Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tWiYdqvuEMQtXuq8iWyJ6Lf-VYQ.roa
File: tWiYdqvuEMQtXuq8iWyJ6Lf-VYQ.roa (raw, json)
Hash identifier: lxash8WG3Tjc2gKdcGtoHOBFOXwJoCBIiOz3fC/oWCA=
Subject key identifier: B5:68:98:76:AB:EE:10:C4:2D:5E:EA:BC:89:6C:89:E8:B7:FE:55:84
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018E56C0E1D1FC3DC06D3D4B198E8117FF05
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tWiYdqvuEMQtXuq8iWyJ6Lf-VYQ.roa
Signing time: Tue 19 Mar 2024 12:47:45 +0000
ROA not before: Tue 19 Mar 2024 12:47:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42864
IP address blocks: 45.9.169.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.171.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.11.0/24 maxlen: 24
45.88.93.0/24 maxlen: 24
77.242.144.0/22 maxlen: 24
77.242.148.0/24 maxlen: 24
77.242.151.0/24 maxlen: 24
88.209.193.0/24 maxlen: 24
88.209.196.0/24 maxlen: 24
88.209.208.0/24 maxlen: 24
88.209.210.0/24 maxlen: 24
88.209.212.0/24 maxlen: 24
88.209.213.0/24 maxlen: 24
88.209.214.0/24 maxlen: 24
88.209.215.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
92.52.209.0/24 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.212.0/22 maxlen: 24
178.210.224.0/24 maxlen: 24
178.210.225.0/24 maxlen: 24
178.210.226.0/23 maxlen: 23
178.210.228.0/22 maxlen: 24
178.210.232.0/22 maxlen: 22
178.210.236.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.238.0/23 maxlen: 23
178.210.240.0/22 maxlen: 22
178.210.244.0/22 maxlen: 22
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/22 maxlen: 22
178.248.200.0/21 maxlen: 21
193.138.125.0/24 maxlen: 24
2a00:1f40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:56:c0:e1:d1:fc:3d:c0:6d:3d:4b:19:8e:81:17:ff:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Mar 19 12:47:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b5689876abee10c42d5eeabc896c89e8b7fe5584
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:a2:a7:37:77:52:98:1a:e0:48:0f:72:10:3d:
e8:ca:56:b1:c4:0c:a9:60:51:e8:97:d3:00:04:41:
cd:ee:df:77:d2:41:a7:f2:5c:11:b5:0c:63:8f:30:
a9:14:fc:49:d2:89:0a:bc:35:19:da:0b:f3:61:9b:
ab:ea:0b:74:ba:e7:62:82:55:7f:bb:35:c8:41:b3:
9e:2a:7f:91:39:69:6b:a4:65:28:74:a8:3b:c5:df:
5f:6f:06:0a:cd:a0:ad:b0:c7:5d:fb:ca:a3:f3:d3:
b1:0b:70:ca:01:2c:9b:07:fc:7b:82:86:b4:56:4b:
88:8c:c9:39:0e:61:32:05:1c:db:19:15:9a:f8:e4:
bc:c3:f6:0c:72:59:ef:c2:17:f1:00:51:c3:4f:fd:
ec:a7:34:93:f1:6e:89:df:94:37:27:6c:e3:7c:3c:
71:b2:b0:35:bf:32:16:13:de:1d:3c:44:99:94:6b:
99:8d:bb:94:77:c8:82:22:fb:c3:45:f3:bb:95:50:
34:c5:be:b2:07:f0:58:d4:ea:88:c8:41:53:aa:83:
12:df:17:da:00:ad:c9:d5:d5:77:c2:3b:26:8c:7f:
47:c4:0c:d2:30:1b:6f:ab:c7:28:28:8a:15:fb:1a:
31:4c:ff:16:4e:ad:06:23:4c:28:e2:f4:f6:2a:f7:
d4:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:68:98:76:AB:EE:10:C4:2D:5E:EA:BC:89:6C:89:E8:B7:FE:55:84
