Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/yHL-VvFOLKCUxZrf8KdIsfGrnD8.roa
File: yHL-VvFOLKCUxZrf8KdIsfGrnD8.roa (raw, json)
Hash identifier: 0DJe21TpXGTNaPBhud026YCQza+zrAabi66zBL49sxI=
Subject key identifier: C8:72:FE:56:F1:4E:2C:A0:94:C5:9A:DF:F0:A7:48:B1:F1:AB:9C:3F
Certificate issuer: /CN=851c281f576b43a1cab953c92041ce9599270c78
Certificate serial: 01856E38A5AE28278656FA9DB6B104C1E7C7
Authority key identifier: 85:1C:28:1F:57:6B:43:A1:CA:B9:53:C9:20:41:CE:95:99:27:0C:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hRwoH1drQ6HKuVPJIEHOlZknDHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/yHL-VvFOLKCUxZrf8KdIsfGrnD8.roa
Signing time: Sun 01 Jan 2023 16:44:44 +0000
ROA not before: Sun 01 Jan 2023 16:44:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57793
IP address blocks: 45.83.168.0/22 maxlen: 24
2a0e:8380::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:38:a5:ae:28:27:86:56:fa:9d:b6:b1:04:c1:e7:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=851c281f576b43a1cab953c92041ce9599270c78
Validity
Not Before: Jan 1 16:44:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c872fe56f14e2ca094c59adff0a748b1f1ab9c3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:7e:88:c3:e6:88:31:a9:b2:52:8e:cc:fb:74:
90:c1:0e:43:3e:97:be:ef:5e:37:b9:c7:ae:72:77:
8c:82:a8:1b:60:35:a6:49:88:22:44:11:c0:81:be:
fa:22:98:cc:13:98:6f:04:ef:35:ea:63:e9:7e:e5:
81:44:d6:e1:2c:d8:31:25:fd:2f:57:50:da:41:c5:
d9:30:e3:3d:dc:bd:00:7f:2a:2a:0e:35:7a:a9:77:
65:96:00:6b:9d:ce:f0:4a:01:b5:16:b0:ab:d5:15:
34:1d:4f:80:e2:05:99:fb:d7:42:46:bc:42:18:f5:
e1:7e:55:91:2e:f8:59:eb:e0:5c:e6:86:f2:81:8a:
b7:1f:5b:24:c4:e7:55:3f:b4:7a:27:10:0b:d0:09:
24:71:3c:5b:24:8b:eb:e0:4e:99:1e:b9:12:6f:e2:
3f:fc:57:27:c7:54:f7:45:5f:ef:fa:2b:2a:af:4a:
25:cb:9c:81:b5:3a:64:d3:1b:86:d4:53:15:71:4a:
a6:e8:f0:5b:a6:a8:e3:34:f9:d9:26:83:dc:47:d3:
0f:26:0e:93:dd:78:72:10:43:ae:2e:98:76:06:07:
49:48:c4:74:ff:a3:8f:d9:18:dd:5d:eb:ca:bf:d6:
1e:81:8f:6f:de:0b:19:dc:f3:fd:71:7d:d5:b9:b4:
76:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:72:FE:56:F1:4E:2C:A0:94:C5:9A:DF:F0:A7:48:B1:F1:AB:9C:3F
X509v3 Authority Key Identifier:
keyid:85:1C:28:1F:57:6B:43:A1:CA:B9:53:C9:20:41:CE:95:99:27:0C:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hRwoH1drQ6HKuVPJIEHOlZknDHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/yHL-VvFOLKCUxZrf8KdIsfGrnD8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/hRwoH1drQ6HKuVPJIEHOlZknDHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.83.168.0/22
IPv6:
2a0e:8380::/29
