Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/Gi5fLkU-1bblfvyuXEclJCAtv4s.roa
File: Gi5fLkU-1bblfvyuXEclJCAtv4s.roa (raw, json)
Hash identifier: LryTBqtkyVYPUgjmb/HFjuX67PN2xW7rbRcbgtjtifk=
Subject key identifier: 1A:2E:5F:2E:45:3E:D5:B6:E5:7E:FC:AE:5C:47:25:24:20:2D:BF:8B
Certificate issuer: /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial: 018D738CFDAA9D75E73C9B8FDCF09EF84CD6
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/Gi5fLkU-1bblfvyuXEclJCAtv4s.roa
Signing time: Sun 04 Feb 2024 09:57:16 +0000
ROA not before: Sun 04 Feb 2024 09:57:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211056
IP address blocks: 45.81.16.0/24 maxlen: 24
45.81.17.0/24 maxlen: 24
45.81.18.0/24 maxlen: 24
45.81.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:73:8c:fd:aa:9d:75:e7:3c:9b:8f:dc:f0:9e:f8:4c:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Validity
Not Before: Feb 4 09:57:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1a2e5f2e453ed5b6e57efcae5c472524202dbf8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:58:2f:a9:f4:be:20:17:11:55:1a:0e:67:4c:
e3:34:a7:25:5f:76:34:9d:48:42:17:f0:cf:99:24:
20:55:e8:a7:a8:11:5f:e3:fc:17:3d:4c:5e:9f:5e:
a5:4f:18:1c:fd:be:9a:72:6d:4e:48:76:81:83:70:
d8:75:e9:16:c3:3d:8a:66:13:92:fb:b8:b5:8e:90:
07:ec:6d:f9:d0:00:c7:c2:e5:21:7a:d7:c4:77:01:
d0:b1:1c:e2:2a:8c:79:89:44:e5:f6:2e:59:74:3a:
e5:c0:77:b6:a3:18:ca:30:92:e1:bb:10:5f:65:d0:
b2:db:30:80:8c:a5:4f:2c:95:b6:2a:e4:c1:04:fa:
e6:d0:8f:00:4d:26:a9:62:4f:05:87:e9:da:4b:3c:
d7:a9:ec:31:17:fa:1c:77:0f:48:3e:e4:04:89:f0:
fc:9c:db:da:9a:19:41:6a:bb:0f:92:a2:59:db:f5:
65:d3:65:6d:7e:01:f7:60:60:87:44:53:a0:51:1c:
5c:6a:61:8f:a0:b8:96:79:e8:38:e4:bc:fe:4d:b4:
ed:b9:85:cb:90:73:00:59:ed:f2:64:8a:db:6f:17:
16:b1:64:ef:c8:20:6b:30:73:ab:5a:c7:f2:a4:ab:
d8:c3:0c:6f:b9:fc:a5:7d:1a:3f:8a:ee:fb:db:b4:
ff:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:2E:5F:2E:45:3E:D5:B6:E5:7E:FC:AE:5C:47:25:24:20:2D:BF:8B
X509v3 Authority Key Identifier:
keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/Gi5fLkU-1bblfvyuXEclJCAtv4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.16.0/22
Signature Algorithm: sha256WithRSAEncryption
46:28:f0:59:28:13:be:c8:02:16:5a:cf:95:d7:b8:26:51:3c:
2f:1d:2e:b5:44:56:43:c0:23:8a:8a:c0:5e:c6:02:74:96:d4:
66:fd:23:f2:62:8e:95:a1:2d:9c:92:11:45:43:f7:6c:15:03:
dc:2b:87:13:5c:87:32:1c:dc:5b:c5:0c:d4:26:5a:aa:33:c7:
72:73:49:ff:df:5d:53:9e:45:1b:b2:fa:53:e3:2d:e6:0d:59:
7e:04:59:0d:92:64:36:28:62:92:7b:a4:ec:0f:aa:21:21:57:
7d:85:8a:71:18:ef:dd:86:3c:4e:99:94:0b:39:92:66:6e:ed:
4d:8e:ae:8b:76:b8:e6:b6:b6:06:8c:a1:b9:20:ee:f8:f9:f4:
9f:55:36:92:97:71:fd:a2:fe:10:f4:e2:fd:e8:2a:58:eb:b5:
3b:e3:7d:da:f2:72:68:f6:60:80:a2:be:da:29:26:72:37:13:
a6:85:1b:d7:2c:9f:ce:39:4f:d6:6e:be:dc:bf:5b:76:ec:29:
17:f4:96:16:26:0a:bf:ed:df:ea:36:57:f4:dd:36:1c:77:28:
69:4d:fd:b5:d4:6e:18:6a:bd:a4:59:43:7f:0e:3b:29:a0:78:
63:8c:ed:57:8b:06:47:73:20:11:42:ef:d4:96:27:c8:27:6f:
15:fb:ba:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1zjP2qnXXnPJuP3PCe+EzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQwMjA0MDk1NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTJlNWYyZTQ1M2VkNWI2ZTU3ZWZjYWU1YzQ3MjUyNDIwMmRiZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVgvqfS+IBcRVRoOZ0zjNKclX3Y0
nUhCF/DPmSQgVeinqBFf4/wXPUxen16lTxgc/b6acm1OSHaBg3DYdekWwz2KZhOS
+7i1jpAH7G350ADHwuUhetfEdwHQsRziKox5iUTl9i5ZdDrlwHe2oxjKMJLhuxBf
ZdCy2zCAjKVPLJW2KuTBBPrm0I8ATSapYk8Fh+naSzzXqewxF/ocdw9IPuQEifD8
nNvamhlBarsPkqJZ2/Vl02VtfgH3YGCHRFOgURxcamGPoLiWeeg45Lz+TbTtuYXL
kHMAWe3yZIrbbxcWsWTvyCBrMHOrWsfypKvYwwxvufylfRo/iu7727T/xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBouXy5FPtW25X78rlxHJSQgLb+LMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvR2k1ZkxrVS0xYmJsZnZ5dVhFY2xKQ0F0djRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVEQMA0G
CSqGSIb3DQEBCwUAA4IBAQBGKPBZKBO+yAIWWs+V17gmUTwvHS61RFZDwCOKisBe
xgJ0ltRm/SPyYo6VoS2ckhFFQ/dsFQPcK4cTXIcyHNxbxQzUJlqqM8dyc0n/311T
nkUbsvpT4y3mDVl+BFkNkmQ2KGKSe6TsD6ohIVd9hYpxGO/dhjxOmZQLOZJmbu1N
jq6LdrjmtrYGjKG5IO74+fSfVTaSl3H9ov4Q9OL96CpY67U7433a8nJo9mCAor7a
KSZyNxOmhRvXLJ/OOU/Wbr7cv1t27CkX9JYWJgq/7d/qNlf03TYcdyhpTf211G4Y
ar2kWUN/DjspoHhjjO1XiwZHcyARQu/UlifIJ28V+7qd
-----END CERTIFICATE-----
Generated at Fri Apr 18 13:40:58 2025 by rpki-client