Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/6dac86-224b-4ae5-b2a8-496ba82492ce/1/JM7V9AajS4l23mMn_iCrAx9H6rU.roa
File: JM7V9AajS4l23mMn_iCrAx9H6rU.roa (raw, json)
Hash identifier: DRMKpB+z9AGpniEaHQVISGBjcYIwEEFLDSeJJOIynBs=
Subject key identifier: 24:CE:D5:F4:06:A3:4B:89:76:DE:63:27:FE:20:AB:03:1F:47:EA:B5
Certificate issuer: /CN=9c556767201c50f6b2a955db6a1e6e011dfa5d44
Certificate serial: 018675E7E5EA46220FB1B2DA411D6AD61C72
Authority key identifier: 9C:55:67:67:20:1C:50:F6:B2:A9:55:DB:6A:1E:6E:01:1D:FA:5D:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nFVnZyAcUPayqVXbah5uAR36XUQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/6dac86-224b-4ae5-b2a8-496ba82492ce/1/JM7V9AajS4l23mMn_iCrAx9H6rU.roa
Signing time: Tue 21 Feb 2023 21:36:17 +0000
ROA not before: Tue 21 Feb 2023 21:36:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208882
IP address blocks: 45.81.40.0/23 maxlen: 23
2a0e:4d80::/29 maxlen: 29
2a0d:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:75:e7:e5:ea:46:22:0f:b1:b2:da:41:1d:6a:d6:1c:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c556767201c50f6b2a955db6a1e6e011dfa5d44
Validity
Not Before: Feb 21 21:36:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=24ced5f406a34b8976de6327fe20ab031f47eab5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:3f:e7:d9:e6:4a:5f:63:82:1b:83:7c:08:79:
60:1e:62:79:60:68:fc:6d:6d:3c:4f:8d:aa:1d:7a:
f7:a2:cd:8e:78:cb:fe:1f:49:69:48:4f:fe:36:eb:
d1:e6:b2:72:55:22:81:43:9c:81:90:bb:3e:22:f4:
65:e4:9d:73:cf:57:c6:04:c5:2d:00:c0:32:bb:92:
35:54:b5:17:61:9a:b4:20:45:4b:0b:99:39:62:4b:
41:f9:50:6a:45:ae:f1:12:37:13:b6:e8:9b:24:71:
63:80:ab:cc:62:08:c8:ea:60:8a:aa:23:1a:3a:68:
7a:a0:99:8b:bb:de:81:be:3b:ef:ba:34:23:e8:bc:
59:5c:0e:4f:31:1b:fb:3d:c8:07:60:3d:86:b4:ed:
ab:98:47:6d:ee:3e:4f:ad:95:16:6b:f8:e6:6c:b2:
37:4c:2f:62:27:99:32:6b:bb:7c:f6:e0:ae:46:86:
52:38:5a:53:af:76:c1:e3:f4:0e:14:f4:77:7e:08:
95:c0:f0:b2:78:93:59:58:f4:7a:b2:c5:a0:79:92:
97:65:b1:e4:24:a1:6c:aa:50:f9:13:88:d4:37:49:
5f:28:bd:07:09:9f:7e:af:3e:4f:11:6c:cd:c5:cf:
e8:f2:f9:ac:4e:29:2f:d3:6a:73:10:05:b8:73:a6:
fd:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:CE:D5:F4:06:A3:4B:89:76:DE:63:27:FE:20:AB:03:1F:47:EA:B5
X509v3 Authority Key Identifier:
keyid:9C:55:67:67:20:1C:50:F6:B2:A9:55:DB:6A:1E:6E:01:1D:FA:5D:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFVnZyAcUPayqVXbah5uAR36XUQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/6dac86-224b-4ae5-b2a8-496ba82492ce/1/JM7V9AajS4l23mMn_iCrAx9H6rU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/6dac86-224b-4ae5-b2a8-496ba82492ce/1/nFVnZyAcUPayqVXbah5uAR36XUQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.40.0/23
