Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/7iS03oECr179NtL288dpDTafijk.roa
File: 7iS03oECr179NtL288dpDTafijk.roa (raw, json)
Hash identifier: zv4c3Tpll3+DIWhCbyPu6rfmHvBoDLwxl/zyM3L9wm8=
Subject key identifier: EE:24:B4:DE:81:02:AF:5E:FD:36:D2:F6:F3:C7:69:0D:36:9F:8A:39
Certificate issuer: /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial: 018BFCF82BAA766D114159D1764BCAF524E4
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/7iS03oECr179NtL288dpDTafijk.roa
Signing time: Thu 23 Nov 2023 16:16:44 +0000
ROA not before: Thu 23 Nov 2023 16:16:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60631
IP address blocks: 45.159.150.0/24 maxlen: 24
45.159.149.0/24 maxlen: 24
146.19.212.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:fc:f8:2b:aa:76:6d:11:41:59:d1:76:4b:ca:f5:24:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Validity
Not Before: Nov 23 16:16:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ee24b4de8102af5efd36d2f6f3c7690d369f8a39
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:23:f5:b7:3b:35:d3:9e:14:df:34:a9:a5:cd:
93:09:4d:64:0c:92:1c:ea:33:b2:fb:b2:e7:b5:a2:
28:85:14:8a:cf:1f:48:61:0d:8e:90:07:11:39:52:
08:24:21:5e:f2:dc:8e:92:82:4b:2e:f7:ab:24:99:
95:10:71:e5:1a:b6:81:3b:27:73:44:a9:46:40:e8:
ab:ad:95:fd:4f:cc:40:dd:76:46:cb:89:85:bb:3d:
3f:7a:c6:25:f3:1d:5f:69:a0:84:8e:3d:f5:3f:d2:
4a:d1:a2:fc:a8:e9:9b:a5:11:5e:ab:31:d5:9a:8f:
d7:38:bf:2e:4e:40:46:82:29:e5:8e:75:f6:d8:95:
48:c6:7d:a1:15:c9:f6:29:a4:4f:55:39:0f:3d:45:
a1:5d:8e:9a:9a:6a:54:82:55:64:d2:72:69:68:c5:
3b:e6:61:d8:14:e2:d8:49:18:d7:f5:80:1e:c1:d1:
e0:a9:3e:b5:cf:94:2e:fc:47:8a:04:07:b5:6f:79:
dc:b7:05:ca:bc:8d:b2:bd:30:ca:5b:03:8f:f3:9e:
78:da:dd:b8:6e:d9:22:33:2c:02:04:cf:30:89:c5:
c8:87:19:ab:4b:53:dd:3d:96:c9:4e:33:88:cf:dc:
33:d3:97:7f:47:9f:44:d5:e1:40:42:75:64:6d:8e:
32:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:24:B4:DE:81:02:AF:5E:FD:36:D2:F6:F3:C7:69:0D:36:9F:8A:39
X509v3 Authority Key Identifier:
keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/7iS03oECr179NtL288dpDTafijk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.149.0-45.159.150.255
146.19.212.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:d5:3b:2d:72:4a:6e:88:87:88:bf:d3:2f:e9:d8:c0:a9:c3:
9e:92:4f:80:5d:1c:fa:9f:74:ea:d6:73:3c:aa:3e:bc:77:22:
2d:b5:35:0c:5e:41:ad:7f:bb:84:bb:36:4c:f3:f9:f9:d0:6c:
8a:b5:77:ef:e5:98:9c:e8:e4:2e:5d:31:61:8a:fe:74:c2:36:
c9:d6:29:cf:f4:b4:c8:74:8f:dd:4c:fc:2b:75:4b:11:11:01:
af:86:93:d2:00:8b:8f:81:42:21:84:a8:60:61:3e:6c:db:b8:
a1:06:8c:a6:5e:ac:17:ae:49:2d:17:09:1b:ad:25:77:0f:b7:
5e:87:de:1c:64:e2:f8:ff:e9:ca:07:f7:cc:be:6b:8a:cf:a7:
c3:1e:cf:e6:24:b5:0b:01:14:3f:3d:cc:50:53:cf:f0:30:8b:
b0:4e:9d:b4:b0:47:2c:5b:8a:c9:c0:95:ac:a7:30:da:f7:b9:
56:6d:27:87:e9:4b:d7:77:b6:1d:cf:45:1a:e5:a9:59:30:76:
87:aa:06:a8:ff:c7:e3:0d:a1:d4:b3:ba:17:90:2d:0f:f6:d2:
2b:6c:91:72:61:67:bf:b1:de:92:b7:73:8b:9d:c5:49:f0:60:
08:85:05:74:40:63:a6:2a:0c:f9:21:56:8d:ed:b9:11:e7:b0:
b7:22:52:48
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYv8+Cuqdm0RQVnRdkvK9STkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjMxMTIzMTYxNjQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTI0YjRkZTgxMDJhZjVlZmQzNmQyZjZmM2M3NjkwZDM2OWY4YTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiP1tzs1054U3zSppc2TCU1kDJIc
6jOy+7LntaIohRSKzx9IYQ2OkAcROVIIJCFe8tyOkoJLLverJJmVEHHlGraBOydz
RKlGQOirrZX9T8xA3XZGy4mFuz0/esYl8x1faaCEjj31P9JK0aL8qOmbpRFeqzHV
mo/XOL8uTkBGginljnX22JVIxn2hFcn2KaRPVTkPPUWhXY6ammpUglVk0nJpaMU7
5mHYFOLYSRjX9YAewdHgqT61z5Qu/EeKBAe1b3nctwXKvI2yvTDKWwOP85542t24
btkiMywCBM8wicXIhxmrS1PdPZbJTjOIz9wz05d/R59E1eFAQnVkbY4yfQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFO4ktN6BAq9e/TbS9vPHaQ02n4o5MB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvN2lTMDNvRUNyMTc5TnRMMjg4ZHBEVGFmaWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAtn5UD
BAAtn5YDBACSE9QwDQYJKoZIhvcNAQELBQADggEBAI3VOy1ySm6Ih4i/0y/p2MCp
w56ST4BdHPqfdOrWczyqPrx3Ii21NQxeQa1/u4S7Nkzz+fnQbIq1d+/lmJzo5C5d
MWGK/nTCNsnWKc/0tMh0j91M/Ct1SxERAa+Gk9IAi4+BQiGEqGBhPmzbuKEGjKZe
rBeuSS0XCRutJXcPt16H3hxk4vj/6coH98y+a4rPp8Mez+YktQsBFD89zFBTz/Aw
i7BOnbSwRyxbisnAlaynMNr3uVZtJ4fpS9d3th3PRRrlqVkwdoeqBqj/x+MNodSz
uheQLQ/20itskXJhZ7+x3pK3c4udxUnwYAiFBXRAY6YqDPkhVo3tuRHnsLciUkg=
-----END CERTIFICATE-----
Generated at Sun Jun 8 08:10:32 2025 by rpki-client