Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/vAO9TNdbYiwBUkdGYfFyNUdMuj0.roa
File: vAO9TNdbYiwBUkdGYfFyNUdMuj0.roa (raw, json)
Hash identifier: Ai1ZWnuLLmvd6arDfjSPkWA+b6FfvoarwaWm8D53P7A=
Subject key identifier: BC:03:BD:4C:D7:5B:62:2C:01:52:47:46:61:F1:72:35:47:4C:BA:3D
Certificate issuer: /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial: 018677D38B54C243F29E29747D1382BB1000
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/vAO9TNdbYiwBUkdGYfFyNUdMuj0.roa
Signing time: Wed 22 Feb 2023 06:33:17 +0000
ROA not before: Wed 22 Feb 2023 06:33:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39521
IP address blocks: 45.133.91.0/24 maxlen: 24
45.133.88.0/24 maxlen: 24
45.133.89.0/24 maxlen: 24
45.133.90.0/24 maxlen: 24
45.132.138.0/24 maxlen: 24
45.132.139.0/24 maxlen: 24
45.132.136.0/24 maxlen: 24
45.132.137.0/24 maxlen: 24
45.132.140.0/24 maxlen: 24
45.132.141.0/24 maxlen: 24
45.132.142.0/24 maxlen: 24
45.132.143.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:77:d3:8b:54:c2:43:f2:9e:29:74:7d:13:82:bb:10:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Validity
Not Before: Feb 22 06:33:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bc03bd4cd75b622c0152474661f17235474cba3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:25:f0:9b:23:2f:06:22:4d:12:8a:cf:44:d8:
89:2e:cf:47:79:c2:81:28:7c:8c:ca:e8:b6:6b:f1:
c8:70:cc:ed:3c:85:0b:8c:3c:54:c3:15:68:3c:d5:
cb:3f:4e:40:be:e8:5c:2e:87:1f:aa:53:84:e6:54:
1b:fe:65:4b:34:38:89:13:da:36:9b:dd:a0:23:42:
75:1b:9c:a5:da:b4:0d:63:f7:b5:6b:93:9d:37:b4:
85:0d:78:7f:43:01:9d:03:d8:17:4b:2a:16:44:c9:
04:7c:c5:b8:ef:67:e3:e5:ec:d6:5e:59:26:2e:ba:
23:23:3f:35:d2:7c:44:68:ca:b6:58:0f:86:2d:a2:
7a:a0:f7:fe:52:bf:60:29:83:e7:38:4a:06:b4:29:
4f:fb:79:4c:82:47:da:16:4f:86:61:58:fc:ea:68:
15:96:33:ae:02:de:30:ab:25:59:7f:0c:25:16:04:
f0:e2:5d:18:c9:1e:d5:36:09:4d:c7:60:f5:9b:aa:
e2:79:70:24:ff:e9:2a:2d:b0:cf:de:f5:a9:a7:23:
25:53:ce:87:52:c7:92:7a:e9:46:71:8e:f2:b3:35:
09:41:64:9d:62:27:e8:b8:2d:2a:76:6e:9e:43:2e:
7f:f3:5f:9e:79:7a:7e:5c:e8:c5:06:bf:ba:c4:4e:
8b:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:03:BD:4C:D7:5B:62:2C:01:52:47:46:61:F1:72:35:47:4C:BA:3D
X509v3 Authority Key Identifier:
keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/vAO9TNdbYiwBUkdGYfFyNUdMuj0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.132.136.0/21
45.133.88.0/22
Signature Algorithm: sha256WithRSAEncryption
29:bc:dd:ed:28:62:2c:52:bc:b7:7a:ab:e9:1c:38:d6:e5:1c:
95:93:0f:c6:0c:f7:c8:ef:a4:79:86:70:b2:2d:c0:90:d9:bb:
8a:d8:73:38:a0:35:ff:6b:df:ec:c6:99:8c:18:66:26:1d:d8:
a9:f1:a9:6c:0a:62:8d:bf:8b:73:b0:57:fe:19:09:fb:92:aa:
a9:5b:0e:10:a3:57:af:1f:71:8b:e3:78:d3:c4:9e:0f:4b:68:
06:95:2f:c6:31:de:53:95:b0:77:7e:2b:1d:42:b0:35:ec:13:
6c:1c:e9:72:a5:1e:f5:a9:f1:0c:88:a9:07:db:99:98:de:e5:
af:44:5e:03:20:78:e7:15:d4:0f:80:42:9e:47:a2:46:c2:a8:
bf:9e:e0:4f:16:96:72:a1:7b:83:fe:ff:ab:ec:f7:c7:b8:65:
c8:a2:50:d6:f6:6f:06:3f:c8:47:8f:35:f1:e4:15:2e:68:32:
3f:5f:61:84:e3:1f:55:ab:15:3f:b3:4e:5d:d7:bf:1d:ec:93:
30:80:0d:70:46:2e:af:1c:dc:c5:c4:69:38:42:ae:d8:75:74:
1b:f6:8a:bd:fa:71:5a:b1:a1:81:73:57:4d:a9:9e:ee:d0:9f:
89:1a:58:60:1d:e6:cc:a4:44:a8:e2:89:57:34:e8:62:eb:db:
7a:81:a5:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYZ304tUwkPynil0fROCuxAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjMwMjIyMDYzMzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzAzYmQ0Y2Q3NWI2MjJjMDE1MjQ3NDY2MWYxNzIzNTQ3NGNiYTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyXwmyMvBiJNEorPRNiJLs9HecKB
KHyMyui2a/HIcMztPIULjDxUwxVoPNXLP05AvuhcLocfqlOE5lQb/mVLNDiJE9o2
m92gI0J1G5yl2rQNY/e1a5OdN7SFDXh/QwGdA9gXSyoWRMkEfMW472fj5ezWXlkm
LrojIz810nxEaMq2WA+GLaJ6oPf+Ur9gKYPnOEoGtClP+3lMgkfaFk+GYVj86mgV
ljOuAt4wqyVZfwwlFgTw4l0YyR7VNglNx2D1m6rieXAk/+kqLbDP3vWppyMlU86H
UseSeulGcY7yszUJQWSdYifouC0qdm6eQy5/81+eeXp+XOjFBr+6xE6LTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLwDvUzXW2IsAVJHRmHxcjVHTLo9MB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvdkFPOVROZGJZaXdCVWtkR1lmRnlOVWRNdWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLYSIAwQC
LYVYMA0GCSqGSIb3DQEBCwUAA4IBAQApvN3tKGIsUry3eqvpHDjW5RyVkw/GDPfI
76R5hnCyLcCQ2buK2HM4oDX/a9/sxpmMGGYmHdip8alsCmKNv4tzsFf+GQn7kqqp
Ww4Qo1evH3GL43jTxJ4PS2gGlS/GMd5TlbB3fisdQrA17BNsHOlypR71qfEMiKkH
25mY3uWvRF4DIHjnFdQPgEKeR6JGwqi/nuBPFpZyoXuD/v+r7PfHuGXIolDW9m8G
P8hHjzXx5BUuaDI/X2GE4x9VqxU/s05d178d7JMwgA1wRi6vHNzFxGk4Qq7YdXQb
9oq9+nFasaGBc1dNqZ7u0J+JGlhgHebMpESo4olXNOhi69t6gaVL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:52 2024 by rpki-client on console-fra.rpki-client.org