Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/XVDzZMWYYg1xEs0sI-u5_HzGeV4.roa
File: XVDzZMWYYg1xEs0sI-u5_HzGeV4.roa (raw, json)
Hash identifier: J3yRxTFzfP+aHcb7H7KY9oZsIv8Xchp2Nj7WjSi2dsk=
Subject key identifier: 5D:50:F3:64:C5:98:62:0D:71:12:CD:2C:23:EB:B9:FC:7C:C6:79:5E
Certificate issuer: /CN=1372e0c2b83dd5109013c7f1c0bb9716d3618dd2
Certificate serial: 018833FF3ADF1F52D3A1339C189B00B35890
Authority key identifier: 13:72:E0:C2:B8:3D:D5:10:90:13:C7:F1:C0:BB:97:16:D3:61:8D:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/E3Lgwrg91RCQE8fxwLuXFtNhjdI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/XVDzZMWYYg1xEs0sI-u5_HzGeV4.roa
Signing time: Fri 19 May 2023 12:32:24 +0000
ROA not before: Fri 19 May 2023 12:32:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199967
IP address blocks: 92.118.44.0/24 maxlen: 24
92.118.45.0/24 maxlen: 24
92.118.47.0/24 maxlen: 24
45.85.3.0/24 maxlen: 24
45.85.1.0/24 maxlen: 24
45.146.121.0/24 maxlen: 24
45.85.0.0/24 maxlen: 24
45.146.120.0/24 maxlen: 24
45.90.141.0/24 maxlen: 24
45.90.143.0/24 maxlen: 24
5.252.197.0/24 maxlen: 24
2.56.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:33:ff:3a:df:1f:52:d3:a1:33:9c:18:9b:00:b3:58:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1372e0c2b83dd5109013c7f1c0bb9716d3618dd2
Validity
Not Before: May 19 12:32:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d50f364c598620d7112cd2c23ebb9fc7cc6795e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:cc:59:74:11:0a:1e:55:c3:e2:08:8e:5a:35:
8f:35:e0:28:04:60:ba:cc:c9:e9:b5:00:88:53:d6:
58:83:e3:c4:6c:6a:3e:c3:fd:53:c5:33:da:e6:7d:
33:c4:16:49:c8:82:da:c7:ff:c2:4b:1e:3b:94:24:
b0:21:14:69:b7:33:52:13:f3:25:47:6f:c3:97:cd:
3a:5f:07:1f:ff:0a:e4:4f:c5:8d:23:81:cb:a0:15:
10:f4:03:56:b8:51:6e:01:44:1c:e3:21:40:b4:e8:
e9:11:85:b4:6f:08:30:c8:cd:09:34:a9:88:97:e1:
bf:5a:64:b8:c6:b6:2e:99:bb:ba:15:53:e6:b4:c2:
b4:7f:9c:05:97:da:be:bc:00:18:2a:a9:4f:eb:67:
1e:ce:d1:c0:a0:3d:86:a5:57:e1:fc:d4:53:46:3a:
d7:b8:5a:e1:d5:5d:68:91:73:44:a7:96:82:5a:86:
ab:c0:4f:f0:e3:eb:65:28:d1:07:9f:bd:d3:de:dc:
04:2e:a8:df:46:d6:ca:f2:75:1c:73:ba:41:2c:8f:
40:98:4a:f8:d7:2d:b4:ba:a1:f8:14:6d:77:2e:bd:
4b:99:75:a5:aa:ba:9e:7c:7f:f8:8c:8b:2d:8a:de:
8f:d0:9f:66:52:85:c9:ca:ce:14:26:d0:85:e0:e3:
8d:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:50:F3:64:C5:98:62:0D:71:12:CD:2C:23:EB:B9:FC:7C:C6:79:5E
X509v3 Authority Key Identifier:
keyid:13:72:E0:C2:B8:3D:D5:10:90:13:C7:F1:C0:BB:97:16:D3:61:8D:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E3Lgwrg91RCQE8fxwLuXFtNhjdI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/XVDzZMWYYg1xEs0sI-u5_HzGeV4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/E3Lgwrg91RCQE8fxwLuXFtNhjdI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.151.0/24
