Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/g_CnFPlte2QeZH3KsqFrnKAdw5c.roa
File: g_CnFPlte2QeZH3KsqFrnKAdw5c.roa (raw, json)
Hash identifier: 7Ue4KluNV3z4YHsEOuOomm/XWwT+1u8Bdxq8ON4h0W8=
Subject key identifier: 83:F0:A7:14:F9:6D:7B:64:1E:64:7D:CA:B2:A1:6B:9C:A0:1D:C3:97
Certificate issuer: /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial: 0193A4F02834344E350B9992A2FC385AB7ED
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/g_CnFPlte2QeZH3KsqFrnKAdw5c.roa
Signing time: Sun 08 Dec 2024 06:23:42 +0000
ROA not before: Sun 08 Dec 2024 06:23:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 213775
IP address blocks: 5.160.199.0/24 maxlen: 24
46.209.224.0/24 maxlen: 24
46.209.225.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:a4:f0:28:34:34:4e:35:0b:99:92:a2:fc:38:5a:b7:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Validity
Not Before: Dec 8 06:23:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=83f0a714f96d7b641e647dcab2a16b9ca01dc397
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:11:22:3f:eb:fc:ca:55:ee:d7:04:f5:cc:49:
db:2d:05:46:1b:c5:6d:eb:6c:1e:c6:5d:11:58:e5:
7a:06:9e:a6:b1:82:30:89:cb:9e:ea:57:ee:58:34:
f7:0b:ed:ee:ce:42:9e:82:e6:2b:58:6f:d7:91:76:
a8:e6:40:32:a0:50:6c:33:f8:d8:c1:65:3d:a7:b0:
9b:1b:14:5b:e0:f1:1e:fe:68:45:d4:5e:88:b7:00:
63:fb:a4:a6:07:28:a0:ed:54:2b:19:0b:16:b1:d2:
f5:75:6e:91:a1:d9:17:39:d2:22:3e:f8:f3:82:fd:
75:48:95:e2:fd:30:42:86:be:01:56:7b:ae:29:90:
9a:bc:c0:a9:36:d3:ef:4a:b9:85:e8:2b:60:44:e1:
63:34:66:ce:01:8f:fa:7f:85:ea:39:58:d4:36:dd:
25:a6:9a:ad:55:70:b0:c6:f3:ce:ef:01:d0:2c:0d:
b6:f8:49:c0:a2:14:b4:2d:ca:21:a1:fd:a2:4b:6b:
a8:19:85:6a:14:06:23:17:eb:4e:eb:85:fb:ae:9e:
bd:41:7c:93:3a:95:51:79:40:2c:2e:04:22:ac:45:
a9:70:64:20:8e:8b:4b:cf:0d:b5:12:11:cc:e6:1c:
a3:16:65:82:dd:a5:01:56:95:09:a0:e8:34:13:75:
53:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:F0:A7:14:F9:6D:7B:64:1E:64:7D:CA:B2:A1:6B:9C:A0:1D:C3:97
X509v3 Authority Key Identifier:
keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/g_CnFPlte2QeZH3KsqFrnKAdw5c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.160.199.0/24
46.209.224.0/23
Signature Algorithm: sha256WithRSAEncryption
66:aa:38:c7:c1:4e:3d:55:fa:46:2f:a5:ef:4a:9f:11:1e:42:
b3:0b:49:3d:3d:e0:e4:77:21:d4:ee:ce:0f:b1:6e:72:8b:72:
66:fe:86:70:44:23:ba:3b:b1:62:88:d1:bb:65:82:82:6a:e3:
55:03:95:27:c1:3c:ba:df:b9:09:d6:86:d2:7a:53:be:c6:4c:
31:ea:77:9d:d6:00:c4:47:4b:0d:76:ee:20:7d:a3:ae:62:fa:
48:9a:19:bd:19:6d:95:c1:a6:35:59:f8:4d:9c:94:37:9e:e3:
b4:4b:3c:96:7e:59:1c:c0:94:15:44:9a:2f:01:01:a2:4e:50:
83:3b:9a:bd:9a:1f:69:7b:03:99:7c:78:8a:f3:1a:6f:25:e2:
e6:73:82:55:c4:8b:98:92:4d:31:64:5e:9f:d8:ef:40:b5:87:
65:fb:73:cf:96:19:03:12:61:ed:90:4a:c4:f5:bb:b2:68:53:
f9:85:97:b9:a1:47:f2:65:1d:2b:81:b5:62:f1:31:cf:3a:96:
57:ea:0b:f5:c6:ad:7f:91:7f:db:d0:d7:00:a3:5c:66:2b:47:
da:d0:ff:9b:be:3f:5a:49:2e:6f:63:0f:f9:e8:6a:79:89:4f:
e7:f1:01:26:7c:b8:9e:9d:a9:3d:27:f6:fe:c9:f3:ca:a5:03:
db:72:c7:21
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZOk8Cg0NE41C5mSovw4WrftMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQxMjA4MDYyMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2YwYTcxNGY5NmQ3YjY0MWU2NDdkY2FiMmExNmI5Y2EwMWRjMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5REiP+v8ylXu1wT1zEnbLQVGG8Vt
62wexl0RWOV6Bp6msYIwicue6lfuWDT3C+3uzkKeguYrWG/XkXao5kAyoFBsM/jY
wWU9p7CbGxRb4PEe/mhF1F6ItwBj+6SmByig7VQrGQsWsdL1dW6RodkXOdIiPvjz
gv11SJXi/TBChr4BVnuuKZCavMCpNtPvSrmF6CtgROFjNGbOAY/6f4XqOVjUNt0l
ppqtVXCwxvPO7wHQLA22+EnAohS0Lcohof2iS2uoGYVqFAYjF+tO64X7rp69QXyT
OpVReUAsLgQirEWpcGQgjotLzw21EhHM5hyjFmWC3aUBVpUJoOg0E3VTLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIPwpxT5bXtkHmR9yrKha5ygHcOXMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvZ19DbkZQbHRlMlFlWkgzS3NxRnJuS0FkdzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABaDHAwQB
LtHgMA0GCSqGSIb3DQEBCwUAA4IBAQBmqjjHwU49VfpGL6XvSp8RHkKzC0k9PeDk
dyHU7s4PsW5yi3Jm/oZwRCO6O7FiiNG7ZYKCauNVA5UnwTy637kJ1obSelO+xkwx
6ned1gDER0sNdu4gfaOuYvpImhm9GW2VwaY1WfhNnJQ3nuO0SzyWflkcwJQVRJov
AQGiTlCDO5q9mh9pewOZfHiK8xpvJeLmc4JVxIuYkk0xZF6f2O9AtYdl+3PPlhkD
EmHtkErE9buyaFP5hZe5oUfyZR0rgbVi8THPOpZX6gv1xq1/kX/b0NcAo1xmK0fa
0P+bvj9aSS5vYw/56Gp5iU/n8QEmfLienak9J/b+yfPKpQPbcsch
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:23:26 2025 by rpki-client