Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/2ks0hrrwzTUYCvWJxWfgtX6rmqs.roa
File: 2ks0hrrwzTUYCvWJxWfgtX6rmqs.roa (raw, json)
Hash identifier: 2pDsSjIyl+N/e7nSTayDs4kDiHefsNJVnm09gsR+8hY=
Subject key identifier: DA:4B:34:86:BA:F0:CD:35:18:0A:F5:89:C5:67:E0:B5:7E:AB:9A:AB
Certificate issuer: /CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Certificate serial: 0192EC70650C840F9CE186492D5F830B5403
Authority key identifier: E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/2ks0hrrwzTUYCvWJxWfgtX6rmqs.roa
Signing time: Sat 02 Nov 2024 10:34:01 +0000
ROA not before: Sat 02 Nov 2024 10:34:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199724
IP address blocks: 45.10.56.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:ec:70:65:0c:84:0f:9c:e1:86:49:2d:5f:83:0b:54:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0559ce889ae4241121fe0a1653e4b955f3edf4b
Validity
Not Before: Nov 2 10:34:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=da4b3486baf0cd35180af589c567e0b57eab9aab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:0b:d8:aa:51:51:c6:05:d1:7c:50:ab:9b:69:
14:69:c8:98:cc:3e:5c:d3:1f:fb:1b:66:26:16:92:
48:99:f0:bd:df:b3:b2:88:b8:ec:e0:b9:92:08:14:
85:40:6d:46:f3:d6:07:45:0c:ef:5b:c0:31:7c:58:
4d:d7:fd:75:ff:0b:57:15:64:72:83:56:af:c4:1a:
dd:e0:e6:15:e4:f9:50:c3:72:c8:d2:6d:12:16:b7:
23:49:63:90:4a:35:54:64:3d:c5:b5:91:4c:eb:e0:
1f:5b:c1:46:17:12:e4:50:0d:4e:e0:09:24:d3:12:
95:a2:9a:81:a5:44:a2:9d:88:d8:2b:56:f7:96:60:
d3:69:e0:13:ae:5f:f0:dd:cb:02:6a:2c:6f:4a:2d:
0b:71:2a:6c:43:4e:96:c6:b0:96:e2:0f:15:cc:85:
c8:bd:5f:cc:cc:79:63:4b:ba:c3:45:58:53:c7:a5:
08:e3:b9:eb:1f:87:95:64:b7:26:5a:d9:4f:8f:f5:
30:d2:c2:2e:88:fb:30:48:5c:6e:c4:70:bf:95:90:
0c:69:a5:11:58:d5:f8:f6:31:c3:4b:b1:68:76:84:
c9:79:ec:24:56:85:63:f9:6d:58:fd:26:30:45:a6:
69:37:0b:ec:7e:30:4d:42:43:04:39:cb:b6:82:c8:
14:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:4B:34:86:BA:F0:CD:35:18:0A:F5:89:C5:67:E0:B5:7E:AB:9A:AB
X509v3 Authority Key Identifier:
keyid:E0:55:9C:E8:89:AE:42:41:12:1F:E0:A1:65:3E:4B:95:5F:3E:DF:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FWc6ImuQkESH-ChZT5LlV8-30s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/2ks0hrrwzTUYCvWJxWfgtX6rmqs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1fa4a1-9a1c-47de-aca6-9449957fd5a5/1/4FWc6ImuQkESH-ChZT5LlV8-30s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.10.56.0/24
