Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/WgoikmAHlmITdykUEof3XoAhEEc.roa
File: WgoikmAHlmITdykUEof3XoAhEEc.roa (raw, json)
Hash identifier: nzO2DdUtdiJKLFxjbkMZSoIY5gR+kHRXUvPzD7+aeVc=
Subject key identifier: 5A:0A:22:92:60:07:96:62:13:77:29:14:12:87:F7:5E:80:21:10:47
Certificate issuer: /CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Certificate serial: 018964895C9E53A35C61A95EB261DD00359B
Authority key identifier: 97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/WgoikmAHlmITdykUEof3XoAhEEc.roa
Signing time: Mon 17 Jul 2023 15:47:50 +0000
ROA not before: Mon 17 Jul 2023 15:47:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49505
IP address blocks: 45.139.126.0/24 maxlen: 24
45.139.127.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:64:89:5c:9e:53:a3:5c:61:a9:5e:b2:61:dd:00:35:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=97ebf14a8e54f12dd8b245353df683e182a096c5
Validity
Not Before: Jul 17 15:47:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5a0a229260079662137729141287f75e80211047
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:6a:9a:57:9c:05:e1:82:6d:bf:9a:75:8c:ca:
d8:f5:a5:0e:89:dd:b2:c2:ab:ae:05:da:cd:b6:01:
76:26:3a:21:da:34:bd:b4:ad:be:31:7a:f5:36:0f:
7e:f4:d6:80:5a:89:f8:17:e8:35:03:f2:53:c4:95:
db:12:cb:87:e7:b7:1c:d6:0f:d9:96:b4:ef:af:fd:
40:65:0a:6a:74:d7:a9:cc:cb:5d:bf:d8:6f:6d:d2:
d9:e1:60:27:c6:46:e1:dc:7a:29:34:cb:2d:a4:94:
4d:50:b4:28:9a:a6:80:e3:d9:8d:d6:4e:6f:ee:b0:
20:da:83:49:cc:e4:d7:d4:de:7c:37:9c:e7:d0:0a:
79:75:75:c9:1d:e8:5f:4a:82:17:3e:1d:e4:2f:04:
1a:04:0a:25:b4:49:df:1e:45:7e:ac:e5:f7:bd:66:
e3:f1:18:dc:c3:c8:98:9c:09:b5:d6:42:34:37:10:
92:f0:9c:42:55:24:17:88:a8:35:18:ef:de:56:b7:
fd:27:b4:84:1a:c7:c4:6b:52:5f:35:97:8e:08:8b:
a5:d3:f7:71:71:d8:02:1f:2d:ee:8d:5f:98:a9:72:
74:a1:cc:ff:fe:2b:11:bb:77:19:61:72:8b:49:01:
4b:d2:0f:9b:4a:63:1c:b6:0a:e2:64:28:a7:2d:a7:
3f:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:0A:22:92:60:07:96:62:13:77:29:14:12:87:F7:5E:80:21:10:47
X509v3 Authority Key Identifier:
keyid:97:EB:F1:4A:8E:54:F1:2D:D8:B2:45:35:3D:F6:83:E1:82:A0:96:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-vxSo5U8S3YskU1PfaD4YKglsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/WgoikmAHlmITdykUEof3XoAhEEc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/092b11-1622-4556-8e65-2409aad081d2/1/l-vxSo5U8S3YskU1PfaD4YKglsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.126.0/23
