Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/DKonQxGM4GAi4d7YGCnH8f_hKOA.roa
File: DKonQxGM4GAi4d7YGCnH8f_hKOA.roa (raw, json)
Hash identifier: 5k1WWfDw4kq4Ur6zMlND9PXAm8vwZ5d7cjox4yjpCKg=
Subject key identifier: 0C:AA:27:43:11:8C:E0:60:22:E1:DE:D8:18:29:C7:F1:FF:E1:28:E0
Certificate issuer: /CN=4bcd72d6cb385a3a33c6c8fe5459c686a6849509
Certificate serial: 0194228D8482AE6CFEF214C9A5081BB3B951
Authority key identifier: 4B:CD:72:D6:CB:38:5A:3A:33:C6:C8:FE:54:59:C6:86:A6:84:95:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S81y1ss4Wjozxsj-VFnGhqaElQk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/DKonQxGM4GAi4d7YGCnH8f_hKOA.roa
Signing time: Wed 01 Jan 2025 15:48:07 +0000
ROA not before: Wed 01 Jan 2025 15:48:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 45.91.228.0/24 maxlen: 24
45.91.229.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:84:82:ae:6c:fe:f2:14:c9:a5:08:1b:b3:b9:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4bcd72d6cb385a3a33c6c8fe5459c686a6849509
Validity
Not Before: Jan 1 15:48:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0caa2743118ce06022e1ded81829c7f1ffe128e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:13:a0:6e:a7:d3:c8:b6:25:04:00:af:ec:e1:
1d:db:5c:92:bf:d1:de:07:49:16:bb:26:15:61:5d:
e8:dc:96:30:73:81:cc:17:26:18:e0:d3:c1:d8:8a:
7d:3f:35:a8:74:ca:79:99:a7:fe:85:f1:88:bf:3d:
ca:57:e6:6e:d2:d8:d3:9b:c7:54:be:e1:16:97:84:
22:16:31:8b:da:61:be:55:7b:5a:a6:8b:5a:01:ac:
3e:b7:20:da:10:40:08:3f:d9:9f:46:64:5e:b4:68:
3b:f7:56:06:63:8e:9b:c2:80:ac:cf:5b:5c:ac:ca:
56:ce:07:92:5e:3c:66:c8:e6:b0:10:64:d6:3c:16:
29:9e:82:39:2d:9f:ed:26:c2:7c:4f:36:53:11:fd:
69:59:73:6f:36:9f:6f:e0:2e:f7:e9:e1:a9:d3:c7:
4d:07:d4:32:7a:3c:7b:06:28:c1:99:87:22:70:97:
b1:06:1f:5e:b9:49:59:d8:0b:4a:16:46:09:0d:80:
46:d4:0f:e7:71:8c:74:ec:8d:dc:7c:d8:47:0d:53:
ac:b1:3d:7f:74:44:6a:04:dc:f0:d0:fc:e1:7e:5d:
15:a3:69:f6:aa:47:4b:01:b4:d1:36:4a:54:10:c9:
e6:af:b5:32:f3:ce:6a:f7:10:2d:a9:87:4e:e1:b9:
eb:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:AA:27:43:11:8C:E0:60:22:E1:DE:D8:18:29:C7:F1:FF:E1:28:E0
X509v3 Authority Key Identifier:
keyid:4B:CD:72:D6:CB:38:5A:3A:33:C6:C8:FE:54:59:C6:86:A6:84:95:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S81y1ss4Wjozxsj-VFnGhqaElQk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/DKonQxGM4GAi4d7YGCnH8f_hKOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/08f671-3c35-450a-a90e-2cce9600660f/1/S81y1ss4Wjozxsj-VFnGhqaElQk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.228.0/23