IPv6:
2a0d:ff40::/29
2a0e:4d80::/29
Signature Algorithm: sha256WithRSAEncryption
94:a2:7d:9e:fc:3a:41:43:cf:61:89:92:96:6b:8c:70:94:66:
74:01:ca:44:8b:ad:36:62:b3:dc:18:cd:f5:cf:a1:34:ee:b1:
90:73:b5:b6:62:5c:12:6f:47:ac:7f:54:f5:b6:dc:0e:11:41:
ad:89:82:c1:74:54:43:be:fb:da:e9:ba:d7:4e:a8:11:3a:a6:
ef:64:eb:46:ad:0e:b3:f9:74:99:8a:88:08:f2:88:d9:46:f2:
1a:eb:d5:a5:17:d0:04:07:f5:64:62:ae:c1:18:be:59:e8:52:
e7:de:28:ef:d5:e5:f4:4d:c1:b7:8d:d2:e2:db:87:5e:28:cd:
a5:a4:58:fa:7e:51:42:09:6e:70:8f:37:52:7b:7b:10:2b:ea:
5f:94:02:a5:80:fa:b2:96:87:5f:8f:0a:d5:1d:33:e3:19:d6:
bf:38:b2:5c:7c:f5:a7:eb:92:d2:b9:11:58:2c:56:1f:5b:16:
d7:86:fa:05:3f:e8:49:12:93:2d:0d:89:66:7a:be:27:69:da:
4b:56:d0:c5:c2:75:fd:4a:76:3c:f9:78:1b:84:b9:e4:f6:47:
01:2e:74:2c:19:9e:1e:d8:ec:36:85:73:83:35:44:c2:94:b8:
eb:7f:23:f7:b0:d9:7b:c8:d6:85:6a:f7:51:5a:83:17:28:4e:
d1:12:02:4d
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYZ15+XqRiIPsbLaQR1q1hxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTU2NzY3MjAxYzUwZjZiMmE5NTVkYjZhMWU2ZTAxMWRm
YTVkNDQwHhcNMjMwMjIxMjEzNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGNlZDVmNDA2YTM0Yjg5NzZkZTYzMjdmZTIwYWIwMzFmNDdlYWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz/n2eZKX2OCG4N8CHlgHmJ5YGj8
bW08T42qHXr3os2OeMv+H0lpSE/+NuvR5rJyVSKBQ5yBkLs+IvRl5J1zz1fGBMUt
AMAyu5I1VLUXYZq0IEVLC5k5YktB+VBqRa7xEjcTtuibJHFjgKvMYgjI6mCKqiMa
Omh6oJmLu96BvjvvujQj6LxZXA5PMRv7PcgHYD2GtO2rmEdt7j5PrZUWa/jmbLI3
TC9iJ5kya7t89uCuRoZSOFpTr3bB4/QOFPR3fgiVwPCyeJNZWPR6ssWgeZKXZbHk
JKFsqlD5E4jUN0lfKL0HCZ9+rz5PEWzNxc/o8vmsTikv02pzEAW4c6b9dQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCTO1fQGo0uJdt5jJ/4gqwMfR+q1MB8GA1UdIwQY
MBaAFJxVZ2cgHFD2sqlV22oebgEd+l1EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZWblp5QWNVUGF5cVZYYmFoNXVBUjM2WFVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi82ZGFjODYtMjI0Yi00YWU1LWIyYTgt
NDk2YmE4MjQ5MmNlLzEvSk03VjlBYWpTNGwyM21Nbl9pQ3JBeDlINnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi82ZGFjODYtMjI0Yi00YWU1LWIyYTgtNDk2YmE4MjQ5MmNl
LzEvbkZWblp5QWNVUGF5cVZYYmFoNXVBUjM2WFVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQBLVEoMBQE
AgACMA4DBQMqDf9AAwUDKg5NgDANBgkqhkiG9w0BAQsFAAOCAQEAlKJ9nvw6QUPP
YYmSlmuMcJRmdAHKRIutNmKz3BjN9c+hNO6xkHO1tmJcEm9HrH9U9bbcDhFBrYmC
wXRUQ7772um6106oETqm72TrRq0Os/l0mYqICPKI2UbyGuvVpRfQBAf1ZGKuwRi+
WehS594o79Xl9E3Bt43S4tuHXijNpaRY+n5RQglucI83Unt7ECvqX5QCpYD6spaH
X48K1R0z4xnWvziyXHz1p+uS0rkRWCxWH1sW14b6BT/oSRKTLQ2JZnq+J2naS1bQ
xcJ1/Up2PPl4G4S55PZHAS50LBmeHtjsNoVzgzVEwpS4638j97DZe8jWhWr3UVqD
FyhO0RICTQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:10 2025 by rpki-client