Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/se0cnjsSEl4V2WunNJ3nWncK2lM.roa
File: se0cnjsSEl4V2WunNJ3nWncK2lM.roa (raw, json)
Hash identifier: rklVAsi58kzRXiElNpRcZBNmdjct/uAEMoYJ45MSH0Q=
Subject key identifier: B1:ED:1C:9E:3B:12:12:5E:15:D9:6B:A7:34:9D:E7:5A:77:0A:DA:53
Certificate issuer: /CN=7fa3f99dba94a307b6cd2e1d90f678dac05681f8
Certificate serial: 01902D21489BB964EBFA90306B22ABC60D2B
Authority key identifier: 7F:A3:F9:9D:BA:94:A3:07:B6:CD:2E:1D:90:F6:78:DA:C0:56:81:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/se0cnjsSEl4V2WunNJ3nWncK2lM.roa
Signing time: Tue 18 Jun 2024 20:54:34 +0000
ROA not before: Tue 18 Jun 2024 20:54:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 45.151.140.0/24 maxlen: 24
45.151.141.0/24 maxlen: 24
45.151.142.0/24 maxlen: 24
45.151.143.0/24 maxlen: 24
91.209.228.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:2d:21:48:9b:b9:64:eb:fa:90:30:6b:22:ab:c6:0d:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7fa3f99dba94a307b6cd2e1d90f678dac05681f8
Validity
Not Before: Jun 18 20:54:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b1ed1c9e3b12125e15d96ba7349de75a770ada53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:e3:6f:20:d0:84:bf:30:71:99:66:24:24:96:
6e:d9:e1:b5:55:17:42:da:7d:3d:15:05:11:bb:79:
e6:0f:90:bb:88:08:e0:ea:c5:b2:82:a7:c4:c0:08:
6d:fb:73:a8:b2:3c:44:8e:3f:90:ad:8f:49:6e:22:
b6:da:82:e2:4a:bc:1f:ad:bf:20:ff:ee:96:a4:27:
de:c4:33:2c:9b:53:a2:ed:b9:50:4b:e0:61:d6:b6:
34:f1:84:70:57:df:27:40:aa:b1:61:d4:7a:b1:34:
15:7b:2a:55:9f:9a:64:58:dc:c9:55:46:b1:c7:b0:
51:3e:b5:4b:37:0c:a8:ad:4d:d0:76:46:00:90:0c:
6e:e2:e2:01:47:5d:ee:35:d7:c2:3e:98:66:c0:70:
b4:b8:2d:07:89:b7:42:e2:72:0c:8f:7a:59:63:d7:
77:83:d1:63:c9:67:4f:87:c1:9d:df:ce:eb:96:a0:
54:f4:09:18:ce:ee:3d:e5:04:cd:37:24:cf:02:be:
fb:5c:85:00:18:6d:7b:3b:50:c4:c1:67:ac:4c:f0:
1d:90:31:aa:d9:00:00:a0:b3:b9:54:78:4f:b4:46:
a5:f7:06:c2:96:4c:60:4f:37:d3:c6:9c:56:19:d4:
63:14:0d:d3:2b:0d:c8:db:97:cd:3b:59:f9:12:06:
c0:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:ED:1C:9E:3B:12:12:5E:15:D9:6B:A7:34:9D:E7:5A:77:0A:DA:53
X509v3 Authority Key Identifier:
keyid:7F:A3:F9:9D:BA:94:A3:07:B6:CD:2E:1D:90:F6:78:DA:C0:56:81:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6P5nbqUowe2zS4dkPZ42sBWgfg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/se0cnjsSEl4V2WunNJ3nWncK2lM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5ae3c4-4aa4-4c62-8eb5-4ea47cce0c63/1/f6P5nbqUowe2zS4dkPZ42sBWgfg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.140.0/22
91.209.228.0/24