Signature Algorithm: sha256WithRSAEncryption
0d:e2:40:d3:c2:88:26:c8:fd:16:9b:59:b0:1b:a1:af:7f:a0:
38:0a:1b:07:3f:c6:19:ca:3a:97:40:50:c3:ec:aa:cb:53:12:
31:57:80:ca:36:00:e0:7f:a2:99:18:75:9f:a6:b4:ea:97:f0:
c5:88:ca:27:ad:d5:1a:e0:88:41:6e:6f:ac:b3:f1:ce:0c:0a:
e5:d6:6c:95:b0:e8:b0:00:64:b5:11:d6:62:22:f5:cb:40:40:
11:98:35:9a:e0:88:27:f3:e1:09:88:f8:c6:aa:71:10:a9:60:
69:c9:40:32:9c:42:aa:b8:c6:4c:34:12:c3:94:09:32:2f:45:
19:d4:c2:c3:a1:3a:67:2b:e7:2d:7f:77:f0:ce:fa:e9:ff:45:
65:fe:29:3c:f5:b3:78:08:81:e2:e2:00:95:6c:1b:94:89:74:
f7:88:77:c0:a3:5c:97:cc:a8:ba:f2:1f:b1:59:0d:4b:75:31:
f1:5e:29:1e:c6:28:dd:93:62:12:65:1f:8c:3e:54:27:6a:96:
c1:9a:38:1a:f0:1c:65:e2:06:72:c7:f1:9f:d1:15:47:2a:14:
d9:a0:0e:18:bc:be:e3:9c:f6:c4:0e:fa:1b:21:98:1e:cf:ae:
67:bc:9b:9d:51:fc:0c:ad:81:9d:98:23:c8:ea:b9:09:e8:e2:
da:07:f1:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYSCrmz+8hTJpQgbs7lRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiY2Q3MmQ2Y2IzODVhM2EzM2M2YzhmZTU0NTljNjg2YTY4
NDk1MDkwHhcNMjUwMTAxMTU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FhMjc0MzExOGNlMDYwMjJlMWRlZDgxODI5YzdmMWZmZTEyOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hOgbqfTyLYlBACv7OEd21ySv9He
B0kWuyYVYV3o3JYwc4HMFyYY4NPB2Ip9PzWodMp5maf+hfGIvz3KV+Zu0tjTm8dU
vuEWl4QiFjGL2mG+VXtapotaAaw+tyDaEEAIP9mfRmRetGg791YGY46bwoCsz1tc
rMpWzgeSXjxmyOawEGTWPBYpnoI5LZ/tJsJ8TzZTEf1pWXNvNp9v4C736eGp08dN
B9Qyejx7BijBmYcicJexBh9euUlZ2AtKFkYJDYBG1A/ncYx07I3cfNhHDVOssT1/
dERqBNzw0Pzhfl0Vo2n2qkdLAbTRNkpUEMnmr7Uy885q9xAtqYdO4bnrsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyqJ0MRjOBgIuHe2Bgpx/H/4SjgMB8GA1UdIwQY
MBaAFEvNctbLOFo6M8bI/lRZxoamhJUJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzgxeTFzczRXam96eHNqLVZGbkdocWFFbFFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wOGY2NzEtM2MzNS00NTBhLWE5MGUt
MmNjZTk2MDA2NjBmLzEvREtvblF4R000R0FpNGQ3WUdDbkg4Zl9oS09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wOGY2NzEtM2MzNS00NTBhLWE5MGUtMmNjZTk2MDA2NjBm
LzEvUzgxeTFzczRXam96eHNqLVZGbkdocWFFbFFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVvkMA0G
CSqGSIb3DQEBCwUAA4IBAQAN4kDTwogmyP0Wm1mwG6Gvf6A4ChsHP8YZyjqXQFDD
7KrLUxIxV4DKNgDgf6KZGHWfprTql/DFiMonrdUa4IhBbm+ss/HODArl1myVsOiw
AGS1EdZiIvXLQEARmDWa4Ign8+EJiPjGqnEQqWBpyUAynEKquMZMNBLDlAkyL0UZ
1MLDoTpnK+ctf3fwzvrp/0Vl/ik89bN4CIHi4gCVbBuUiXT3iHfAo1yXzKi68h+x
WQ1LdTHxXikexijdk2ISZR+MPlQnapbBmjga8Bxl4gZyx/Gf0RVHKhTZoA4YvL7j
nPbEDvobIZgez65nvJudUfwMrYGdmCPI6rkJ6OLaB/Fx
-----END CERTIFICATE-----
Generated at Mon Apr 7 19:18:40 2025 by rpki-client