Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/a5grx22N18dYrKz3icub7YtmbaQ.roa
File: a5grx22N18dYrKz3icub7YtmbaQ.roa (raw, json)
Hash identifier: VHjL9rPZ7tQM+o5YF2Pc6c1NSKW5Q0EAJ2PrRXaq70I=
Subject key identifier: 6B:98:2B:C7:6D:8D:D7:C7:58:AC:AC:F7:89:CB:9B:ED:8B:66:6D:A4
Certificate issuer: /CN=ea1219292d86ca96397b8a8bd24e08b1a897c1a3
Certificate serial: 018D2161C341124504C7FA85439DAA793F20
Authority key identifier: EA:12:19:29:2D:86:CA:96:39:7B:8A:8B:D2:4E:08:B1:A8:97:C1:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6hIZKS2GypY5e4qL0k4IsaiXwaM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/a5grx22N18dYrKz3icub7YtmbaQ.roa
Signing time: Fri 19 Jan 2024 11:01:11 +0000
ROA not before: Fri 19 Jan 2024 11:01:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15763
IP address blocks: 149.232.0.0/17 maxlen: 17
149.232.0.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:21:61:c3:41:12:45:04:c7:fa:85:43:9d:aa:79:3f:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ea1219292d86ca96397b8a8bd24e08b1a897c1a3
Validity
Not Before: Jan 19 11:01:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6b982bc76d8dd7c758acacf789cb9bed8b666da4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:37:09:6d:3f:c5:b2:2b:93:f1:42:c0:bc:84:
c9:46:3c:6d:d6:95:5c:7e:9f:80:e3:ec:90:55:3e:
95:e9:55:d8:27:c9:08:d6:2b:4d:b1:aa:a9:45:8d:
7c:1f:0e:c9:e5:01:f3:1e:6c:c6:4f:b4:38:25:b7:
84:e2:58:ce:c5:9e:ee:18:ff:ca:0e:e3:35:16:10:
05:c0:5f:c3:d8:5b:f6:a3:2a:52:fc:24:2f:dc:8b:
52:9f:e1:b7:30:a4:00:56:0d:9d:5c:a5:af:6b:f1:
b5:cb:6e:dc:7b:eb:47:ed:62:4c:de:44:90:5e:49:
05:52:90:f3:8d:6d:de:6c:e3:48:34:44:ee:bf:b8:
a8:33:3a:26:93:49:c2:87:ad:b9:2b:0b:f0:a2:76:
46:40:c4:c1:3e:80:1f:1e:4f:73:90:74:25:7e:74:
7a:6f:16:e7:4b:2b:5f:26:89:00:28:5c:c6:eb:cf:
77:e8:84:0a:8f:2d:31:95:b8:db:2b:86:33:35:35:
46:5a:c8:41:e8:09:b1:bc:a3:fa:1a:b7:c1:f7:09:
f0:b8:12:3f:62:ec:5b:c0:23:1e:fe:f0:6d:b1:4c:
cd:1f:d0:f3:9a:25:89:98:03:4b:a0:71:db:c0:34:
c0:e9:c9:c4:de:d3:ce:30:35:97:c2:77:9a:6c:04:
b3:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:98:2B:C7:6D:8D:D7:C7:58:AC:AC:F7:89:CB:9B:ED:8B:66:6D:A4
X509v3 Authority Key Identifier:
keyid:EA:12:19:29:2D:86:CA:96:39:7B:8A:8B:D2:4E:08:B1:A8:97:C1:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6hIZKS2GypY5e4qL0k4IsaiXwaM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/a5grx22N18dYrKz3icub7YtmbaQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/cbb2e4-88c3-4cc0-9675-c98a1bde6476/1/6hIZKS2GypY5e4qL0k4IsaiXwaM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.232.0.0/17
