Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/ESp8faWZH_0jPoiNQRRYgP9MWkg.roa
File: ESp8faWZH_0jPoiNQRRYgP9MWkg.roa (raw, json)
Hash identifier: 70TB3dpMV1t6Gj/gpgKaFg2hCNRwEFvMZJYvbVdod+I=
Subject key identifier: 11:2A:7C:7D:A5:99:1F:FD:23:3E:88:8D:41:14:58:80:FF:4C:5A:48
Certificate issuer: /CN=16f9f928b0ac67731991f374b8e194eb6542ac24
Certificate serial: 018570CBFA783CD9BE6C57144CA9D50BFEBD
Authority key identifier: 16:F9:F9:28:B0:AC:67:73:19:91:F3:74:B8:E1:94:EB:65:42:AC:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/ESp8faWZH_0jPoiNQRRYgP9MWkg.roa
Signing time: Mon 02 Jan 2023 04:44:54 +0000
ROA not before: Mon 02 Jan 2023 04:44:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209053
IP address blocks: 45.8.232.0/22 maxlen: 22
45.8.232.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:cb:fa:78:3c:d9:be:6c:57:14:4c:a9:d5:0b:fe:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=16f9f928b0ac67731991f374b8e194eb6542ac24
Validity
Not Before: Jan 2 04:44:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=112a7c7da5991ffd233e888d41145880ff4c5a48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:57:39:97:a2:57:ea:c1:e0:8e:fe:d4:49:0e:
50:55:55:e5:78:3b:63:1d:77:47:3d:ed:bf:76:2f:
e5:9a:d4:03:46:05:5f:f4:3b:63:5d:40:db:db:d7:
af:e8:45:4f:91:45:3e:0b:c3:c3:86:c4:b7:87:99:
c2:78:6f:dd:bc:7a:e5:5c:db:db:0b:ee:62:70:5e:
c6:a6:24:75:f2:82:17:10:5e:05:5e:5b:b5:ba:3d:
25:e9:d1:d6:9b:09:8c:f0:66:98:ae:0f:dc:5b:07:
ee:c6:a1:d1:ff:6d:df:c3:6d:a9:04:36:9b:85:19:
a0:f7:54:d6:ac:93:14:36:d4:1c:b4:1d:e4:de:86:
35:6d:e2:5c:ea:98:fa:0c:04:6b:b1:30:8b:54:8b:
2d:83:32:de:4e:e8:18:65:c4:9d:06:54:b7:bf:71:
0b:84:a7:05:4c:96:a9:3c:76:de:a5:fe:db:b1:55:
6f:7c:0e:d7:76:2e:8f:92:ac:48:11:c9:28:b6:2a:
15:b9:bd:1c:b0:a4:0e:39:0e:0a:9c:67:02:a9:6c:
99:91:80:39:7b:e8:83:fb:a0:b7:f9:65:94:84:1d:
04:b6:5a:42:51:ed:b8:38:03:a6:c2:c2:91:89:b0:
a9:18:55:cf:79:35:7c:f7:48:32:1f:7d:8c:94:0b:
22:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:2A:7C:7D:A5:99:1F:FD:23:3E:88:8D:41:14:58:80:FF:4C:5A:48
X509v3 Authority Key Identifier:
keyid:16:F9:F9:28:B0:AC:67:73:19:91:F3:74:B8:E1:94:EB:65:42:AC:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/ESp8faWZH_0jPoiNQRRYgP9MWkg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d5c042-5b4d-4b10-bc76-42eaabbfbfd2/1/Fvn5KLCsZ3MZkfN0uOGU62VCrCQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.232.0/22
Signature Algorithm: sha256WithRSAEncryption
37:04:a1:03:d5:84:aa:38:f7:6b:de:7d:ca:0c:6e:51:90:5a:
