Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/XLrkalJTGxQlWc2QIT8q5N9w2o8.roa
File: XLrkalJTGxQlWc2QIT8q5N9w2o8.roa (raw, json)
Hash identifier: s+nUtI5HWcVCMRJi8nHz6LZfjgzHpANOL/lyP3wCc8E=
Subject key identifier: 5C:BA:E4:6A:52:53:1B:14:25:59:CD:90:21:3F:2A:E4:DF:70:DA:8F
Certificate issuer: /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial: 0185C8E8367E134767FA0022C4964136E23C
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/XLrkalJTGxQlWc2QIT8q5N9w2o8.roa
Signing time: Thu 19 Jan 2023 07:22:19 +0000
ROA not before: Thu 19 Jan 2023 07:22:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201194
IP address blocks: 45.81.17.0/24 maxlen: 24
45.81.16.0/24 maxlen: 24
45.81.18.0/24 maxlen: 24
185.201.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:c8:e8:36:7e:13:47:67:fa:00:22:c4:96:41:36:e2:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Validity
Not Before: Jan 19 07:22:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5cbae46a52531b142559cd90213f2ae4df70da8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:2e:63:42:00:5b:e9:c7:32:d1:3c:d0:a8:c1:
a0:64:ba:36:ba:29:c9:ca:28:2a:67:4f:5d:0f:7f:
54:5a:3c:f6:d6:e6:72:de:1e:ec:05:59:7f:60:e8:
36:28:fd:eb:51:20:61:ce:88:39:55:39:45:cb:06:
4d:6d:96:62:70:ff:a7:66:40:ec:8e:6e:49:44:56:
3b:94:2d:b4:da:6d:ae:d8:54:5a:b4:6a:47:ba:c6:
67:c2:50:fd:1b:13:7f:5e:03:5d:00:70:20:e7:63:
19:51:a7:01:bd:2b:73:03:52:22:bd:bc:3a:31:3a:
c8:7d:ac:70:2d:cf:05:19:84:86:ef:9f:bf:05:86:
6b:67:3f:8f:91:50:5e:0f:a3:46:87:2d:a9:05:08:
f6:9e:71:0c:c9:e4:6b:83:20:10:14:4b:bb:ca:bb:
ab:ab:d8:76:40:84:a3:02:ba:33:79:2e:31:74:45:
14:08:eb:d9:36:b6:2d:7b:23:c3:6a:a1:b5:c5:63:
d0:f6:66:47:0c:67:26:a3:2e:76:e3:84:1c:12:d1:
e6:ef:42:95:33:f6:81:5e:d2:08:8a:e0:09:5b:64:
b1:05:6e:a1:ae:28:4a:94:5a:0f:44:9e:7e:d0:d6:
2e:c2:4a:d3:e4:fa:3a:a7:33:f4:8a:bb:f4:76:c4:
45:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:BA:E4:6A:52:53:1B:14:25:59:CD:90:21:3F:2A:E4:DF:70:DA:8F
X509v3 Authority Key Identifier:
keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/XLrkalJTGxQlWc2QIT8q5N9w2o8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.16.0-45.81.18.255
185.201.49.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:c3:37:71:24:ce:1d:68:18:bc:12:85:1b:24:a0:24:a3:80:
75:ec:20:9e:5f:9b:2c:24:52:9a:e3:e1:57:55:a4:3c:e6:02:
a9:ec:68:5a:03:36:3e:46:ed:54:36:8d:9d:a7:ce:9b:3f:e1:
75:04:25:e1:c0:81:20:e7:10:30:fa:f2:e4:6f:eb:e2:e7:67:
06:bb:eb:85:37:80:e3:30:80:fd:d6:b1:6f:1c:99:20:b5:52:
e6:52:8a:dd:b0:b3:37:1a:b8:d5:d0:7c:6c:d9:12:95:3a:a6:
49:b6:74:55:6c:83:a5:4c:18:69:93:cc:0d:aa:8d:fa:64:f9:
b3:41:0b:dd:eb:33:00:8c:b7:58:87:5b:ad:93:fb:50:37:08:
d4:48:f0:27:81:79:b6:31:07:0b:76:88:54:9d:e3:7d:6c:e7:
1c:b5:3b:e6:11:b6:de:e7:e2:e6:9c:ef:97:0e:78:5c:d1:2d:
54:3c:7d:ed:ca:bb:be:5d:ff:9a:3d:6d:ff:57:a7:e0:44:13:
0b:b5:ce:02:08:1e:fa:10:bd:54:6f:52:a3:dd:55:b8:3b:f3:
98:8b:93:45:a6:16:bf:86:6d:7c:c4:79:a3:e4:56:21:f5:22:
ce:29:02:fe:2d:69:0c:28:92:85:d2:90:a6:0f:68:4e:ee:98:
25:ed:68:8a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYXI6DZ+E0dn+gAixJZBNuI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjMwMTE5MDcyMjE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2JhZTQ2YTUyNTMxYjE0MjU1OWNkOTAyMTNmMmFlNGRmNzBkYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5C5jQgBb6ccy0TzQqMGgZLo2uinJ
yigqZ09dD39UWjz21uZy3h7sBVl/YOg2KP3rUSBhzog5VTlFywZNbZZicP+nZkDs
jm5JRFY7lC202m2u2FRatGpHusZnwlD9GxN/XgNdAHAg52MZUacBvStzA1Iivbw6
MTrIfaxwLc8FGYSG75+/BYZrZz+PkVBeD6NGhy2pBQj2nnEMyeRrgyAQFEu7yrur
q9h2QISjArozeS4xdEUUCOvZNrYteyPDaqG1xWPQ9mZHDGcmoy5244QcEtHm70KV
M/aBXtIIiuAJW2SxBW6hrihKlFoPRJ5+0NYuwkrT5Po6pzP0irv0dsRFHwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFy65GpSUxsUJVnNkCE/KuTfcNqPMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvWExya2FsSlRHeFFsV2MyUUlUOHE1Tjl3Mm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAQtURAD
BAAtURIDBAC5yTEwDQYJKoZIhvcNAQELBQADggEBABrDN3Ekzh1oGLwShRskoCSj
gHXsIJ5fmywkUprj4VdVpDzmAqnsaFoDNj5G7VQ2jZ2nzps/4XUEJeHAgSDnEDD6
8uRv6+LnZwa764U3gOMwgP3WsW8cmSC1UuZSit2wszcauNXQfGzZEpU6pkm2dFVs
g6VMGGmTzA2qjfpk+bNBC93rMwCMt1iHW62T+1A3CNRI8CeBebYxBwt2iFSd431s
5xy1O+YRtt7n4uac75cOeFzRLVQ8fe3Ku75d/5o9bf9Xp+BEEwu1zgIIHvoQvVRv
UqPdVbg785iLk0WmFr+GbXzEeaPkViH1Is4pAv4taQwokoXSkKYPaE7umCXtaIo=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:54:23 2025 by rpki-client