Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/msgckqwjxGkN4g8WF1_7UL5RwiM.roa
File: msgckqwjxGkN4g8WF1_7UL5RwiM.roa (raw, json)
Hash identifier: t/I55R9rn9fKm55PaeFfRk/57RicyUfm6EQWw8F+9x4=
Subject key identifier: 9A:C8:1C:92:AC:23:C4:69:0D:E2:0F:16:17:5F:FB:50:BE:51:C2:23
Certificate issuer: /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial: 018842593D77648F516F180E12D63ADE6681
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/msgckqwjxGkN4g8WF1_7UL5RwiM.roa
Signing time: Mon 22 May 2023 07:25:24 +0000
ROA not before: Mon 22 May 2023 07:25:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 45.149.74.0/23 maxlen: 24
45.149.75.0/24 maxlen: 24
45.149.72.0/24 maxlen: 24
45.149.74.0/24 maxlen: 24
45.133.89.0/24 maxlen: 24
45.133.90.0/24 maxlen: 24
45.133.91.0/24 maxlen: 24
45.133.88.0/24 maxlen: 24
45.148.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:42:59:3d:77:64:8f:51:6f:18:0e:12:d6:3a:de:66:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Validity
Not Before: May 22 07:25:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9ac81c92ac23c4690de20f16175ffb50be51c223
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:b0:e3:73:4e:df:bb:d7:84:bc:67:d6:9a:e1:
91:8b:7a:b1:92:7c:13:e2:ce:21:47:ef:48:bc:c9:
0c:89:9e:75:da:1b:05:19:d3:2e:bb:87:7d:e0:c1:
cf:f6:49:dd:57:cc:c7:54:3f:be:34:c2:20:4d:ac:
e7:93:1e:2c:88:3b:f9:52:15:64:51:8b:25:59:d1:
41:76:2a:40:31:5f:ac:e0:1d:c3:5e:90:6c:d0:84:
d5:fa:67:56:1b:3d:e5:4f:5b:2b:b4:ff:78:f0:f0:
1b:49:78:67:79:f3:bc:36:67:12:0f:cb:ed:d6:ef:
b7:d9:0b:e6:37:04:cb:01:93:18:0c:58:cc:41:f9:
53:bc:d6:74:ae:1b:35:a3:cf:47:89:d8:05:54:f6:
03:94:04:21:1f:d7:af:49:3c:3d:8f:f3:c1:65:3a:
ed:b8:77:83:fb:38:5a:1f:0e:5a:f3:96:7e:35:3c:
32:ea:ab:d3:8b:fb:cd:17:55:7b:3f:44:ef:da:d2:
ec:96:72:93:60:f2:c8:c0:a0:d7:10:22:e0:e0:06:
69:2e:b2:69:9e:19:6b:54:7d:66:58:e9:36:40:c9:
df:47:1d:bf:ef:45:de:7a:66:67:18:ae:1a:a6:83:
88:a3:0d:d9:68:89:94:7a:3e:29:18:1f:5e:f2:7b:
e1:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:C8:1C:92:AC:23:C4:69:0D:E2:0F:16:17:5F:FB:50:BE:51:C2:23
X509v3 Authority Key Identifier:
keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/msgckqwjxGkN4g8WF1_7UL5RwiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.133.88.0/22
45.148.254.0/24
45.149.72.0/24
45.149.74.0/23
Signature Algorithm: sha256WithRSAEncryption
59:82:20:90:55:55:fc:b7:a1:6d:df:ea:62:2f:b9:64:d9:ef:
0e:e5:6b:15:a3:c3:b7:82:2d:70:b3:66:7a:0b:64:c6:99:ac:
8c:da:06:67:e8:97:33:64:6e:fe:0a:00:7b:c7:4a:59:1c:bd:
51:59:61:66:87:e0:49:b4:41:60:e6:d0:e5:59:79:4d:63:28:
ae:8b:de:54:c6:d8:08:af:34:cd:0a:6e:c1:ba:87:45:1a:5e:
4d:ee:9e:81:f8:01:84:a4:d9:99:f9:ca:34:c9:a3:dd:53:7c:
8f:3a:b9:b6:9e:49:2f:42:ed:84:34:fe:1f:17:80:3a:76:fc:
ee:b4:ed:25:c0:1f:69:3b:e4:a4:64:e7:72:a1:e9:af:58:ad:
85:01:14:d2:5f:2b:2e:b8:7d:fd:9c:7d:ee:ad:0b:24:61:1e:
43:f4:35:fc:c9:76:98:0d:6a:be:a1:92:b3:67:44:d3:93:73:
de:1e:c3:4e:fd:23:0f:fe:35:de:d9:a5:61:b2:87:51:44:98:
7a:51:18:38:c3:ca:92:ae:69:f3:c8:40:05:92:e9:dd:3a:f5:
a9:62:7f:cb:f5:c7:2d:00:d3:c2:ea:47:07:61:de:24:de:f8:
86:c8:ac:37:a0:c1:a2:01:6d:c1:c5:ac:c4:9b:1b:8a:69:9e:
0f:2a:4b:dd
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYhCWT13ZI9RbxgOEtY63maBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjMwNTIyMDcyNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWM4MWM5MmFjMjNjNDY5MGRlMjBmMTYxNzVmZmI1MGJlNTFjMjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLDjc07fu9eEvGfWmuGRi3qxknwT
4s4hR+9IvMkMiZ512hsFGdMuu4d94MHP9kndV8zHVD++NMIgTaznkx4siDv5UhVk
UYslWdFBdipAMV+s4B3DXpBs0ITV+mdWGz3lT1srtP948PAbSXhnefO8NmcSD8vt
1u+32QvmNwTLAZMYDFjMQflTvNZ0rhs1o89HidgFVPYDlAQhH9evSTw9j/PBZTrt
uHeD+zhaHw5a85Z+NTwy6qvTi/vNF1V7P0Tv2tLslnKTYPLIwKDXECLg4AZpLrJp
nhlrVH1mWOk2QMnfRx2/70XeemZnGK4apoOIow3ZaImUej4pGB9e8nvh8wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJrIHJKsI8RpDeIPFhdf+1C+UcIjMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvbXNnY2txd2p4R2tONGc4V0YxXzdVTDVSd2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLYVYAwQA
LZT+AwQALZVIAwQBLZVKMA0GCSqGSIb3DQEBCwUAA4IBAQBZgiCQVVX8t6Ft3+pi
L7lk2e8O5WsVo8O3gi1ws2Z6C2TGmayM2gZn6JczZG7+CgB7x0pZHL1RWWFmh+BJ
tEFg5tDlWXlNYyiui95UxtgIrzTNCm7BuodFGl5N7p6B+AGEpNmZ+co0yaPdU3yP
Orm2nkkvQu2ENP4fF4A6dvzutO0lwB9pO+SkZOdyoemvWK2FARTSXysuuH39nH3u
rQskYR5D9DX8yXaYDWq+oZKzZ0TTk3PeHsNO/SMP/jXe2aVhsodRRJh6URg4w8qS
rmnzyEAFkundOvWpYn/L9cctANPC6kcHYd4k3viGyKw3oMGiAW3BxazEmxuKaZ4P
Kkvd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:52 2024 by rpki-client on console-fra.rpki-client.org