5.252.197.0/24
45.85.0.0/23
45.85.3.0/24
45.90.141.0/24
45.90.143.0/24
45.146.120.0/23
92.118.44.0/23
92.118.47.0/24
Signature Algorithm: sha256WithRSAEncryption
b2:32:51:0e:03:ee:46:77:6f:ac:72:2c:b6:db:96:17:8e:f6:
21:9b:83:71:98:02:02:5e:2f:01:07:03:11:ec:a5:de:3f:02:
39:0a:e2:ee:1a:7a:f4:6e:b6:bb:ce:7b:a2:48:93:e5:1b:20:
15:e3:e8:c0:27:2f:17:22:1e:c3:3d:4b:d7:17:77:b4:4d:8d:
1c:2d:dd:03:d8:a5:1a:a3:01:bf:52:3f:13:82:69:25:00:cd:
f3:c7:fc:06:5d:7f:ef:5e:c6:90:b9:8e:bd:06:e2:b4:2a:1f:
26:a8:78:49:f7:6f:c7:87:b0:e8:00:57:a5:6b:c1:98:c0:b2:
a7:39:12:18:8a:bb:64:a4:a7:67:b2:b8:03:ec:14:fc:09:b2:
19:72:f1:fd:09:83:a4:6c:ab:32:fa:1c:2b:45:e8:64:7b:f7:
2c:70:a2:66:3c:24:ac:a3:73:e1:1d:27:af:bf:2d:dc:53:1a:
08:13:2f:38:56:8a:c3:dc:77:92:60:b8:2e:c3:ec:8c:4a:e8:
fc:fd:63:ec:11:15:25:8f:8d:bd:29:eb:38:32:d4:6a:37:31:
1f:43:c7:99:a7:f0:83:73:30:72:81:fb:83:5b:ab:d6:43:66:
b2:84:7a:78:d7:fe:24:58:83:ac:0f:24:a9:7f:f6:5e:55:5d:
17:97:f2:99
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYgz/zrfH1LToTOcGJsAs1iQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNzJlMGMyYjgzZGQ1MTA5MDEzYzdmMWMwYmI5NzE2ZDM2
MThkZDIwHhcNMjMwNTE5MTIzMjI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDUwZjM2NGM1OTg2MjBkNzExMmNkMmMyM2ViYjlmYzdjYzY3OTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMxZdBEKHlXD4giOWjWPNeAoBGC6
zMnptQCIU9ZYg+PEbGo+w/1TxTPa5n0zxBZJyILax//CSx47lCSwIRRptzNSE/Ml
R2/Dl806Xwcf/wrkT8WNI4HLoBUQ9ANWuFFuAUQc4yFAtOjpEYW0bwgwyM0JNKmI
l+G/WmS4xrYumbu6FVPmtMK0f5wFl9q+vAAYKqlP62ceztHAoD2GpVfh/NRTRjrX
uFrh1V1okXNEp5aCWoarwE/w4+tlKNEHn73T3twELqjfRtbK8nUcc7pBLI9AmEr4
1y20uqH4FG13Lr1LmXWlqrqefH/4jIstit6P0J9mUoXJys4UJtCF4OONbwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFF1Q82TFmGINcRLNLCPrufx8xnleMB8GA1UdIwQY
MBaAFBNy4MK4PdUQkBPH8cC7lxbTYY3SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTNMZ3dyZzkxUkNRRThmeHdMdVhGdE5oamRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8yMjFmZDYtZTRmNi00M2UzLTk0NmQt
ZGQxZWM1N2Q3ZTc0LzEvWFZEelpNV1lZZzF4RXMwc0ktdTVfSHpHZVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8yMjFmZDYtZTRmNi00M2UzLTk0NmQtZGQxZWM1N2Q3ZTc0
LzEvRTNMZ3dyZzkxUkNRRThmeHdMdVhGdE5oamRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAAjiXAwQA
BfzFAwQBLVUAAwQALVUDAwQALVqNAwQALVqPAwQBLZJ4AwQBXHYsAwQAXHYvMA0G
CSqGSIb3DQEBCwUAA4IBAQCyMlEOA+5Gd2+sciy225YXjvYhm4NxmAICXi8BBwMR
7KXePwI5CuLuGnr0bra7znuiSJPlGyAV4+jAJy8XIh7DPUvXF3e0TY0cLd0D2KUa
owG/Uj8TgmklAM3zx/wGXX/vXsaQuY69BuK0Kh8mqHhJ92/Hh7DoAFela8GYwLKn
ORIYirtkpKdnsrgD7BT8CbIZcvH9CYOkbKsy+hwrRehke/cscKJmPCSso3PhHSev
vy3cUxoIEy84VorD3HeSYLguw+yMSuj8/WPsERUlj429Kes4MtRqNzEfQ8eZp/CD
czBygfuDW6vWQ2ayhHp41/4kWIOsDySpf/ZeVV0Xl/KZ
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:21:55 2025 by rpki-client