Signature Algorithm: sha256WithRSAEncryption
2e:ca:3d:99:91:88:97:21:4f:7f:2c:33:0f:11:19:93:72:a1:
e0:e8:27:34:1a:5e:96:9b:93:30:44:98:e3:2d:ab:e3:e5:89:
2e:27:6c:42:f3:e6:5c:05:1b:59:e5:6b:6c:62:14:89:d6:4e:
10:99:40:40:12:7a:11:73:7a:01:1f:8e:4e:4f:e8:21:d9:75:
5a:fc:eb:80:92:a7:e7:f4:96:e6:50:9d:c1:e9:ae:af:28:2a:
4e:2c:b2:68:df:16:3a:3e:25:9e:88:42:9e:d2:85:cc:44:ab:
e7:69:12:5d:ff:ec:2d:ee:22:69:56:b9:e9:6d:9f:43:bb:8e:
f4:9f:2a:f2:4d:5c:3c:92:fe:7f:bb:ae:65:9f:11:25:85:be:
9a:61:1c:d4:b7:39:ee:f0:e2:bb:61:20:0c:1d:47:13:bd:ae:
7b:99:44:d3:67:9b:f9:a6:ac:5a:cf:93:49:1a:19:be:d9:75:
01:88:f8:16:ab:f2:12:8f:f5:c9:4e:4a:b9:0b:f7:11:f8:6a:
63:c9:f5:59:eb:6b:f0:ee:9b:27:a7:e8:fa:ca:d6:77:89:d5:
73:49:e2:be:3f:9e:6e:14:7f:99:43:93:ac:8b:f1:f1:d0:b4:
8d:82:70:8f:a7:df:92:b1:94:11:fa:66:79:f0:e7:ba:02:2b:
33:70:97:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0hYcNBEkUEx/qFQ52qeT8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMTIxOTI5MmQ4NmNhOTYzOTdiOGE4YmQyNGUwOGIxYTg5
N2MxYTMwHhcNMjQwMTE5MTEwMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjk4MmJjNzZkOGRkN2M3NThhY2FjZjc4OWNiOWJlZDhiNjY2ZGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDcJbT/FsiuT8ULAvITJRjxt1pVc
fp+A4+yQVT6V6VXYJ8kI1itNsaqpRY18Hw7J5QHzHmzGT7Q4JbeE4ljOxZ7uGP/K
DuM1FhAFwF/D2Fv2oypS/CQv3ItSn+G3MKQAVg2dXKWva/G1y27ce+tH7WJM3kSQ
XkkFUpDzjW3ebONINETuv7ioMzomk0nCh625KwvwonZGQMTBPoAfHk9zkHQlfnR6
bxbnSytfJokAKFzG68936IQKjy0xlbjbK4YzNTVGWshB6AmxvKP6GrfB9wnwuBI/
YuxbwCMe/vBtsUzNH9DzmiWJmANLoHHbwDTA6cnE3tPOMDWXwneabASznwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuYK8dtjdfHWKys94nLm+2LZm2kMB8GA1UdIwQY
MBaAFOoSGSkthsqWOXuKi9JOCLGol8GjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmhJWktTMkd5cFk1ZTRxTDBrNElzYWlYd2FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9jYmIyZTQtODhjMy00Y2MwLTk2NzUt
Yzk4YTFiZGU2NDc2LzEvYTVncngyMk4xOGRZckt6M2ljdWI3WXRtYmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9jYmIyZTQtODhjMy00Y2MwLTk2NzUtYzk4YTFiZGU2NDc2
LzEvNmhJWktTMkd5cFk1ZTRxTDBrNElzYWlYd2FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHlegAMA0G
CSqGSIb3DQEBCwUAA4IBAQAuyj2ZkYiXIU9/LDMPERmTcqHg6Cc0Gl6Wm5MwRJjj
Lavj5YkuJ2xC8+ZcBRtZ5WtsYhSJ1k4QmUBAEnoRc3oBH45OT+gh2XVa/OuAkqfn
9JbmUJ3B6a6vKCpOLLJo3xY6PiWeiEKe0oXMRKvnaRJd/+wt7iJpVrnpbZ9Du470
nyryTVw8kv5/u65lnxElhb6aYRzUtznu8OK7YSAMHUcTva57mUTTZ5v5pqxaz5NJ
Ghm+2XUBiPgWq/ISj/XJTkq5C/cR+GpjyfVZ62vw7psnp+j6ytZ3idVzSeK+P55u
FH+ZQ5Osi/Hx0LSNgnCPp9+SsZQR+mZ58Oe6AiszcJfv
-----END CERTIFICATE-----
Generated at Sat Apr 19 15:21:35 2025 by rpki-client