a4:57:73:87:73:c0:75:85:0c:92:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8d5e37178d8524c72660a1d796165999e586622
Validity
Not Before: Dec 2 07:10:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d8139cb6bd7a3de21893adf90f4fcacf75ae26ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:db:40:92:4e:bc:09:19:9b:46:7e:35:ed:6b:
87:22:79:37:9d:9f:e4:74:1f:24:ad:f4:fb:bc:d0:
78:c5:98:6b:1a:17:cc:fa:3a:cc:c1:dc:68:54:22:
bd:bb:a8:11:06:de:a3:f6:5e:09:fd:0e:a5:eb:db:
7d:07:db:84:92:f1:77:b3:f9:1f:a2:cb:d4:07:64:
76:63:39:4f:93:81:36:bc:8a:8a:be:0f:e7:f8:f0:
67:d5:50:43:d7:b5:1a:22:7c:d8:51:22:fa:fd:32:
c6:ea:62:c7:2a:30:5f:a3:7e:8d:2f:c8:d7:98:58:
12:3e:6d:a8:f4:e7:a4:59:80:f5:e7:e1:5b:d7:64:
25:f6:e1:17:b4:19:1e:41:2d:cc:77:c5:58:45:76:
06:43:ea:36:84:76:ff:99:71:3a:af:22:68:d3:03:
40:ed:d8:dd:b9:7f:5f:e5:a2:c7:7b:15:70:78:0f:
7d:44:c2:7f:bb:f9:c1:c6:d1:84:8b:a4:b3:ca:bf:
5c:6a:e7:42:d2:a3:4d:83:b4:9a:f4:93:ba:99:3f:
ab:15:34:f4:12:19:9d:b0:0c:66:c2:a2:35:cf:5d:
25:bb:f6:59:34:ec:2a:bd:e3:59:ff:d8:74:89:44:
fb:e8:05:40:f9:c7:e5:82:d9:57:34:96:cd:6f:ae:
17:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:13:9C:B6:BD:7A:3D:E2:18:93:AD:F9:0F:4F:CA:CF:75:AE:26:EF
X509v3 Authority Key Identifier:
keyid:C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/2BOctr16PeIYk635D0_Kz3WuJu8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.180.0/22
2.59.116.0/24
45.12.44.0/22
45.15.52.0/22
45.67.44.0/22
45.86.192.0/22
45.95.140.0/22
45.151.204.0/22
91.238.217.0/24
91.239.24.0/24
Signature Algorithm: sha256WithRSAEncryption
91:03:71:e4:be:6d:87:5d:7e:e6:2e:60:29:17:fc:c1:c6:48:
f0:6d:57:ac:71:9b:fa:cc:a9:99:b7:ea:23:e3:3a:b2:a4:42:
0f:39:4f:7d:be:8b:b7:e5:6f:08:14:3d:e6:13:65:0d:21:53:
0c:c3:19:3a:bf:6f:72:64:c0:ed:85:50:48:7a:b2:85:98:13:
24:f9:a7:ec:0d:b0:fe:4f:f6:44:f8:cd:98:82:d6:a7:c0:92:
cb:dc:27:1d:35:27:42:1f:43:2e:a2:ec:70:f2:e0:31:18:75:
f0:bc:d1:a5:68:89:f3:8b:2d:da:e8:80:e3:75:42:12:0e:cc:
ef:e4:d5:c2:41:ad:b0:6c:70:87:09:19:c8:e6:90:ce:81:bd:
3a:0a:e5:84:7a:2c:7e:f2:df:1a:03:1d:2a:09:61:06:f4:86:
c7:33:f2:fd:ab:21:ee:c9:2a:89:39:ee:22:72:b1:e0:d2:c0:
af:04:6d:03:7c:4f:03:df:34:67:e9:bb:8f:43:d6:80:b0:fe:
6d:5c:28:71:fc:a2:01:ee:ce:cc:e5:53:c7:95:91:b5:60:6e:
eb:28:95:35:c7:61:5e:11:76:7c:98:68:42:ea:72:f3:b5:61:
1d:89:bd:18:07:7c:14:a7:8c:5c:39:2d:06:3f:13:47:37:58:
e4:44:0a:dd
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYTRrEy6c6RXc4dzwHWFDJIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVlMzcxNzhkODUyNGM3MjY2MGExZDc5NjE2NTk5OWU1
ODY2MjIwHhcNMjIxMjAyMDcxMDQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODEzOWNiNmJkN2EzZGUyMTg5M2FkZjkwZjRmY2FjZjc1YWUyNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9tAkk68CRmbRn417WuHInk3nZ/k
dB8krfT7vNB4xZhrGhfM+jrMwdxoVCK9u6gRBt6j9l4J/Q6l69t9B9uEkvF3s/kf
osvUB2R2YzlPk4E2vIqKvg/n+PBn1VBD17UaInzYUSL6/TLG6mLHKjBfo36NL8jX
mFgSPm2o9OekWYD15+Fb12Ql9uEXtBkeQS3Md8VYRXYGQ+o2hHb/mXE6ryJo0wNA
7djduX9f5aLHexVweA99RMJ/u/nBxtGEi6Szyr9caudC0qNNg7Sa9JO6mT+rFTT0
EhmdsAxmwqI1z10lu/ZZNOwqveNZ/9h0iUT76AVA+cflgtlXNJbNb64X3QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNgTnLa9ej3iGJOt+Q9Pys91ribvMB8GA1UdIwQY
MBaAFMjV43F42FJMcmYKHXlhZZmeWGYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODIt
OWUwYWVkMmZiOGVjLzEvMkJPY3RyMTZQZUlZazYzNUQwX0t6M1d1SnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODItOWUwYWVkMmZiOGVj
LzEveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQCAjm0AwQA
Ajt0AwQCLQwsAwQCLQ80AwQCLUMsAwQCLVbAAwQCLV+MAwQCLZfMAwQAW+7ZAwQA
W+8YMA0GCSqGSIb3DQEBCwUAA4IBAQCRA3Hkvm2HXX7mLmApF/zBxkjwbVescZv6
zKmZt+oj4zqypEIPOU99vou35W8IFD3mE2UNIVMMwxk6v29yZMDthVBIerKFmBMk
+afsDbD+T/ZE+M2YgtanwJLL3CcdNSdCH0Muouxw8uAxGHXwvNGlaInziy3a6IDj
dUISDszv5NXCQa2wbHCHCRnI5pDOgb06CuWEeix+8t8aAx0qCWEG9IbHM/L9qyHu
ySqJOe4icrHg0sCvBG0DfE8D3zRn6buPQ9aAsP5tXChx/KIB7s7M5VPHlZG1YG7r
KJU1x2FeEXZ8mGhC6nLztWEdib0YB3wUp4xcOS0GPxNHN1jkRArd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:31 2024 by rpki-client on console-fra.rpki-client.org