Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/2dF4qhSOc03x2d66Ke37S3wnM3o.roa
File: 2dF4qhSOc03x2d66Ke37S3wnM3o.roa (raw, json)
Hash identifier: j+pzw+wvEkz+RtEc/srtXIuv+MkaSDMbk2vMoyRvbXQ=
Subject key identifier: D9:D1:78:AA:14:8E:73:4D:F1:D9:DE:BA:29:ED:FB:4B:7C:27:33:7A
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 0185090A614C32309692435B3E52F38E4074
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/2dF4qhSOc03x2d66Ke37S3wnM3o.roa
Signing time: Tue 13 Dec 2022 01:12:33 +0000
ROA not before: Tue 13 Dec 2022 01:12:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 62236
IP address blocks: 2.56.84.0/24 maxlen: 24
2.56.85.0/24 maxlen: 24
2.56.86.0/23 maxlen: 23
45.141.243.0/24 maxlen: 24
45.141.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:09:0a:61:4c:32:30:96:92:43:5b:3e:52:f3:8e:40:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Dec 13 01:12:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d9d178aa148e734df1d9deba29edfb4b7c27337a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:f4:89:55:81:19:03:0e:d7:92:25:c0:c9:b4:
15:6f:1a:e6:d8:cf:c0:f4:21:91:26:49:b8:98:08:
f5:2f:5f:8d:90:29:20:45:3b:4d:14:1b:0d:a1:2e:
20:78:4e:1a:36:c5:cb:d3:9b:38:47:12:a2:d9:d2:
90:bb:c0:4c:b4:c3:04:4c:64:41:b5:69:48:96:c7:
06:dc:6e:ad:fc:0b:49:57:08:9d:2a:57:1f:da:84:
72:d9:0c:c6:3e:dd:57:d6:d5:c7:02:e0:3e:c7:c0:
23:69:eb:da:9f:26:14:be:2e:c7:b1:72:8f:48:b7:
8b:c9:f9:c5:36:ed:23:1a:50:10:91:eb:71:05:24:
b3:78:b2:32:b6:e5:43:96:a6:2d:72:1c:e0:fb:a4:
30:06:5b:df:81:9b:9c:70:1d:54:5d:a9:e4:31:e9:
85:29:57:b3:76:3b:18:d8:03:73:d3:47:e3:59:4a:
e6:bd:4d:59:1b:f7:39:35:c2:1d:18:22:2f:d8:a6:
e0:0f:78:ac:d3:df:0f:ae:18:3b:7d:78:5c:31:38:
98:af:4e:64:aa:e2:ea:ad:62:ad:f2:87:94:2a:68:
e1:1a:08:e0:4a:bc:14:26:62:45:53:c4:5a:c1:a7:
90:e8:c0:a5:81:43:28:fa:f5:ef:63:6f:0d:80:37:
6d:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:D1:78:AA:14:8E:73:4D:F1:D9:DE:BA:29:ED:FB:4B:7C:27:33:7A
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/2dF4qhSOc03x2d66Ke37S3wnM3o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.84.0/22
45.141.243.0/24
45.141.254.0/24
Signature Algorithm: sha256WithRSAEncryption
79:6b:e1:d5:d0:8b:da:8e:f4:57:81:02:7a:c1:8e:d0:e3:5a:
08:43:19:3c:e6:b1:9a:b7:1b:bd:ff:5c:44:93:24:f5:0d:6c:
b2:8e:93:3b:72:e5:46:fc:bd:c0:16:88:97:19:ce:b6:68:b8:
81:39:88:c4:b4:be:d2:73:36:31:cf:0a:4a:13:20:af:79:0d:
11:07:c5:eb:a2:76:c6:0e:f8:3e:8e:3d:8e:70:c3:15:37:13:
29:f6:f7:64:76:4e:42:05:f1:cd:8b:23:90:f5:df:f3:f5:94:
a3:bd:27:a6:5d:c2:16:d4:c5:d4:78:c0:39:4b:95:19:bf:ab:
41:36:de:b0:97:50:9d:ba:76:fc:6c:56:e8:14:e8:db:33:c1:
03:4f:4b:81:ac:dd:d1:dd:9c:40:15:fc:5d:80:6e:77:1f:90:
45:12:5a:e1:16:2e:6f:f7:70:29:47:99:78:f0:f2:87:c9:fb:
57:e5:45:0a:34:5a:45:9b:4e:49:19:98:60:83:eb:bd:23:34:
36:6d:2b:57:45:00:c4:2f:d9:36:ef:8e:1d:c4:62:9d:04:04:
aa:e7:74:48:3a:14:49:57:c9:c3:57:68:dd:42:a7:a6:c3:c7:
b1:4b:41:72:ac:91:6f:20:e8:85:45:7f:22:5c:ee:98:5f:1c:
e7:2e:99:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYUJCmFMMjCWkkNbPlLzjkB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjIxMjEzMDExMjMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWQxNzhhYTE0OGU3MzRkZjFkOWRlYmEyOWVkZmI0YjdjMjczMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfSJVYEZAw7XkiXAybQVbxrm2M/A
9CGRJkm4mAj1L1+NkCkgRTtNFBsNoS4geE4aNsXL05s4RxKi2dKQu8BMtMMETGRB
tWlIlscG3G6t/AtJVwidKlcf2oRy2QzGPt1X1tXHAuA+x8AjaevanyYUvi7HsXKP
SLeLyfnFNu0jGlAQketxBSSzeLIytuVDlqYtchzg+6QwBlvfgZuccB1UXankMemF
KVezdjsY2ANz00fjWUrmvU1ZG/c5NcIdGCIv2KbgD3is098Prhg7fXhcMTiYr05k
quLqrWKt8oeUKmjhGgjgSrwUJmJFU8RawaeQ6MClgUMo+vXvY28NgDdtKwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNnReKoUjnNN8dneuint+0t8JzN6MB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvMmRGNHFoU09jMDN4MmQ2NktlMzdTM3duTTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjhUAwQA
LY3zAwQALY3+MA0GCSqGSIb3DQEBCwUAA4IBAQB5a+HV0IvajvRXgQJ6wY7Q41oI
Qxk85rGatxu9/1xEkyT1DWyyjpM7cuVG/L3AFoiXGc62aLiBOYjEtL7SczYxzwpK
EyCveQ0RB8XronbGDvg+jj2OcMMVNxMp9vdkdk5CBfHNiyOQ9d/z9ZSjvSemXcIW
1MXUeMA5S5UZv6tBNt6wl1Cdunb8bFboFOjbM8EDT0uBrN3R3ZxAFfxdgG53H5BF
ElrhFi5v93ApR5l48PKHyftX5UUKNFpFm05JGZhgg+u9IzQ2bStXRQDEL9k2744d
xGKdBASq53RIOhRJV8nDV2jdQqemw8exS0FyrJFvIOiFRX8iXO6YXxznLpnA
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:05 2023 by rpki-client on console.sobornost.net