Signature Algorithm: sha256WithRSAEncryption
28:3f:d5:d7:2a:05:5a:27:07:7f:be:c4:b1:e4:5d:c4:6a:95:
72:dd:8c:1b:9c:00:9f:5c:ad:1e:04:c1:47:91:64:59:be:97:
8d:bc:13:26:c6:64:9a:fa:40:fa:4a:34:77:bd:6a:b7:f4:1a:
b4:f2:9f:da:c1:79:16:e1:49:de:06:ab:7d:0c:1a:de:f0:e9:
98:54:90:ae:b1:38:6f:7e:45:e9:8c:58:bb:45:2e:14:1a:62:
42:a9:6e:af:4a:76:fe:df:09:5b:84:3c:af:fb:19:6c:ad:9a:
79:3b:42:e2:88:e2:95:1f:2b:3c:27:7d:d5:44:bf:12:45:94:
b6:5d:dd:29:df:4d:76:a8:69:1a:65:a2:61:17:98:cb:32:76:
09:6f:45:6f:ec:d6:26:23:74:bd:00:3e:05:00:aa:0f:a8:63:
f0:28:e9:4c:9d:c0:bf:79:3e:a1:e2:60:1a:c7:02:0d:b2:1a:
c2:24:2e:bf:f7:3d:9d:5b:90:d8:8e:78:6f:68:a2:00:08:c5:
35:a2:5b:54:ff:a6:76:9b:b6:9c:91:ef:40:e5:4d:b0:df:d2:
03:f6:35:12:12:c4:89:0e:2a:40:41:ac:20:77:36:86:c0:76:
c7:b2:c8:ea:ac:29:2b:08:30:be:aa:6e:9c:13:c4:a3:6a:b2:
7c:e1:5b:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYlkiVyeU6NcYalesmHdADWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWJmMTRhOGU1NGYxMmRkOGIyNDUzNTNkZjY4M2UxODJh
MDk2YzUwHhcNMjMwNzE3MTU0NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTBhMjI5MjYwMDc5NjYyMTM3NzI5MTQxMjg3Zjc1ZTgwMjExMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGqaV5wF4YJtv5p1jMrY9aUOid2y
wquuBdrNtgF2Jjoh2jS9tK2+MXr1Ng9+9NaAWon4F+g1A/JTxJXbEsuH57cc1g/Z
lrTvr/1AZQpqdNepzMtdv9hvbdLZ4WAnxkbh3HopNMstpJRNULQomqaA49mN1k5v
7rAg2oNJzOTX1N58N5zn0Ap5dXXJHehfSoIXPh3kLwQaBAoltEnfHkV+rOX3vWbj
8Rjcw8iYnAm11kI0NxCS8JxCVSQXiKg1GO/eVrf9J7SEGsfEa1JfNZeOCIul0/dx
cdgCHy3ujV+YqXJ0ocz//isRu3cZYXKLSQFL0g+bSmMctgriZCinLac/XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoKIpJgB5ZiE3cpFBKH916AIRBHMB8GA1UdIwQY
MBaAFJfr8UqOVPEt2LJFNT32g+GCoJbFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUt
MjQwOWFhZDA4MWQyLzEvV2dvaWttQUhsbUlUZHlrVUVvZjNYb0FoRUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8wOTJiMTEtMTYyMi00NTU2LThlNjUtMjQwOWFhZDA4MWQy
LzEvbC12eFNvNVU4UzNZc2tVMVBmYUQ0WUtnbHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYt+MA0G
CSqGSIb3DQEBCwUAA4IBAQAoP9XXKgVaJwd/vsSx5F3EapVy3YwbnACfXK0eBMFH
kWRZvpeNvBMmxmSa+kD6SjR3vWq39Bq08p/awXkW4UneBqt9DBre8OmYVJCusThv
fkXpjFi7RS4UGmJCqW6vSnb+3wlbhDyv+xlsrZp5O0LiiOKVHys8J33VRL8SRZS2
Xd0p3012qGkaZaJhF5jLMnYJb0Vv7NYmI3S9AD4FAKoPqGPwKOlMncC/eT6h4mAa
xwINshrCJC6/9z2dW5DYjnhvaKIACMU1oltU/6Z2m7acke9A5U2w39ID9jUSEsSJ
DipAQawgdzaGwHbHssjqrCkrCDC+qm6cE8SjarJ84VuU
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:21:02 2025 by rpki-client