Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/SdMkYwzsLPDpYMhGprBZgshEZ74.roa
File: SdMkYwzsLPDpYMhGprBZgshEZ74.roa (raw, json)
Hash identifier: zuSkHrL5q+jvm4Qik4wMwSOrDWp2Tdn31xAeHYEFOjQ=
Subject key identifier: 49:D3:24:63:0C:EC:2C:F0:E9:60:C8:46:A6:B0:59:82:C8:44:67:BE
Certificate issuer: /CN=7cd162dec78209bc03add081527d54b27e84d26e
Certificate serial: 0193B4A3EDDFCA1F9994E085B6635330E533
Authority key identifier: 7C:D1:62:DE:C7:82:09:BC:03:AD:D0:81:52:7D:54:B2:7E:84:D2:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fNFi3seCCbwDrdCBUn1Usn6E0m4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/SdMkYwzsLPDpYMhGprBZgshEZ74.roa
Signing time: Wed 11 Dec 2024 07:34:22 +0000
ROA not before: Wed 11 Dec 2024 07:34:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43073
IP address blocks: 45.128.108.0/22 maxlen: 22
91.240.106.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:b4:a3:ed:df:ca:1f:99:94:e0:85:b6:63:53:30:e5:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7cd162dec78209bc03add081527d54b27e84d26e
Validity
Not Before: Dec 11 07:34:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=49d324630cec2cf0e960c846a6b05982c84467be
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d3:4f:e9:b2:6b:29:a5:ee:3e:b9:11:3f:95:
de:84:0b:f8:72:b1:8c:f1:e6:65:59:cd:8d:26:53:
66:08:c6:65:2c:39:fc:c9:26:3c:13:aa:e9:fd:eb:
2c:de:78:4d:bc:73:e3:82:e7:81:9b:01:bd:01:37:
38:ad:87:a9:b2:9e:12:9a:14:39:71:cc:de:e0:67:
15:ba:b9:f7:1a:97:ab:66:6b:56:9d:90:c1:3b:73:
8e:cd:04:fa:39:93:20:1e:cf:f2:59:c7:75:56:5f:
43:7c:ad:29:9c:36:5c:6d:5e:f5:0a:c7:89:99:3a:
1c:08:10:57:3b:59:43:c5:0a:0f:6f:99:aa:39:e8:
75:d0:b8:ad:11:2c:c2:ff:e3:a9:38:c9:af:84:d6:
0f:4a:58:39:bd:0e:c6:2a:19:83:1c:98:b4:9f:ca:
2c:a8:17:4b:7d:c5:4b:69:42:17:4c:a7:9b:5a:28:
f0:a7:52:f0:f4:83:d6:fd:a5:9d:b7:12:a5:00:39:
bf:e0:84:19:30:d0:f5:0b:d4:84:03:d3:3a:3d:9f:
97:45:fe:ca:74:c5:fb:9f:e5:aa:c4:18:96:cc:31:
41:1e:52:30:04:7f:03:b5:e4:5b:59:5e:1d:4d:72:
48:fb:4b:66:63:b7:4c:a2:fe:2b:a2:0f:8c:74:e8:
5e:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:D3:24:63:0C:EC:2C:F0:E9:60:C8:46:A6:B0:59:82:C8:44:67:BE
X509v3 Authority Key Identifier:
keyid:7C:D1:62:DE:C7:82:09:BC:03:AD:D0:81:52:7D:54:B2:7E:84:D2:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNFi3seCCbwDrdCBUn1Usn6E0m4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/SdMkYwzsLPDpYMhGprBZgshEZ74.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/031100-458a-474e-927c-df027916ce50/1/fNFi3seCCbwDrdCBUn1Usn6E0m4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.108.0/22
