Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hm_VJzcdoqmeIflf8ikxtMTRxdw.roa
File: hm_VJzcdoqmeIflf8ikxtMTRxdw.roa (raw, json)
Hash identifier: rRYNfZHDvs+gsKSbkKYfMmS5e76KojifCMcDrdUcpZk=
Subject key identifier: 86:6F:D5:27:37:1D:A2:A9:9E:21:F9:5F:F2:29:31:B4:C4:D1:C5:DC
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 019422FC1BBA1062D29748D0B27A6A419C15
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hm_VJzcdoqmeIflf8ikxtMTRxdw.roa
Signing time: Wed 01 Jan 2025 17:48:55 +0000
ROA not before: Wed 01 Jan 2025 17:48:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206085
IP address blocks: 45.83.12.0/22 maxlen: 22
45.89.44.0/22 maxlen: 24
45.95.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:1b:ba:10:62:d2:97:48:d0:b2:7a:6a:41:9c:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 1 17:48:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=866fd527371da2a99e21f95ff22931b4c4d1c5dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:ff:67:2f:e0:07:89:7a:72:ff:4c:f2:ce:a7:
91:f5:a2:e5:88:dc:e6:30:27:d3:8b:72:88:fc:56:
bc:0b:7e:0a:50:ad:4a:0a:a2:ae:28:b5:00:3c:b0:
82:c8:f2:d9:98:ce:81:2d:16:66:f8:b9:e2:b7:4b:
6b:d4:6d:ab:15:5f:f6:d4:04:62:15:18:d4:b7:ab:
a1:45:8d:1a:ef:94:23:3e:71:e5:65:ee:42:8d:bd:
d6:9b:d3:b6:a7:a3:fc:99:9f:20:e8:a3:be:56:cd:
bb:36:c2:5a:a8:09:a0:b9:54:28:e0:01:22:30:ac:
07:ba:63:41:c5:f0:49:b7:b8:33:84:61:1b:7b:58:
e2:3d:df:ed:ca:f5:f9:d1:be:0d:e3:e1:76:f8:df:
32:e8:36:d7:ff:01:89:6e:b6:b4:20:8d:bb:a0:bb:
ba:38:08:12:46:17:d3:96:c1:b9:ad:1d:f3:01:b5:
43:98:53:eb:5d:59:24:e2:1a:34:6e:da:23:fb:93:
e6:df:ba:b9:3e:63:71:a0:8e:68:2e:de:22:f3:df:
12:b0:8d:54:cb:6e:2c:b6:07:2e:54:15:7b:36:30:
82:fa:ab:58:65:22:12:2b:37:3d:58:33:04:7e:5e:
08:2d:ca:ce:e2:a2:59:31:32:d5:f1:5c:f7:fd:aa:
35:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:6F:D5:27:37:1D:A2:A9:9E:21:F9:5F:F2:29:31:B4:C4:D1:C5:DC
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hm_VJzcdoqmeIflf8ikxtMTRxdw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.83.12.0/22
45.89.44.0/22
45.95.88.0/22
Signature Algorithm: sha256WithRSAEncryption
0f:13:85:e7:5f:1c:10:c3:90:72:2d:dd:39:3b:68:c1:e7:36:
a1:44:2a:27:dc:3e:2c:fc:ab:d5:0b:20:f6:d3:a9:5b:e4:01:
31:ff:3a:1b:ed:37:b3:99:e6:c6:53:2c:28:d5:01:c2:c0:07:
c1:8d:ff:ef:b9:ad:f4:d2:75:70:a1:dc:82:e0:7c:dc:8b:cf:
01:39:a1:82:df:8f:b3:ec:67:84:f8:b4:74:1a:3b:9a:65:97:
2b:44:84:4d:f9:95:36:05:d6:4d:2e:2b:76:44:46:d1:4e:0f:
99:06:50:1f:3a:d8:ac:47:55:49:70:b0:7a:bc:f6:5d:9e:b4:
ab:08:cf:b6:84:07:ce:df:5c:7c:e3:05:fe:98:23:5f:5b:ea:
35:7a:8f:4a:7a:65:af:48:2e:37:85:0a:2e:ed:4e:4f:b5:41:
81:c0:11:8e:26:80:c1:b9:9c:b9:f6:ed:36:a9:95:b2:e6:d6:
04:62:c8:00:d7:ce:c4:4a:98:dc:8c:17:41:d0:c8:be:01:e8:
f4:7c:6f:a6:e8:a3:f8:aa:99:61:c5:d1:32:27:b7:a0:ba:cb:
67:41:13:16:0f:b2:4f:9f:22:37:5d:6c:69:e6:a5:67:76:91:
d4:aa:5d:14:1f:81:e6:34:4c:f1:d0:94:ad:73:74:e8:52:56:
18:a0:5e:d9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQi/Bu6EGLSl0jQsnpqQZwVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjZmZDUyNzM3MWRhMmE5OWUyMWY5NWZmMjI5MzFiNGM0ZDFjNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxv9nL+AHiXpy/0zyzqeR9aLliNzm
MCfTi3KI/Fa8C34KUK1KCqKuKLUAPLCCyPLZmM6BLRZm+Lnit0tr1G2rFV/21ARi
FRjUt6uhRY0a75QjPnHlZe5Cjb3Wm9O2p6P8mZ8g6KO+Vs27NsJaqAmguVQo4AEi
MKwHumNBxfBJt7gzhGEbe1jiPd/tyvX50b4N4+F2+N8y6DbX/wGJbra0II27oLu6
OAgSRhfTlsG5rR3zAbVDmFPrXVkk4ho0btoj+5Pm37q5PmNxoI5oLt4i898SsI1U
y24stgcuVBV7NjCC+qtYZSISKzc9WDMEfl4ILcrO4qJZMTLV8Vz3/ao14wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIZv1Sc3HaKpniH5X/IpMbTE0cXcMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaG1fVkp6Y2RvcW1lSWZsZjhpa3h0TVRSeGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVMMAwQC
LVksAwQCLV9YMA0GCSqGSIb3DQEBCwUAA4IBAQAPE4XnXxwQw5ByLd05O2jB5zah
RCon3D4s/KvVCyD206lb5AEx/zob7TezmebGUywo1QHCwAfBjf/vua300nVwodyC
4Hzci88BOaGC34+z7GeE+LR0GjuaZZcrRIRN+ZU2BdZNLit2REbRTg+ZBlAfOtis
R1VJcLB6vPZdnrSrCM+2hAfO31x84wX+mCNfW+o1eo9KemWvSC43hQou7U5PtUGB
wBGOJoDBuZy59u02qZWy5tYEYsgA187ESpjcjBdB0Mi+Aej0fG+m6KP4qplhxdEy
J7egustnQRMWD7JPnyI3XWxp5qVndpHUql0UH4HmNEzx0JStc3ToUlYYoF7Z
-----END CERTIFICATE-----
Generated at Sat Apr 5 15:56:00 2025 by rpki-client