Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/BSXYwpKXCuJ4KTBfZHfp0-DBYcQ.roa
File: BSXYwpKXCuJ4KTBfZHfp0-DBYcQ.roa (raw, json)
Hash identifier: KWXZnq3cCUbf99tVKKbNoH2T244NlDspSLIixdL6Lwc=
Subject key identifier: 05:25:D8:C2:92:97:0A:E2:78:29:30:5F:64:77:E9:D3:E0:C1:61:C4
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 01892AF40A1E0446BD27F29877BDBEA2EEF8
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/BSXYwpKXCuJ4KTBfZHfp0-DBYcQ.roa
Signing time: Thu 06 Jul 2023 11:26:23 +0000
ROA not before: Thu 06 Jul 2023 11:26:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9123
IP address blocks: 45.153.71.0/24 maxlen: 24
45.153.70.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:2a:f4:0a:1e:04:46:bd:27:f2:98:77:bd:be:a2:ee:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Jul 6 11:26:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0525d8c292970ae27829305f6477e9d3e0c161c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:e8:3c:d2:4c:2b:4f:f3:e6:5d:ee:c3:d5:40:
22:c0:22:f0:bd:dd:84:7b:e2:af:41:f1:76:d8:d8:
77:f1:43:7f:7e:cc:7a:aa:59:ff:cd:b5:10:eb:16:
f9:1b:57:53:bb:f0:53:39:c9:00:d7:ae:f3:f8:01:
d5:7b:35:23:b9:52:61:1f:f2:33:2c:36:ec:ce:32:
89:db:c2:bc:e1:7b:08:9a:28:93:a2:23:5f:dc:bc:
e0:a2:79:c8:34:18:8d:77:83:0f:bc:34:cd:e3:47:
e5:ab:57:ad:cf:36:cf:9c:eb:25:cd:4e:85:cf:3f:
b9:d0:cc:31:da:24:c3:94:84:46:33:ef:68:ad:72:
e2:5d:29:8e:51:e1:43:f1:b3:90:97:e4:75:ed:56:
77:d7:e5:ca:b3:7d:6a:69:2a:57:2f:1e:f1:ef:3d:
fd:89:ce:94:59:14:ec:da:af:86:2e:39:8d:0a:f2:
77:22:9b:a3:bf:2a:74:6c:af:02:0c:98:81:79:a9:
94:c1:f8:88:40:1b:40:8a:16:8f:ea:2f:9e:d0:30:
43:ca:85:5e:55:d1:95:c8:35:8c:f1:c3:5c:2e:78:
ab:9c:40:36:45:a0:c3:5c:74:d1:bf:a9:c7:a5:c4:
65:3f:3f:b8:3f:95:a3:06:8f:e4:e5:f3:5f:e6:49:
fa:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:25:D8:C2:92:97:0A:E2:78:29:30:5F:64:77:E9:D3:E0:C1:61:C4
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/BSXYwpKXCuJ4KTBfZHfp0-DBYcQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.70.0/23
Signature Algorithm: sha256WithRSAEncryption
4f:31:9b:97:e6:31:9f:3f:1e:4f:b3:6f:8c:dc:32:f5:3b:a4:
8c:a9:cc:c6:92:cd:0e:ae:28:e1:4c:8e:fb:55:a0:59:99:50:
6e:fd:98:fe:8e:15:a6:d1:b0:2b:11:6b:6e:91:8f:f1:39:80:
62:d6:c4:7a:4e:b3:3a:c7:cb:ae:89:7e:c9:9f:9e:4f:92:a2:
99:68:3d:98:a7:fa:e1:2b:03:96:ef:d3:c8:d9:d9:83:6e:38:
b1:6a:40:70:ac:75:33:cc:26:88:63:dc:d0:6d:5a:b7:cf:de:
fe:22:c8:5a:12:0f:1e:e5:56:d5:0d:a5:44:eb:b4:85:06:58:
a7:a5:20:e5:71:59:54:7d:3f:25:60:92:7b:c9:9d:44:b9:64:
d7:90:66:eb:0e:13:a6:5d:b4:0c:8f:82:35:f3:63:db:e7:d4:
68:f7:00:81:1e:b5:93:aa:f8:f2:0a:92:23:99:55:95:b6:43:
b5:2c:b1:4b:78:eb:67:42:6b:b0:bc:6f:cb:7e:37:63:20:a1:
2c:b1:2d:47:57:3a:68:3f:0a:ba:7b:84:23:ed:8d:dc:f2:a2:
f0:d9:f9:db:6d:e7:a5:b1:c4:ab:a0:5f:88:60:5e:50:ed:1d:
9f:33:a3:3a:3a:71:96:3b:53:05:7f:16:80:f9:1f:43:14:c8:
68:80:ad:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYkq9AoeBEa9J/KYd72+ou74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwNzA2MTEyNjIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTI1ZDhjMjkyOTcwYWUyNzgyOTMwNWY2NDc3ZTlkM2UwYzE2MWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheg80kwrT/PmXe7D1UAiwCLwvd2E
e+KvQfF22Nh38UN/fsx6qln/zbUQ6xb5G1dTu/BTOckA167z+AHVezUjuVJhH/Iz
LDbszjKJ28K84XsImiiToiNf3LzgonnINBiNd4MPvDTN40flq1etzzbPnOslzU6F
zz+50Mwx2iTDlIRGM+9orXLiXSmOUeFD8bOQl+R17VZ31+XKs31qaSpXLx7x7z39
ic6UWRTs2q+GLjmNCvJ3Ipujvyp0bK8CDJiBeamUwfiIQBtAihaP6i+e0DBDyoVe
VdGVyDWM8cNcLnirnEA2RaDDXHTRv6nHpcRlPz+4P5WjBo/k5fNf5kn6NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUl2MKSlwrieCkwX2R36dPgwWHEMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvQlNYWXdwS1hDdUo0S1RCZlpIZnAwLURCWWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZlGMA0G
CSqGSIb3DQEBCwUAA4IBAQBPMZuX5jGfPx5Ps2+M3DL1O6SMqczGks0OrijhTI77
VaBZmVBu/Zj+jhWm0bArEWtukY/xOYBi1sR6TrM6x8uuiX7Jn55PkqKZaD2Yp/rh
KwOW79PI2dmDbjixakBwrHUzzCaIY9zQbVq3z97+IshaEg8e5VbVDaVE67SFBlin
pSDlcVlUfT8lYJJ7yZ1EuWTXkGbrDhOmXbQMj4I182Pb59Ro9wCBHrWTqvjyCpIj
mVWVtkO1LLFLeOtnQmuwvG/LfjdjIKEssS1HVzpoPwq6e4Qj7Y3c8qLw2fnbbeel
scSroF+IYF5Q7R2fM6M6OnGWO1MFfxaA+R9DFMhogK0O
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org