a2:2d:73:11:c3:d6:f8:b4:81:fe:3b:d8:98:ec:ab:13:ad:76:
f3:8d:84:cf:d3:b3:ad:e5:71:00:79:d3:00:d5:6f:55:fa:e9:
3d:13:65:d1:3a:97:5b:67:65:81:7f:49:4b:12:51:94:ee:67:
fd:5f:fa:66:78:d5:86:f2:f7:5c:1f:78:95:5a:2c:fd:06:74:
eb:e3:fb:3a:60:57:4f:df:47:18:9a:77:f3:10:dd:f0:aa:20:
23:d8:a3:5a:56:c3:db:b8:7e:ab:81:28:41:20:8f:6f:4e:f8:
1e:ff:f9:b8:24:c1:c1:b8:27:16:ee:d9:44:48:61:cf:7c:db:
cb:d6:21:d6:76:ad:93:fb:3b:43:61:c8:90:d8:20:2d:5a:81:
4a:79:66:a8:02:c6:61:43:93:e8:4c:44:36:89:87:de:96:a3:
79:f6:f2:0a:17:62:95:f4:75:59:68:73:68:e2:fa:16:e1:b9:
35:d4:fd:93:e0:79:3f:2a:11:27:93:b3:29:9d:ea:13:bd:7c:
1c:05:0e:1e:a2:3c:cd:d7:75:91:e1:02:b6:1a:5a:0c:16:f8:
a7:c1:8d:4d:94:79:19:28:4b:a3:ab:8b:ef:8b:60:31:57:a3:
91:a6:4e:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwy/p4PNm+bFcUTKnVC/69MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZjlmOTI4YjBhYzY3NzMxOTkxZjM3NGI4ZTE5NGViNjU0
MmFjMjQwHhcNMjMwMTAyMDQ0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTJhN2M3ZGE1OTkxZmZkMjMzZTg4OGQ0MTE0NTg4MGZmNGM1YTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslc5l6JX6sHgjv7USQ5QVVXleDtj
HXdHPe2/di/lmtQDRgVf9DtjXUDb29ev6EVPkUU+C8PDhsS3h5nCeG/dvHrlXNvb
C+5icF7GpiR18oIXEF4FXlu1uj0l6dHWmwmM8GaYrg/cWwfuxqHR/23fw22pBDab
hRmg91TWrJMUNtQctB3k3oY1beJc6pj6DARrsTCLVIstgzLeTugYZcSdBlS3v3EL
hKcFTJapPHbepf7bsVVvfA7Xdi6PkqxIEckotioVub0csKQOOQ4KnGcCqWyZkYA5
e+iD+6C3+WWUhB0EtlpCUe24OAOmwsKRibCpGFXPeTV890gyH32MlAsiJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEqfH2lmR/9Iz6IjUEUWID/TFpIMB8GA1UdIwQY
MBaAFBb5+SiwrGdzGZHzdLjhlOtlQqwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnZuNUtMQ3NaM01aa2ZOMHVPR1U2MlZDckNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kNWMwNDItNWI0ZC00YjEwLWJjNzYt
NDJlYWFiYmZiZmQyLzEvRVNwOGZhV1pIXzBqUG9pTlFSUllnUDlNV2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kNWMwNDItNWI0ZC00YjEwLWJjNzYtNDJlYWFiYmZiZmQy
LzEvRnZuNUtMQ3NaM01aa2ZOMHVPR1U2MlZDckNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQjoMA0G
CSqGSIb3DQEBCwUAA4IBAQA3BKED1YSqOPdr3n3KDG5RkFqiLXMRw9b4tIH+O9iY
7KsTrXbzjYTP07Ot5XEAedMA1W9V+uk9E2XROpdbZ2WBf0lLElGU7mf9X/pmeNWG
8vdcH3iVWiz9BnTr4/s6YFdP30cYmnfzEN3wqiAj2KNaVsPbuH6rgShBII9vTvge
//m4JMHBuCcW7tlESGHPfNvL1iHWdq2T+ztDYciQ2CAtWoFKeWaoAsZhQ5PoTEQ2
iYfelqN59vIKF2KV9HVZaHNo4voW4bk11P2T4Hk/KhEnk7MpneoTvXwcBQ4eojzN
13WR4QK2GloMFvinwY1NlHkZKEujq4vvi2AxV6ORpk7O
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:49 2023 by rpki-client on console-ams.rpki-client.org