Signature Algorithm: sha256WithRSAEncryption
be:3b:3c:de:73:0c:50:b9:ec:af:45:76:e2:2a:c3:8c:65:0c:
25:d6:b9:be:ef:83:40:af:7a:e2:56:2d:d7:c3:c4:cd:1e:fb:
db:6c:79:96:4f:f7:30:13:a7:85:ca:84:07:be:2d:8d:c4:08:
83:98:88:69:36:c7:a2:88:92:e3:c1:c1:5e:aa:ca:27:54:57:
47:01:3c:39:d2:85:9a:24:33:76:b4:d3:1f:fa:e7:a0:26:15:
19:0c:37:37:1d:05:dd:3c:f9:25:60:41:8e:2d:ae:f9:85:9d:
b9:db:88:06:a2:47:15:7f:61:a8:d2:ba:40:4b:53:b2:28:5e:
01:dd:25:a2:05:a0:d5:15:d4:80:88:6f:45:40:81:9f:7b:7a:
e6:e2:f4:78:34:fc:2b:30:69:ba:cf:84:64:c7:a2:d1:1a:f1:
9b:8a:45:ab:47:9e:11:1b:aa:20:4e:e0:90:c5:cb:3d:12:03:
0d:de:50:00:d3:5e:3b:6f:0a:58:23:d9:52:fc:c5:9d:0d:1c:
e5:b3:70:d0:43:21:99:77:e8:86:20:ee:d8:4a:cd:4b:f2:60:
ca:b4:3f:ab:6c:3a:5a:e5:85:b4:37:36:ec:b0:20:e8:bd:1c:
39:9f:50:a1:4f:c4:93:f9:98:64:30:c5:7f:c0:3d:c5:c8:dc:
ce:76:59:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVuOKWuKCeGVvqdtrEEwefHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MWMyODFmNTc2YjQzYTFjYWI5NTNjOTIwNDFjZTk1OTky
NzBjNzgwHhcNMjMwMTAxMTY0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODcyZmU1NmYxNGUyY2EwOTRjNTlhZGZmMGE3NDhiMWYxYWI5YzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkH6Iw+aIMamyUo7M+3SQwQ5DPpe+
7143uceucneMgqgbYDWmSYgiRBHAgb76IpjME5hvBO816mPpfuWBRNbhLNgxJf0v
V1DaQcXZMOM93L0AfyoqDjV6qXdllgBrnc7wSgG1FrCr1RU0HU+A4gWZ+9dCRrxC
GPXhflWRLvhZ6+Bc5obygYq3H1skxOdVP7R6JxAL0AkkcTxbJIvr4E6ZHrkSb+I/
/Fcnx1T3RV/v+isqr0oly5yBtTpk0xuG1FMVcUqm6PBbpqjjNPnZJoPcR9MPJg6T
3XhyEEOuLph2BgdJSMR0/6OP2RjdXevKv9YegY9v3gsZ3PP9cX3VubR2cQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMhy/lbxTiyglMWa3/CnSLHxq5w/MB8GA1UdIwQY
MBaAFIUcKB9Xa0OhyrlTySBBzpWZJwx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFJ3b0gxZHJRNkhLdVZQSklFSE9sWmtuREhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80YTY4YTctZGMzMS00MGZhLWExMTAt
OTFkNTYyMDBiYWY0LzEveUhMLVZ2Rk9MS0NVeFpyZjhLZElzZkdybkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80YTY4YTctZGMzMS00MGZhLWExMTAtOTFkNTYyMDBiYWY0
LzEvaFJ3b0gxZHJRNkhLdVZQSklFSE9sWmtuREhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVOoMA0E
AgACMAcDBQMqDoOAMA0GCSqGSIb3DQEBCwUAA4IBAQC+OzzecwxQueyvRXbiKsOM
ZQwl1rm+74NAr3riVi3Xw8TNHvvbbHmWT/cwE6eFyoQHvi2NxAiDmIhpNseiiJLj
wcFeqsonVFdHATw50oWaJDN2tNMf+uegJhUZDDc3HQXdPPklYEGOLa75hZ2524gG
okcVf2Go0rpAS1OyKF4B3SWiBaDVFdSAiG9FQIGfe3rm4vR4NPwrMGm6z4Rkx6LR
GvGbikWrR54RG6ogTuCQxcs9EgMN3lAA0147bwpYI9lS/MWdDRzls3DQQyGZd+iG
IO7YSs1L8mDKtD+rbDpa5YW0NzbssCDovRw5n1ChT8ST+ZhkMMV/wD3FyNzOdllG
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:16:51 2025 by rpki-client