Signature Algorithm: sha256WithRSAEncryption
90:52:40:d0:df:98:e8:af:7f:74:68:ef:9b:8b:17:a2:6f:2d:
de:2f:c4:a8:84:76:8c:b8:7e:eb:03:21:29:da:c4:c1:86:59:
fa:b2:eb:b0:4d:84:b3:88:34:12:7b:f1:63:b0:47:8b:c3:e6:
08:c8:27:04:87:3d:13:0f:c9:61:a0:34:b7:66:d8:ec:75:b7:
66:6b:4b:37:ba:b9:4e:9a:32:fa:bc:c4:0a:c4:e9:f7:e1:2a:
3f:8f:b8:ca:9e:51:ec:46:19:15:be:18:54:4d:5d:55:04:92:
d2:4a:a7:51:95:ad:e8:76:e8:d2:06:39:0c:08:70:cd:c4:5a:
ea:80:19:76:dc:28:82:7a:9d:31:64:5d:5a:26:f1:47:81:c0:
97:61:52:ce:2e:d0:9f:44:9b:61:2d:bf:52:9c:49:e7:6a:d9:
49:48:a3:1b:2d:7b:89:0a:11:49:c3:ae:7b:9c:28:b4:4a:75:
b3:52:58:a4:aa:0f:be:62:5a:08:e0:7f:4e:cc:1d:5a:e5:9c:
15:20:b5:a5:60:09:4b:7b:13:48:43:7d:f5:f5:0f:ae:30:b1:
0b:6e:8a:76:ea:07:78:98:76:57:5a:c0:dd:6c:eb:6b:1f:84:
2f:19:3f:1d:8a:33:2e:5d:a1:08:2d:27:86:5b:30:ed:43:cd:
02:6b:c0:91
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAtIUibuWTr+pAwayKrxg0rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYTNmOTlkYmE5NGEzMDdiNmNkMmUxZDkwZjY3OGRhYzA1
NjgxZjgwHhcNMjQwNjE4MjA1NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWVkMWM5ZTNiMTIxMjVlMTVkOTZiYTczNDlkZTc1YTc3MGFkYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+NvINCEvzBxmWYkJJZu2eG1VRdC
2n09FQURu3nmD5C7iAjg6sWygqfEwAht+3OosjxEjj+QrY9JbiK22oLiSrwfrb8g
/+6WpCfexDMsm1Oi7blQS+Bh1rY08YRwV98nQKqxYdR6sTQVeypVn5pkWNzJVUax
x7BRPrVLNwyorU3QdkYAkAxu4uIBR13uNdfCPphmwHC0uC0HibdC4nIMj3pZY9d3
g9FjyWdPh8Gd387rlqBU9AkYzu495QTNNyTPAr77XIUAGG17O1DEwWesTPAdkDGq
2QAAoLO5VHhPtEal9wbClkxgTzfTxpxWGdRjFA3TKw3I25fNO1n5EgbAKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHtHJ47EhJeFdlrpzSd51p3CtpTMB8GA1UdIwQY
MBaAFH+j+Z26lKMHts0uHZD2eNrAVoH4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjZQNW5icVVvd2UyelM0ZGtQWjQyc0JXZ2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81YWUzYzQtNGFhNC00YzYyLThlYjUt
NGVhNDdjY2UwYzYzLzEvc2UwY25qc1NFbDRWMld1bk5KM25XbmNLMmxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81YWUzYzQtNGFhNC00YzYyLThlYjUtNGVhNDdjY2UwYzYz
LzEvZjZQNW5icVVvd2UyelM0ZGtQWjQyc0JXZ2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZeMAwQA
W9HkMA0GCSqGSIb3DQEBCwUAA4IBAQCQUkDQ35jor390aO+bixeiby3eL8SohHaM
uH7rAyEp2sTBhln6suuwTYSziDQSe/FjsEeLw+YIyCcEhz0TD8lhoDS3Ztjsdbdm
a0s3urlOmjL6vMQKxOn34So/j7jKnlHsRhkVvhhUTV1VBJLSSqdRla3odujSBjkM
CHDNxFrqgBl23CiCep0xZF1aJvFHgcCXYVLOLtCfRJthLb9SnEnnatlJSKMbLXuJ
ChFJw657nCi0SnWzUlikqg++YloI4H9OzB1a5ZwVILWlYAlLexNIQ3319Q+uMLEL
bop26gd4mHZXWsDdbOtrH4QvGT8dijMuXaEILSeGWzDtQ80Ca8CR
-----END CERTIFICATE-----
Generated at Thu Aug 8 15:19:00 2024 by rpki-client on console-ams.rpki-client.org