Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/indKIqKjTh1N-fbjB3TcVjKdcVY.roa
File: indKIqKjTh1N-fbjB3TcVjKdcVY.roa (raw, json)
Hash identifier: f7KE3gZo47bsUsaftwY987aDUBVtiXy4vRVGXJqvi6A=
Subject key identifier: 8A:77:4A:22:A2:A3:4E:1D:4D:F9:F6:E3:07:74:DC:56:32:9D:71:56
Certificate issuer: /CN=851c281f576b43a1cab953c92041ce9599270c78
Certificate serial: 04E20890
Authority key identifier: 85:1C:28:1F:57:6B:43:A1:CA:B9:53:C9:20:41:CE:95:99:27:0C:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hRwoH1drQ6HKuVPJIEHOlZknDHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/indKIqKjTh1N-fbjB3TcVjKdcVY.roa
Signing time: Sat 01 Jan 2022 05:51:44 +0000
ROA not before: Sat 01 Jan 2022 05:51:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 57793
IP address blocks: 45.83.168.0/22 maxlen: 24
2a0e:8380::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 81922192 (0x4e20890)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=851c281f576b43a1cab953c92041ce9599270c78
Validity
Not Before: Jan 1 05:51:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8a774a22a2a34e1d4df9f6e30774dc56329d7156
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:b4:fd:ce:ff:ab:9b:77:2f:1a:18:1c:cf:dc:
01:ee:7a:3c:64:d9:bd:80:5c:6d:4b:3e:2f:c1:4e:
92:7e:2e:a9:c1:cc:bf:2e:9e:81:85:a8:aa:c3:62:
25:94:17:88:43:0e:ad:aa:1c:37:17:48:4a:29:ec:
34:76:9c:f9:48:4c:0c:95:cb:ba:46:30:2e:86:ef:
be:d8:19:a9:d4:4e:d4:0f:90:7c:5a:d1:72:ec:f1:
49:3d:78:d3:48:4b:a0:d4:fe:a7:38:a0:65:ec:0e:
92:e6:db:f2:20:5c:71:6c:3d:b5:d6:41:71:98:0b:
b7:91:c6:00:14:d4:8e:52:d8:62:c9:a9:27:28:34:
12:68:d7:19:cf:7f:fb:93:4b:be:e0:82:31:5d:d4:
c8:43:5b:29:6a:de:d9:54:55:01:c8:5c:69:45:b8:
20:93:60:56:b5:d8:c4:bd:a7:c2:f2:b5:07:34:14:
a5:62:e2:71:53:42:e6:fb:0b:86:58:4b:a6:82:31:
f7:94:f7:c9:95:fd:0e:ea:0d:50:fd:66:b5:b0:53:
62:19:4c:f2:47:6c:b6:64:0e:91:58:e3:59:51:29:
39:bc:2e:1a:57:18:e3:8e:a1:2a:7a:5a:28:38:8c:
bc:19:58:d3:99:12:2e:b6:52:30:ba:85:54:e6:83:
2c:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:77:4A:22:A2:A3:4E:1D:4D:F9:F6:E3:07:74:DC:56:32:9D:71:56
X509v3 Authority Key Identifier:
keyid:85:1C:28:1F:57:6B:43:A1:CA:B9:53:C9:20:41:CE:95:99:27:0C:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hRwoH1drQ6HKuVPJIEHOlZknDHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/indKIqKjTh1N-fbjB3TcVjKdcVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/hRwoH1drQ6HKuVPJIEHOlZknDHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.83.168.0/22
IPv6:
2a0e:8380::/29
Signature Algorithm: sha256WithRSAEncryption