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/tWiYdqvuEMQtXuq8iWyJ6Lf-VYQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.169.0-45.9.171.255
45.14.10.0/23
45.88.93.0/24
77.242.144.0-77.242.148.255
77.242.151.0/24
88.209.193.0/24
88.209.196.0/24
88.209.208.0/24
88.209.210.0/24
88.209.212.0/22
92.52.208.0/21
178.210.224.0/19
178.248.200.0/21
193.138.125.0/24
IPv6:
2a00:1f40::/29
Signature Algorithm: sha256WithRSAEncryption
2f:36:2d:37:8e:6d:b1:cc:73:cb:3d:a5:6e:c4:13:90:a1:48:
eb:23:fe:2a:09:95:f9:a0:76:89:27:2c:aa:c0:81:ff:8d:dd:
9c:ff:36:c4:66:cc:c4:3b:10:63:7d:f0:a1:0a:21:0d:fd:96:
ec:4f:eb:7d:48:33:b6:36:68:d0:20:d3:d2:ff:77:f0:9c:66:
36:c5:bd:b2:77:9f:5f:f6:c3:1e:00:59:0e:72:6c:3c:c9:0c:
7f:fe:ff:36:7b:f0:75:71:ed:27:c4:e3:f7:02:12:5b:a9:f4:
2b:25:e8:0e:32:42:24:a3:e7:c9:54:2d:f1:a6:c9:03:1c:04:
0f:75:2e:64:4f:ae:7e:25:ff:ea:91:c9:84:78:3e:0e:4f:9f:
e9:1f:1b:43:30:cb:06:ff:57:85:bc:ca:10:f5:9f:ac:16:4d:
1f:cf:5a:82:e4:88:bb:07:af:5b:1b:dc:08:32:bb:81:15:26:
c7:5f:c5:ed:80:96:34:4f:c1:74:6c:07:ef:3a:59:d0:8f:8e:
96:8e:d3:0d:8e:c5:28:53:e0:a4:3a:69:23:a9:88:59:ec:54:
c7:18:61:16:48:a0:62:7b:5d:78:86:c6:ac:a2:0a:16:76:2d:
39:46:bc:8f:59:0e:8d:80:26:be:dd:87:ff:40:42:cd:bd:69:
b7:bd:60:5c
-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgISAY5WwOHR/D3AbT1LGY6BF/8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMzE5MTI0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTY4OTg3NmFiZWUxMGM0MmQ1ZWVhYmM4OTZjODllOGI3ZmU1NTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aKnN3dSmBrgSA9yED3oylaxxAyp
YFHol9MABEHN7t930kGn8lwRtQxjjzCpFPxJ0okKvDUZ2gvzYZur6gt0uudiglV/
uzXIQbOeKn+ROWlrpGUodKg7xd9fbwYKzaCtsMdd+8qj89OxC3DKASybB/x7goa0
VkuIjMk5DmEyBRzbGRWa+OS8w/YMclnvwhfxAFHDT/3spzST8W6J35Q3J2zjfDxx
srA1vzIWE94dPESZlGuZjbuUd8iCIvvDRfO7lVA0xb6yB/BY1OqIyEFTqoMS3xfa
AK3J1dV3wjsmjH9HxAzSMBtvq8coKIoV+xoxTP8WTq0GI0wo4vT2KvfUBwIDAQAB
o4ICdzCCAnMwHQYDVR0OBBYEFLVomHar7hDELV7qvIlsiei3/lWEMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvdFdpWWRxdnVFTVF0WHVxOGlXeUo2TGYtVllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGMBggrBgEFBQcBBwEB/wR9MHswagQCAAEwZDAMAwQALQmp
AwQCLQmoAwQBLQ4KAwQALVhdMAwDBARN8pADBABN8pQDBABN8pcDBABY0cEDBABY
0cQDBABY0dADBABY0dIDBAJY0dQDBANcNNADBAWy0uADBAOy+MgDBADBin0wDQQC
AAIwBwMFAyoAH0AwDQYJKoZIhvcNAQELBQADggEBAC82LTeObbHMc8s9pW7EE5Ch
SOsj/ioJlfmgdoknLKrAgf+N3Zz/NsRmzMQ7EGN98KEKIQ39luxP631IM7Y2aNAg
09L/d/CcZjbFvbJ3n1/2wx4AWQ5ybDzJDH/+/zZ78HVx7SfE4/cCElup9Csl6A4y
QiSj58lULfGmyQMcBA91LmRPrn4l/+qRyYR4Pg5Pn+kfG0Mwywb/V4W8yhD1n6wW
TR/PWoLkiLsHr1sb3Agyu4EVJsdfxe2AljRPwXRsB+86WdCPjpaO0w2OxShT4KQ6
aSOpiFnsVMcYYRZIoGJ7XXiGxqyiChZ2LTlGvI9ZDo2AJr7dh/9AQs29abe9YFw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:28 2024 by rpki-client on console-fra.rpki-client.org