Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/woaIKQqC9zoG3Bd8SodEAZsedeA.roa
File: woaIKQqC9zoG3Bd8SodEAZsedeA.roa (raw, json)
Hash identifier: j810l0ey2/qOC3F3QqKlYmK7lkzihXwtBypreqegUOM=
Subject key identifier: C2:86:88:29:0A:82:F7:3A:06:DC:17:7C:4A:87:44:01:9B:1E:75:E0
Certificate issuer: /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial: 018677B559BEB53F80DF2B4E5136F5F56DEE
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/woaIKQqC9zoG3Bd8SodEAZsedeA.roa
Signing time: Wed 22 Feb 2023 06:00:18 +0000
ROA not before: Wed 22 Feb 2023 06:00:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39521
IP address blocks: 45.133.88.0/22 maxlen: 24
45.132.136.0/22 maxlen: 24
45.132.140.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:77:b5:59:be:b5:3f:80:df:2b:4e:51:36:f5:f5:6d:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Validity
Not Before: Feb 22 06:00:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c28688290a82f73a06dc177c4a8744019b1e75e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:84:f3:cb:9f:99:5f:d7:55:8f:ed:f6:e2:bb:
0b:a1:6f:dd:89:35:e3:00:a2:a7:3c:47:ec:32:7c:
3d:4d:bb:a3:ac:6e:db:ff:c1:0c:80:37:10:93:fb:
b8:fa:95:7d:c6:72:81:d4:41:04:fc:ac:73:a3:80:
e3:07:4a:da:b5:e0:73:6b:2f:73:73:de:bf:90:5a:
63:03:9f:06:ea:4c:64:19:9f:45:03:6e:86:97:64:
dd:57:11:6b:01:51:18:d2:78:6b:fe:b8:06:65:ed:
28:39:6c:80:dc:5e:a0:49:d3:6c:df:b1:dc:6a:fd:
c0:cb:66:08:52:0b:93:b4:3b:43:55:cd:94:14:ae:
94:96:b1:8f:0c:12:41:1c:50:ab:79:ca:c4:bc:25:
a5:0c:13:52:c8:fb:13:60:22:8b:21:2a:1d:65:9e:
37:10:0d:a7:3b:cc:3f:99:3d:74:61:c6:98:95:24:
30:c9:10:3d:fa:ed:d0:c6:4b:f0:aa:8a:0e:5a:24:
a7:25:82:c1:91:b3:86:92:10:88:61:14:b7:92:4c:
96:48:c5:7a:2f:9d:be:d1:d3:d4:2d:04:5f:de:38:
67:f1:8f:e7:d5:fd:5e:e8:89:31:11:e1:b6:8b:02:
c3:9b:8a:f6:87:d0:83:15:6a:70:7f:6d:35:7d:76:
97:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:86:88:29:0A:82:F7:3A:06:DC:17:7C:4A:87:44:01:9B:1E:75:E0
X509v3 Authority Key Identifier:
keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/woaIKQqC9zoG3Bd8SodEAZsedeA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.132.136.0/21
45.133.88.0/22
Signature Algorithm: sha256WithRSAEncryption
8c:26:ef:2a:74:5c:01:83:3f:cb:e1:2a:1b:4f:66:9a:ff:24:
de:fb:14:6a:ee:c1:c9:a6:b4:eb:fe:23:51:40:ec:ea:25:15:
2f:b6:3a:53:95:70:40:96:1d:ab:73:da:39:ba:8a:4b:03:fb:
19:c5:37:c0:f4:1f:1e:e5:f9:5f:63:61:4e:83:f4:e3:4d:6f:
f6:c9:7f:b6:37:aa:56:5f:53:35:3d:c5:49:45:11:61:3f:cc:
f4:ff:a3:af:25:1d:fd:ef:e7:f3:d6:94:1a:5c:0a:08:30:ab:
d6:77:cd:e2:93:39:e7:77:68:3e:18:0e:27:29:78:5c:b4:a6:
09:da:e9:a2:59:3e:b0:6b:87:d5:f6:09:64:be:cf:a6:25:e3:
4b:00:ba:94:50:cb:f4:eb:2d:00:48:13:76:53:70:f1:51:f7:
3d:61:47:41:e1:d7:6d:3e:a0:a3:f3:00:40:ef:d9:1d:cc:5d:
d4:f5:6d:5f:32:36:f3:14:14:07:8c:f9:9d:e0:84:35:71:b9:
10:08:8e:4f:36:84:8a:d8:3f:98:a4:44:b3:b6:cd:c0:90:be:
30:85:6d:fb:5a:11:34:19:78:a0:44:e0:b2:4c:cf:a3:2a:79:
c4:3a:b1:0b:61:4e:40:28:e9:05:7f:33:95:0c:41:4d:64:4e:
bf:78:c3:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYZ3tVm+tT+A3ytOUTb19W3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjMwMjIyMDYwMDE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjg2ODgyOTBhODJmNzNhMDZkYzE3N2M0YTg3NDQwMTliMWU3NWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYTzy5+ZX9dVj+324rsLoW/diTXj
AKKnPEfsMnw9TbujrG7b/8EMgDcQk/u4+pV9xnKB1EEE/Kxzo4DjB0rateBzay9z
c96/kFpjA58G6kxkGZ9FA26Gl2TdVxFrAVEY0nhr/rgGZe0oOWyA3F6gSdNs37Hc
av3Ay2YIUguTtDtDVc2UFK6UlrGPDBJBHFCrecrEvCWlDBNSyPsTYCKLISodZZ43
EA2nO8w/mT10YcaYlSQwyRA9+u3QxkvwqooOWiSnJYLBkbOGkhCIYRS3kkyWSMV6
L52+0dPULQRf3jhn8Y/n1f1e6IkxEeG2iwLDm4r2h9CDFWpwf201fXaXJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMKGiCkKgvc6BtwXfEqHRAGbHnXgMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvd29hSUtRcUM5em9HM0JkOFNvZEVBWnNlZGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLYSIAwQC
LYVYMA0GCSqGSIb3DQEBCwUAA4IBAQCMJu8qdFwBgz/L4SobT2aa/yTe+xRq7sHJ
prTr/iNRQOzqJRUvtjpTlXBAlh2rc9o5uopLA/sZxTfA9B8e5flfY2FOg/TjTW/2
yX+2N6pWX1M1PcVJRRFhP8z0/6OvJR397+fz1pQaXAoIMKvWd83ikznnd2g+GA4n
KXhctKYJ2umiWT6wa4fV9glkvs+mJeNLALqUUMv06y0ASBN2U3DxUfc9YUdB4ddt
PqCj8wBA79kdzF3U9W1fMjbzFBQHjPmd4IQ1cbkQCI5PNoSK2D+YpESzts3AkL4w
hW37WhE0GXigROCyTM+jKnnEOrELYU5AKOkFfzOVDEFNZE6/eMP6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:52 2024 by rpki-client on console-fra.rpki-client.org