Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/WYmPxI6JB45ble7920tMxx1x6fA.roa
File: WYmPxI6JB45ble7920tMxx1x6fA.roa (raw, json)
Hash identifier: ZFV7krD+fmaSlnIX64HSHF5oJVUokWwGFj+HXLBIX2M=
Subject key identifier: 59:89:8F:C4:8E:89:07:8E:5B:95:EE:FD:DB:4B:4C:C7:1D:71:E9:F0
Certificate issuer: /CN=d895fa70e3f7df361151d55379d4d9b85dadfd3d
Certificate serial: 01857042AD8799029EDBE4BE0569B209A3EB
Authority key identifier: D8:95:FA:70:E3:F7:DF:36:11:51:D5:53:79:D4:D9:B8:5D:AD:FD:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2JX6cOP33zYRUdVTedTZuF2t_T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/WYmPxI6JB45ble7920tMxx1x6fA.roa
Signing time: Mon 02 Jan 2023 02:14:56 +0000
ROA not before: Mon 02 Jan 2023 02:14:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208436
IP address blocks: 45.137.24.0/22 maxlen: 22
2a0e:9f40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:42:ad:87:99:02:9e:db:e4:be:05:69:b2:09:a3:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d895fa70e3f7df361151d55379d4d9b85dadfd3d
Validity
Not Before: Jan 2 02:14:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=59898fc48e89078e5b95eefddb4b4cc71d71e9f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:03:f8:48:28:62:3a:83:8e:f0:dd:0a:29:01:
f3:b0:c5:19:43:eb:8c:d9:f8:9f:0f:20:6c:2e:51:
54:11:0c:d2:a6:c0:9e:7b:8b:f9:07:a2:2c:51:bf:
d6:94:18:93:11:0d:13:87:14:4a:1f:74:ff:b4:46:
ac:3c:bf:a5:4c:ce:e9:97:04:81:00:c6:73:b5:8f:
ee:29:7a:16:7a:d0:be:6c:6a:70:ef:12:c8:41:20:
75:48:d9:41:7f:0c:d5:e6:0d:1d:b8:fa:8d:1f:7b:
1a:51:b4:d0:b7:4b:d9:50:9a:cf:57:bd:d0:54:52:
2e:12:65:4c:40:03:50:6f:c4:ee:4f:66:cc:ed:34:
03:85:f5:25:15:c0:8f:7b:9b:54:d7:90:5c:11:8f:
82:b5:6d:10:d9:59:81:7c:a5:3e:f0:37:21:3a:df:
a6:49:53:23:32:3d:56:44:75:19:9b:0d:b6:a9:86:
e1:e5:1f:1b:25:f0:61:0f:ec:a4:66:2a:a5:0c:80:
be:3b:da:bf:a2:2f:d2:ec:ee:6d:d2:a6:a3:a0:71:
8d:be:13:0a:a5:4f:58:b8:ee:34:99:a1:09:d5:14:
28:db:d0:57:48:dc:4a:58:df:4c:4f:38:25:27:05:
02:23:b8:a0:b3:19:5e:d6:d4:bb:cf:1e:ac:b3:ff:
c8:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:89:8F:C4:8E:89:07:8E:5B:95:EE:FD:DB:4B:4C:C7:1D:71:E9:F0
X509v3 Authority Key Identifier:
keyid:D8:95:FA:70:E3:F7:DF:36:11:51:D5:53:79:D4:D9:B8:5D:AD:FD:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JX6cOP33zYRUdVTedTZuF2t_T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/WYmPxI6JB45ble7920tMxx1x6fA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/2JX6cOP33zYRUdVTedTZuF2t_T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.24.0/22
IPv6:
2a0e:9f40::/29
