Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/0lpgc5fo7-_18R9_oLjexD3mYyQ.roa
File: 0lpgc5fo7-_18R9_oLjexD3mYyQ.roa (raw, json)
Hash identifier: hYIey+PSI0eIvWS4o3pMpgiCVmmVZDURx2vppy6DSGo=
Subject key identifier: D2:5A:60:73:97:E8:EF:EF:F5:F1:1F:7F:A0:B8:DE:C4:3D:E6:63:24
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018B138E718767BE947F861FD6B01F4DEA37
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/0lpgc5fo7-_18R9_oLjexD3mYyQ.roa
Signing time: Mon 09 Oct 2023 08:29:44 +0000
ROA not before: Mon 09 Oct 2023 08:29:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49981
IP address blocks: 194.15.152.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:13:8e:71:87:67:be:94:7f:86:1f:d6:b0:1f:4d:ea:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Oct 9 08:29:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d25a607397e8efeff5f11f7fa0b8dec43de66324
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:fd:2b:03:01:30:30:46:38:36:e1:51:c6:d1:
51:11:4a:a6:54:e4:3c:f6:e5:f3:bd:1b:32:ad:6b:
7d:54:cd:d5:03:ce:ea:f0:f7:4c:2b:7b:df:87:0b:
ae:f1:5c:6a:8c:f9:6c:ac:ef:71:75:4e:e8:72:5d:
83:6a:bc:85:d9:10:96:aa:c3:22:47:4f:c1:5a:53:
e4:2d:e8:b6:d0:e4:20:78:f4:35:4c:e3:d0:18:5d:
85:60:7b:15:70:cb:c4:e3:2d:5b:82:ca:89:04:45:
d0:89:67:66:14:f9:a4:16:25:60:3d:a2:b8:57:73:
77:b0:0d:6d:cb:cf:7a:1c:7b:7a:84:26:25:6f:50:
36:30:e9:14:ee:cc:66:f3:85:9c:6c:6e:d9:b4:25:
0d:b3:37:95:bc:e7:21:a3:a7:4d:4a:2c:44:d7:a3:
a8:17:2c:87:a5:25:06:00:ea:96:0c:47:01:2e:71:
ee:b9:91:c4:05:b5:c8:18:e7:94:bc:82:c8:f9:1e:
3b:66:d5:0d:2a:77:d6:16:7f:ef:2d:ea:27:95:6b:
b5:12:e1:41:d0:bc:b3:bd:54:f0:b3:eb:25:ea:77:
36:a4:8c:23:23:47:4f:c6:b8:1b:13:6f:cf:0c:14:
e4:a7:0b:7b:7c:3e:0f:e0:19:e0:ad:73:d4:12:4c:
04:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:5A:60:73:97:E8:EF:EF:F5:F1:1F:7F:A0:B8:DE:C4:3D:E6:63:24
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/0lpgc5fo7-_18R9_oLjexD3mYyQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.15.152.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:13:e1:92:a7:0c:14:90:37:11:f4:b5:e6:84:f3:48:7a:20:
d6:a3:e8:d5:c0:a8:b2:e8:83:ea:63:e3:83:31:97:54:2d:be:
3a:0e:22:5b:69:f3:cf:5b:ae:6f:a8:0a:6c:de:74:d4:4f:c2:
8b:db:65:2b:2a:4e:18:0f:bd:34:c9:9c:97:98:e5:fd:2f:ba:
3b:58:bf:bc:39:ca:06:d2:06:02:1e:fe:ec:01:92:d1:51:34:
12:6d:1f:1a:d6:3b:e5:1c:36:c6:f2:8a:55:be:3d:44:3f:37:
2f:cd:2d:b8:9e:a3:a2:3f:6b:88:b5:b8:be:a3:c2:b8:7f:ad:
8e:f1:5c:18:59:9d:59:23:a3:82:6c:ff:8f:e5:e9:83:e3:bf:
1e:26:c0:0d:f1:91:07:c1:d1:18:a9:3e:32:b3:47:b1:06:4b:
bb:45:ce:72:8a:e9:32:d8:87:4a:02:b7:2e:ce:6b:0e:2d:d5:
60:29:21:01:00:fa:cd:ed:17:1e:12:1b:6b:17:64:d3:07:69:
2e:d0:f8:4c:a1:50:78:c6:f3:11:29:5d:a7:4d:16:ae:cd:f6:
d6:8a:98:54:e2:f9:a2:c0:00:e3:28:3d:7d:a6:f6:36:ca:ca:
9d:e3:a4:3d:5b:3c:4c:35:6d:dd:47:1b:f0:51:f8:70:33:7a:
a7:59:48:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYsTjnGHZ76Uf4Yf1rAfTeo3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMxMDA5MDgyOTQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjVhNjA3Mzk3ZThlZmVmZjVmMTFmN2ZhMGI4ZGVjNDNkZTY2MzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf0rAwEwMEY4NuFRxtFREUqmVOQ8
9uXzvRsyrWt9VM3VA87q8PdMK3vfhwuu8VxqjPlsrO9xdU7ocl2DaryF2RCWqsMi
R0/BWlPkLei20OQgePQ1TOPQGF2FYHsVcMvE4y1bgsqJBEXQiWdmFPmkFiVgPaK4
V3N3sA1ty896HHt6hCYlb1A2MOkU7sxm84WcbG7ZtCUNszeVvOcho6dNSixE16Oo
FyyHpSUGAOqWDEcBLnHuuZHEBbXIGOeUvILI+R47ZtUNKnfWFn/vLeonlWu1EuFB
0LyzvVTws+sl6nc2pIwjI0dPxrgbE2/PDBTkpwt7fD4P4BngrXPUEkwE2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJaYHOX6O/v9fEff6C43sQ95mMkMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvMGxwZ2M1Zm83LV8xOFI5X29MamV4RDNtWXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg+YMA0G
CSqGSIb3DQEBCwUAA4IBAQB+E+GSpwwUkDcR9LXmhPNIeiDWo+jVwKiy6IPqY+OD
MZdULb46DiJbafPPW65vqAps3nTUT8KL22UrKk4YD700yZyXmOX9L7o7WL+8OcoG
0gYCHv7sAZLRUTQSbR8a1jvlHDbG8opVvj1EPzcvzS24nqOiP2uItbi+o8K4f62O
8VwYWZ1ZI6OCbP+P5emD478eJsAN8ZEHwdEYqT4ys0exBku7Rc5yiuky2IdKArcu
zmsOLdVgKSEBAPrN7RceEhtrF2TTB2ku0PhMoVB4xvMRKV2nTRauzfbWiphU4vmi
wADjKD19pvY2ysqd46Q9WzxMNW3dRxvwUfhwM3qnWUhB
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:49:11 2025 by rpki-client