Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/8If2bJm8PQ_uIjMBivmLFda6uHs.roa
File: 8If2bJm8PQ_uIjMBivmLFda6uHs.roa (raw, json)
Hash identifier: 1ZL9zTKs//6jAUgzVF9TQn5X0MqodisEQBoGRGP1JOs=
Subject key identifier: F0:87:F6:6C:99:BC:3D:0F:EE:22:33:01:8A:F9:8B:15:D6:BA:B8:7B
Certificate issuer: /CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Certificate serial: 0185A2386EFECDD65D77BA2C6524EB24CD5B
Authority key identifier: 97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/8If2bJm8PQ_uIjMBivmLFda6uHs.roa
Signing time: Wed 11 Jan 2023 19:04:45 +0000
ROA not before: Wed 11 Jan 2023 19:04:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42375
IP address blocks: 45.147.202.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a2:38:6e:fe:cd:d6:5d:77:ba:2c:65:24:eb:24:cd:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Validity
Not Before: Jan 11 19:04:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f087f66c99bc3d0fee2233018af98b15d6bab87b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f9:0a:5a:02:63:ef:af:7e:29:53:b9:fb:51:03:
62:ee:93:9f:d1:79:5e:d0:11:8a:67:ab:db:e6:ff:
4f:21:bd:d0:1e:16:b7:fa:10:b1:99:6f:91:f1:ba:
1b:71:61:47:64:44:47:7a:c6:db:5e:a1:91:a1:0b:
af:2d:c9:5a:97:dd:7c:ba:8a:c1:97:c7:1b:82:db:
80:2f:bb:ef:e3:1e:89:38:5c:25:e9:05:8e:55:4c:
30:ce:98:48:a4:53:29:f1:fa:1d:6d:80:b2:7d:2e:
8e:26:60:3a:5e:ed:58:f9:28:82:c7:a5:72:6e:8e:
e1:b4:5c:5c:56:1e:19:2c:08:5e:89:3c:70:da:04:
af:a5:1c:3c:18:6f:74:b7:b8:fb:7d:cf:78:7d:56:
2b:4e:1e:5d:b9:04:fb:44:07:59:ce:ca:a9:f6:71:
a6:07:33:62:0c:65:8e:01:d6:ec:47:63:72:05:07:
77:71:46:24:4c:d0:97:27:3f:14:cc:ef:7a:d5:e2:
0f:99:e1:a8:34:72:51:6e:0a:f4:f9:85:4f:95:af:
64:f3:85:35:8b:43:ed:a1:01:b9:fb:72:65:dc:a4:
21:94:e8:e3:e8:29:fa:49:65:a2:59:16:2e:3b:1a:
a1:65:05:bc:70:a4:46:6c:0b:b9:f3:90:49:93:1e:
00:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:87:F6:6C:99:BC:3D:0F:EE:22:33:01:8A:F9:8B:15:D6:BA:B8:7B
X509v3 Authority Key Identifier:
keyid:97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/8If2bJm8PQ_uIjMBivmLFda6uHs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.147.202.0/23
Signature Algorithm: sha256WithRSAEncryption
40:8e:c5:4e:32:06:18:56:f0:2f:b6:fa:46:73:31:70:2b:7e:
c2:86:a9:8a:e3:1f:f1:9f:1d:89:27:2c:da:bf:f4:34:4c:03:
35:4a:62:e6:b7:bc:62:91:94:41:0c:ed:4b:78:58:33:da:5b:
d2:40:f6:e8:9e:5d:88:e2:79:f8:33:b3:42:76:d2:f0:8e:d2:
05:e7:2f:4b:91:e4:0a:c5:de:00:e7:e0:43:8b:b1:a4:3d:ad:
ba:7d:49:31:c8:b4:d0:6f:74:52:e0:54:5b:b0:c2:43:8d:2b:
1d:ca:68:2b:c6:f6:67:e8:41:63:8f:34:98:7c:2b:07:3a:aa:
5b:ea:7a:91:41:cb:2a:ef:1b:c5:1d:69:28:e5:bc:c5:4f:5d:
70:28:e0:f4:3a:c3:ab:cd:96:f9:af:12:d5:c6:17:94:4a:af:
3c:9d:b6:b4:42:43:57:b3:5b:04:7b:22:6d:35:74:3d:cb:1d:
c1:32:fd:c6:a0:cd:ba:2c:ef:e5:94:6e:a7:04:24:d9:fc:77:
e1:b1:fa:21:33:d1:68:f1:f4:6f:f6:32:7f:00:06:cd:52:f1:
b5:23:3f:fa:cc:ea:62:74:c9:4e:11:7c:65:c1:4c:ce:87:24:
a4:65:94:f6:e6:88:d5:e8:45:16:6b:da:1e:f0:2d:62:b1:bb:
d0:7e:88:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWiOG7+zdZdd7osZSTrJM1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWJmMTRhOGU1NGYxMmRkOGIyNDUzNTNkZjY4M2UxODJh
MDk2YzUwHhcNMjMwMTExMTkwNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDg3ZjY2Yzk5YmMzZDBmZWUyMjMzMDE4YWY5OGIxNWQ2YmFiODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+QpaAmPvr34pU7n7UQNi7pOf0Xle
0BGKZ6vb5v9PIb3QHha3+hCxmW+R8bobcWFHZERHesbbXqGRoQuvLclal918uorB
l8cbgtuAL7vv4x6JOFwl6QWOVUwwzphIpFMp8fodbYCyfS6OJmA6Xu1Y+SiCx6Vy
bo7htFxcVh4ZLAheiTxw2gSvpRw8GG90t7j7fc94fVYrTh5duQT7RAdZzsqp9nGm
BzNiDGWOAdbsR2NyBQd3cUYkTNCXJz8UzO961eIPmeGoNHJRbgr0+YVPla9k84U1
i0PtoQG5+3Jl3KQhlOjj6Cn6SWWiWRYuOxqhZQW8cKRGbAu585BJkx4AJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCH9myZvD0P7iIzAYr5ixXWurh7MB8GA1UdIwQY
MBaAFJfr8UqOVPEt2LJFNT32g+GCoJbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUt
MjQwOWFhZDA4MWQyLzEvOElmMmJKbThQUV91SWpNQml2bUxGZGE2dUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUtMjQwOWFhZDA4MWQy
LzEvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZPKMA0G
CSqGSIb3DQEBCwUAA4IBAQBAjsVOMgYYVvAvtvpGczFwK37ChqmK4x/xnx2JJyza
v/Q0TAM1SmLmt7xikZRBDO1LeFgz2lvSQPbonl2I4nn4M7NCdtLwjtIF5y9LkeQK
xd4A5+BDi7GkPa26fUkxyLTQb3RS4FRbsMJDjSsdymgrxvZn6EFjjzSYfCsHOqpb
6nqRQcsq7xvFHWko5bzFT11wKOD0OsOrzZb5rxLVxheUSq88nba0QkNXs1sEeyJt
NXQ9yx3BMv3GoM26LO/llG6nBCTZ/HfhsfohM9Fo8fRv9jJ/AAbNUvG1Iz/6zOpi
dMlOEXxlwUzOhySkZZT25ojV6EUWa9oe8C1isbvQfogq
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:06:27 2025 by rpki-client