Signature Algorithm: sha256WithRSAEncryption
37:f7:c6:73:b1:25:8f:05:bd:94:a0:9f:fd:cc:06:a5:d2:1b:
87:26:02:7c:e3:ac:19:12:b2:59:b0:c8:da:b4:c4:bc:d7:34:
f6:8d:d1:76:57:a0:1d:d9:a2:76:e7:cb:2b:89:89:5b:08:ca:
9f:9b:18:13:75:b5:cc:0c:3f:c2:06:82:94:26:67:e7:87:12:
ee:66:04:1c:87:5c:58:a1:5b:ce:c1:88:e4:e7:eb:c2:8a:64:
d2:0e:89:58:fa:b8:83:6a:cc:4c:41:28:12:ce:26:63:03:ef:
e2:f0:0e:a0:28:75:a6:f2:1d:45:6a:6b:2c:ec:bb:97:14:3c:
65:ab:16:d0:15:db:f9:98:b7:99:5b:21:f6:f4:89:8c:85:9b:
9b:97:21:13:83:31:3e:82:4c:70:fc:34:fb:85:c0:1f:dc:35:
b2:af:71:c3:58:72:ed:eb:7d:2f:6f:3b:bf:5c:a8:fc:18:b5:
47:56:29:75:7c:0c:fa:b2:0c:74:72:e8:74:4f:f8:5b:8a:1b:
66:1d:8f:66:c3:b1:cc:4f:34:06:cb:d3:1a:da:30:45:61:9d:
95:f9:5f:30:c7:1d:be:63:87:5e:b0:93:af:f7:dd:06:15:91:
29:b2:82:89:d7:41:bf:a3:4f:1e:95:4f:f0:75:eb:10:b1:5b:
f1:8b:ed:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVwQq2HmQKe2+S+BWmyCaPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTVmYTcwZTNmN2RmMzYxMTUxZDU1Mzc5ZDRkOWI4NWRh
ZGZkM2QwHhcNMjMwMTAyMDIxNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTg5OGZjNDhlODkwNzhlNWI5NWVlZmRkYjRiNGNjNzFkNzFlOWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwP4SChiOoOO8N0KKQHzsMUZQ+uM
2fifDyBsLlFUEQzSpsCee4v5B6IsUb/WlBiTEQ0ThxRKH3T/tEasPL+lTM7plwSB
AMZztY/uKXoWetC+bGpw7xLIQSB1SNlBfwzV5g0duPqNH3saUbTQt0vZUJrPV73Q
VFIuEmVMQANQb8TuT2bM7TQDhfUlFcCPe5tU15BcEY+CtW0Q2VmBfKU+8DchOt+m
SVMjMj1WRHUZmw22qYbh5R8bJfBhD+ykZiqlDIC+O9q/oi/S7O5t0qajoHGNvhMK
pU9YuO40maEJ1RQo29BXSNxKWN9MTzglJwUCI7igsxle1tS7zx6ss//IPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFmJj8SOiQeOW5Xu/dtLTMcdcenwMB8GA1UdIwQY
MBaAFNiV+nDj9982EVHVU3nU2bhdrf09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpYNmNPUDMzellSVWRWVGVkVFp1RjJ0X1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83MGI1MDQtYzJkNC00Mzg3LTliNzUt
ZjQ1YjhkYmUyZjk3LzEvV1ltUHhJNkpCNDVibGU3OTIwdE14eDF4NmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83MGI1MDQtYzJkNC00Mzg3LTliNzUtZjQ1YjhkYmUyZjk3
LzEvMkpYNmNPUDMzellSVWRWVGVkVFp1RjJ0X1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYkYMA0E
AgACMAcDBQMqDp9AMA0GCSqGSIb3DQEBCwUAA4IBAQA398ZzsSWPBb2UoJ/9zAal
0huHJgJ846wZErJZsMjatMS81zT2jdF2V6Ad2aJ258sriYlbCMqfmxgTdbXMDD/C
BoKUJmfnhxLuZgQch1xYoVvOwYjk5+vCimTSDolY+riDasxMQSgSziZjA+/i8A6g
KHWm8h1Famss7LuXFDxlqxbQFdv5mLeZWyH29ImMhZublyETgzE+gkxw/DT7hcAf
3DWyr3HDWHLt630vbzu/XKj8GLVHVil1fAz6sgx0cuh0T/hbihtmHY9mw7HMTzQG
y9Ma2jBFYZ2V+V8wxx2+Y4desJOv990GFZEpsoKJ10G/o08elU/wdesQsVvxi+1h
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:59 2024 by rpki-client on console-ams.rpki-client.org