91.240.106.0/23
Signature Algorithm: sha256WithRSAEncryption
11:47:13:f2:0b:12:01:07:dc:32:9f:17:25:03:d1:ad:60:56:
ba:19:d3:88:0f:88:32:b5:ee:c3:01:97:3f:8b:e9:3d:10:21:
5a:ee:14:65:66:33:41:12:1c:1c:ba:7e:20:02:0c:5d:90:d2:
cd:ea:9f:13:38:91:bd:b5:51:2f:a9:f1:c7:38:0b:76:29:ad:
51:a7:c8:bb:35:8a:b1:f5:fe:55:13:d9:99:64:51:07:f5:6a:
7d:e6:6f:71:e0:15:a6:f5:09:c3:b0:a8:22:2c:83:40:ce:3f:
c2:09:0c:86:9b:32:e8:84:9c:5b:20:9a:a1:8e:0b:8e:07:bb:
45:42:60:13:a3:ec:42:a9:85:7b:64:83:a5:65:83:b6:34:77:
ea:94:84:7e:1b:47:ae:45:4a:ea:8b:2f:33:1b:2b:a1:7a:2a:
1c:63:33:f8:c8:e1:07:3a:56:d1:85:75:2b:cf:31:fd:ec:8d:
a3:f5:9c:f0:8e:39:5e:a5:67:9e:3e:7b:d2:79:e9:f1:32:75:
c4:20:0f:87:a1:63:20:43:3f:f0:7a:0b:e5:4a:de:4b:1c:11:
e4:bd:27:5a:65:21:ac:00:e8:d7:76:fb:1b:ac:7b:66:e3:43:
02:36:19:23:af:ae:30:f2:26:d0:a8:b7:92:87:71:cb:f3:9c:
2a:14:0e:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZO0o+3fyh+ZlOCFtmNTMOUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZDE2MmRlYzc4MjA5YmMwM2FkZDA4MTUyN2Q1NGIyN2U4
NGQyNmUwHhcNMjQxMjExMDczNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWQzMjQ2MzBjZWMyY2YwZTk2MGM4NDZhNmIwNTk4MmM4NDQ2N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9NP6bJrKaXuPrkRP5XehAv4crGM
8eZlWc2NJlNmCMZlLDn8ySY8E6rp/ess3nhNvHPjgueBmwG9ATc4rYepsp4SmhQ5
ccze4GcVurn3GperZmtWnZDBO3OOzQT6OZMgHs/yWcd1Vl9DfK0pnDZcbV71CseJ
mTocCBBXO1lDxQoPb5mqOeh10LitESzC/+OpOMmvhNYPSlg5vQ7GKhmDHJi0n8os
qBdLfcVLaUIXTKebWijwp1Lw9IPW/aWdtxKlADm/4IQZMND1C9SEA9M6PZ+XRf7K
dMX7n+WqxBiWzDFBHlIwBH8DteRbWV4dTXJI+0tmY7dMov4rog+MdOheXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEnTJGMM7Czw6WDIRqawWYLIRGe+MB8GA1UdIwQY
MBaAFHzRYt7Hggm8A63QgVJ9VLJ+hNJuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk5GaTNzZUNDYndEcmRDQlVuMVVzbjZFMG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8wMzExMDAtNDU4YS00NzRlLTkyN2Mt
ZGYwMjc5MTZjZTUwLzEvU2RNa1l3enNMUERwWU1oR3ByQlpnc2hFWjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8wMzExMDAtNDU4YS00NzRlLTkyN2MtZGYwMjc5MTZjZTUw
LzEvZk5GaTNzZUNDYndEcmRDQlVuMVVzbjZFMG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYBsAwQB
W/BqMA0GCSqGSIb3DQEBCwUAA4IBAQARRxPyCxIBB9wynxclA9GtYFa6GdOID4gy
te7DAZc/i+k9ECFa7hRlZjNBEhwcun4gAgxdkNLN6p8TOJG9tVEvqfHHOAt2Ka1R
p8i7NYqx9f5VE9mZZFEH9Wp95m9x4BWm9QnDsKgiLINAzj/CCQyGmzLohJxbIJqh
jguOB7tFQmATo+xCqYV7ZIOlZYO2NHfqlIR+G0euRUrqiy8zGyuheiocYzP4yOEH
OlbRhXUrzzH97I2j9ZzwjjlepWeePnvSeenxMnXEIA+HoWMgQz/wegvlSt5LHBHk
vSdaZSGsAOjXdvsbrHtm40MCNhkjr64w8ibQqLeSh3HL85wqFA4X
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:12:37 2025 by rpki-client