1d:1f:ec:d2:7a:60:7b:e7:15:2e:d4:f9:6c:92:92:89:7c:eb:
a5:03:26:cd:58:ca:ef:46:d2:41:2d:a6:86:89:5c:a1:4f:98:
69:8b:e3:61:54:6f:36:69:85:69:4a:15:cf:c6:af:5d:60:93:
c8:44:24:e1:12:81:53:8c:07:98:9d:d2:ad:65:2b:6f:bc:68:
5e:17:67:8b:40:fb:ad:de:9b:da:ff:c5:dc:1b:cf:62:83:a3:
e5:b1:8e:62:95:42:86:95:b7:64:11:25:6a:bc:e9:ca:e8:27:
51:cf:92:56:26:9a:2b:6e:97:7c:f1:be:53:f3:7a:72:42:3e:
3f:08:e2:f4:99:6c:3a:d5:de:b0:83:2b:5c:f4:7a:2e:87:57:
4b:74:f4:10:7f:ac:12:ef:02:5d:43:cb:d1:15:63:65:89:ee:
a8:9e:35:48:59:9c:61:3b:a2:47:f3:7c:19:d5:95:7b:42:62:
e5:ed:4e:22:75:32:a7:47:fc:d6:d0:b6:95:b2:0e:e6:54:68:
da:7f:bb:01:42:d2:98:15:bf:f4:3e:1f:81:ff:eb:69:5b:63:
b2:c2:ee:a3:04:c3:eb:8b:b2:2b:87:7a:57:77:a1:ed:6d:7d:
ba:7b:33:1d:5e:0d:14:65:bf:a8:d3:7a:4c:34:f9:c0:d4:72:
fe:1e:4d:19
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEBOIIkDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
NTFjMjgxZjU3NmI0M2ExY2FiOTUzYzkyMDQxY2U5NTk5MjcwYzc4MB4XDTIyMDEw
MTA1NTE0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGE3NzRhMjJhMmEz
NGUxZDRkZjlmNmUzMDc3NGRjNTYzMjlkNzE1NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALG0/c7/q5t3LxoYHM/cAe56PGTZvYBcbUs+L8FOkn4uqcHM
vy6egYWoqsNiJZQXiEMOraocNxdISinsNHac+UhMDJXLukYwLobvvtgZqdRO1A+Q
fFrRcuzxST1400hLoNT+pzigZewOkubb8iBccWw9tdZBcZgLt5HGABTUjlLYYsmp
Jyg0EmjXGc9/+5NLvuCCMV3UyENbKWre2VRVAchcaUW4IJNgVrXYxL2nwvK1BzQU
pWLicVNC5vsLhlhLpoIx95T3yZX9DuoNUP1mtbBTYhlM8kdstmQOkVjjWVEpObwu
GlcY446hKnpaKDiMvBlY05kSLrZSMLqFVOaDLNsCAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBSKd0oioqNOHU359uMHdNxWMp1xVjAfBgNVHSMEGDAWgBSFHCgfV2tDocq5
U8kgQc6VmScMeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2hSd29IMWRyUTZIS3VWUEpJRUhPbFprbkRIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvNGE2OGE3LWRjMzEtNDBmYS1hMTEwLTkxZDU2MjAwYmFmNC8x
L2luZEtJcUtqVGgxTi1mYmpCM1RjVmpLZGNWWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
NGE2OGE3LWRjMzEtNDBmYS1hMTEwLTkxZDU2MjAwYmFmNC8xL2hSd29IMWRyUTZI
S3VWUEpJRUhPbFprbkRIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAi1TqDANBAIAAjAHAwUDKg6DgDAN
BgkqhkiG9w0BAQsFAAOCAQEAHR/s0npge+cVLtT5bJKSiXzrpQMmzVjK70bSQS2m
holcoU+YaYvjYVRvNmmFaUoVz8avXWCTyEQk4RKBU4wHmJ3SrWUrb7xoXhdni0D7
rd6b2v/F3BvPYoOj5bGOYpVChpW3ZBElarzpyugnUc+SViaaK26XfPG+U/N6ckI+
Pwji9JlsOtXesIMrXPR6LodXS3T0EH+sEu8CXUPL0RVjZYnuqJ41SFmcYTuiR/N8
GdWVe0Ji5e1OInUyp0f81tC2lbIO5lRo2n+7AULSmBW/9D4fgf/raVtjssLuowTD
64uyK4d6V3eh7W19unszHV4NFGW/qNN6TDT5wNRy/h5NGQ==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:21:56 2025 by rpki-client