Signature Algorithm: sha256WithRSAEncryption
45:48:39:71:bb:07:7c:cf:d1:09:ad:b0:dd:69:e2:e2:17:ed:
e7:76:b2:1d:eb:4c:a2:75:89:59:83:a2:22:a7:44:df:36:b6:
45:7b:55:e5:3f:96:39:55:30:28:31:21:f2:c7:6b:b9:ac:07:
1d:b6:c0:8c:d6:46:a6:37:cd:a3:18:9f:b3:3d:db:f6:9d:2f:
1b:fe:72:40:87:95:59:ef:a7:3e:82:72:72:58:7d:2b:e9:d9:
5f:dd:dc:6d:11:c2:0a:2e:3a:27:a8:7f:0f:5a:18:47:3e:18:
1f:a2:d2:d6:2c:24:fa:d6:d4:d3:b4:0b:4f:0d:4d:3e:06:ab:
b0:c0:39:ba:c4:30:6e:5f:e6:c5:d4:c2:16:15:c8:b6:98:c0:
43:0c:93:b1:5b:06:47:c0:f8:69:a9:36:bd:21:86:8e:57:22:
b4:6d:ea:1d:bb:9a:42:60:ec:2e:54:d0:01:fe:d3:2f:64:fa:
24:ab:de:28:6c:ab:54:9d:71:7c:ca:2b:26:69:ce:b5:54:46:
4b:b1:da:c4:a5:53:2d:87:c9:cf:d2:d7:b4:94:85:bb:11:25:
a0:eb:a4:7f:c6:57:68:a7:9a:5b:6a:85:91:9c:ef:d6:f8:6e:
c4:6e:25:bb:65:23:4e:7b:fc:35:d8:b7:44:98:9e:e0:11:1f:
5b:f5:dc:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLscGUMhA+c4YZJLV+DC1QDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTU5Y2U4ODlhZTQyNDExMjFmZTBhMTY1M2U0Yjk1NWYz
ZWRmNGIwHhcNMjQxMTAyMTAzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTRiMzQ4NmJhZjBjZDM1MTgwYWY1ODljNTY3ZTBiNTdlYWI5YWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQvYqlFRxgXRfFCrm2kUaciYzD5c
0x/7G2YmFpJImfC937OyiLjs4LmSCBSFQG1G89YHRQzvW8AxfFhN1/11/wtXFWRy
g1avxBrd4OYV5PlQw3LI0m0SFrcjSWOQSjVUZD3FtZFM6+AfW8FGFxLkUA1O4Akk
0xKVopqBpUSinYjYK1b3lmDTaeATrl/w3csCaixvSi0LcSpsQ06WxrCW4g8VzIXI
vV/MzHljS7rDRVhTx6UI47nrH4eVZLcmWtlPj/Uw0sIuiPswSFxuxHC/lZAMaaUR
WNX49jHDS7FodoTJeewkVoVj+W1Y/SYwRaZpNwvsfjBNQkMEOcu2gsgUNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpLNIa68M01GAr1icVn4LV+q5qrMB8GA1UdIwQY
MBaAFOBVnOiJrkJBEh/goWU+S5VfPt9LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYt
OTQ0OTk1N2ZkNWE1LzEvMmtzMGhycnd6VFVZQ3ZXSnhXZmd0WDZybXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xZmE0YTEtOWExYy00N2RlLWFjYTYtOTQ0OTk1N2ZkNWE1
LzEvNEZXYzZJbXVRa0VTSC1DaFpUNUxsVjgtMzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQo4MA0G
CSqGSIb3DQEBCwUAA4IBAQBFSDlxuwd8z9EJrbDdaeLiF+3ndrId60yidYlZg6Ii
p0TfNrZFe1XlP5Y5VTAoMSHyx2u5rAcdtsCM1kamN82jGJ+zPdv2nS8b/nJAh5VZ
76c+gnJyWH0r6dlf3dxtEcIKLjonqH8PWhhHPhgfotLWLCT61tTTtAtPDU0+Bquw
wDm6xDBuX+bF1MIWFci2mMBDDJOxWwZHwPhpqTa9IYaOVyK0beodu5pCYOwuVNAB
/tMvZPokq94obKtUnXF8yismac61VEZLsdrEpVMth8nP0te0lIW7ESWg66R/xldo
p5pbaoWRnO/W+G7EbiW7ZSNOe/w12LdEmJ7gER9b9dxn
-----END CERTIFICATE-----
Generated at Tue Apr 8 11:24:02 2025 by rpki-client