Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/taeCGT9YZahWrV6whii5UmZOZi0.roa
File: taeCGT9YZahWrV6whii5UmZOZi0.roa (raw, json)
Hash identifier: KWad7/k6T3OpuCfyPo1H/Y3l6505jfvxpzW15D0HFlQ=
Subject key identifier: B5:A7:82:19:3F:58:65:A8:56:AD:5E:B0:86:28:B9:52:66:4E:66:2D
Certificate issuer: /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial: 01942067DB336BF82AAB5205B2DF761D1B5E
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/taeCGT9YZahWrV6whii5UmZOZi0.roa
Signing time: Wed 01 Jan 2025 05:47:44 +0000
ROA not before: Wed 01 Jan 2025 05:47:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 45.150.173.0/24 maxlen: 24
45.150.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:db:33:6b:f8:2a:ab:52:05:b2:df:76:1d:1b:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Validity
Not Before: Jan 1 05:47:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b5a782193f5865a856ad5eb08628b952664e662d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:df:6a:02:9c:15:f0:ec:ed:34:7a:60:8e:d6:
c4:e7:81:c4:a0:92:c8:80:e9:a1:cf:cd:a6:44:80:
dd:fc:0c:c5:13:d2:d9:ea:c7:1f:20:54:3f:0c:7d:
3b:2e:46:67:d8:3c:5b:fc:11:57:73:b4:60:6c:ed:
bb:73:42:a1:31:fe:dd:af:a8:4d:fb:23:09:a3:46:
13:11:aa:41:ac:b8:67:e4:9e:85:2f:62:bb:04:16:
7d:3c:ed:1c:bf:07:70:bc:2d:70:b7:9b:6e:02:2a:
41:f5:ad:41:d5:68:76:c3:cb:5c:e4:03:90:1a:05:
94:4e:67:7f:53:82:6f:9e:aa:9c:5f:b1:91:8b:16:
de:58:7c:8f:81:75:f2:3c:f1:91:04:85:6a:52:e7:
5d:6d:d5:b7:37:38:f4:31:2d:8f:a0:e8:b7:b0:c9:
72:28:82:e7:ae:94:cf:42:db:95:4f:d3:6e:38:bb:
17:26:60:73:54:21:29:73:81:f3:07:db:0b:8b:95:
0d:43:d4:80:79:2d:3c:6d:1a:90:49:6e:3b:f7:89:
11:1d:2e:fe:6b:b2:a7:81:dc:3f:f9:d6:6a:1e:76:
5a:4e:7f:b2:ed:2e:09:65:0f:2b:cc:b3:bb:45:c0:
84:a7:41:56:0d:5c:71:c9:99:3d:12:6f:e8:66:d6:
21:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:A7:82:19:3F:58:65:A8:56:AD:5E:B0:86:28:B9:52:66:4E:66:2D
X509v3 Authority Key Identifier:
keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/taeCGT9YZahWrV6whii5UmZOZi0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.173.0/24
45.150.175.0/24
Signature Algorithm: sha256WithRSAEncryption
78:0d:fd:18:b0:82:9e:f5:87:a9:e1:5c:93:14:3f:45:80:65:
92:05:24:42:5f:64:25:40:4f:68:10:1c:5a:e2:66:3a:c5:df:
07:b9:4d:96:59:17:13:a9:01:ac:c6:51:bc:8c:3b:fa:d6:fc:
47:c6:33:8e:81:9e:b5:87:2c:59:42:9d:e4:8f:ac:f5:8f:80:
88:f9:3c:b9:aa:57:92:67:43:01:41:61:e9:f4:48:c0:6f:fd:
4d:46:d3:64:68:ee:e0:0f:c5:6b:2a:d7:5f:85:c4:2b:1c:bf:
e3:c4:98:f5:7a:ab:97:74:5b:6d:ed:fc:69:d1:9e:e8:5e:d9:
29:5f:27:32:ae:20:02:fe:ef:b2:fe:57:7f:ec:47:b0:42:a3:
51:fe:e3:63:64:36:18:ac:7b:ea:ee:62:95:62:a3:f2:f1:7e:
8c:9a:a1:0d:6d:a4:78:41:9a:b2:08:67:8d:29:99:2b:a4:c6:
a5:2b:3a:8d:3d:81:91:27:ee:46:5a:82:6b:7c:64:dc:75:83:
a3:2d:62:2e:25:2b:e4:d3:9e:34:64:81:b1:17:59:50:61:eb:
d3:5c:c2:f2:1e:d4:5c:1d:08:99:cf:0d:c1:fc:08:7e:05:3a:
56:73:40:fc:37:42:75:5e:47:70:6e:bf:5b:21:35:b5:1d:af:
ec:86:07:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgZ9sza/gqq1IFst92HRteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjUwMTAxMDU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWE3ODIxOTNmNTg2NWE4NTZhZDVlYjA4NjI4Yjk1MjY2NGU2NjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzt9qApwV8OztNHpgjtbE54HEoJLI
gOmhz82mRIDd/AzFE9LZ6scfIFQ/DH07LkZn2Dxb/BFXc7RgbO27c0KhMf7dr6hN
+yMJo0YTEapBrLhn5J6FL2K7BBZ9PO0cvwdwvC1wt5tuAipB9a1B1Wh2w8tc5AOQ
GgWUTmd/U4JvnqqcX7GRixbeWHyPgXXyPPGRBIVqUuddbdW3Nzj0MS2PoOi3sMly
KILnrpTPQtuVT9NuOLsXJmBzVCEpc4HzB9sLi5UNQ9SAeS08bRqQSW4794kRHS7+
a7Kngdw/+dZqHnZaTn+y7S4JZQ8rzLO7RcCEp0FWDVxxyZk9Em/oZtYhLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLWnghk/WGWoVq1esIYouVJmTmYtMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvdGFlQ0dUOVlaYWhXclY2d2hpaTVVbVpPWmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZatAwQA
LZavMA0GCSqGSIb3DQEBCwUAA4IBAQB4Df0YsIKe9Yep4VyTFD9FgGWSBSRCX2Ql
QE9oEBxa4mY6xd8HuU2WWRcTqQGsxlG8jDv61vxHxjOOgZ61hyxZQp3kj6z1j4CI
+Ty5qleSZ0MBQWHp9EjAb/1NRtNkaO7gD8VrKtdfhcQrHL/jxJj1equXdFtt7fxp
0Z7oXtkpXycyriAC/u+y/ld/7EewQqNR/uNjZDYYrHvq7mKVYqPy8X6MmqENbaR4
QZqyCGeNKZkrpMalKzqNPYGRJ+5GWoJrfGTcdYOjLWIuJSvk0540ZIGxF1lQYevT
XMLyHtRcHQiZzw3B/Ah+BTpWc0D8N0J1Xkdwbr9bITW1Ha/shgfr
-----END CERTIFICATE-----
Generated at Tue Apr 8 20:57:18 2025 by rpki-client