Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/AcNXer91FXN0TtcfCsNTRGHvUDY.roa
File: AcNXer91FXN0TtcfCsNTRGHvUDY.roa (raw, json)
Hash identifier: +/8DGDY+51YSyAFCvrj1T0dk3oMgfvzypTVpB985UdA=
Subject key identifier: 01:C3:57:7A:BF:75:15:73:74:4E:D7:1F:0A:C3:53:44:61:EF:50:36
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 018CCA2A3DC92B25F3F7ED5B5A2C73E1E5D3
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/AcNXer91FXN0TtcfCsNTRGHvUDY.roa
Signing time: Tue 02 Jan 2024 12:33:35 +0000
ROA not before: Tue 02 Jan 2024 12:33:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210512
IP address blocks: 45.91.65.0/24 maxlen: 24
194.187.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2a:3d:c9:2b:25:f3:f7:ed:5b:5a:2c:73:e1:e5:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Jan 2 12:33:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=01c3577abf751573744ed71f0ac3534461ef5036
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d3:cb:5b:5e:fc:cd:74:12:ec:bd:a1:f0:e5:
c6:d1:5b:e5:50:77:d5:5e:46:5d:53:16:fa:87:e8:
35:6e:38:c8:9f:59:54:78:b3:87:19:ac:2d:5d:50:
c5:d7:12:51:e2:f5:8b:90:aa:1a:94:5c:72:a1:a8:
ba:4d:33:f2:50:49:a0:43:98:0f:06:08:84:80:7b:
21:39:38:17:2c:a2:08:74:2f:27:c8:78:67:7a:ea:
f8:01:f6:91:4b:26:70:4f:16:51:35:6c:ea:d5:0f:
2a:40:52:b1:e2:74:45:ac:84:4b:d2:0c:81:04:89:
9d:fc:6d:ce:a5:a2:b0:c2:83:63:88:22:b1:2a:b5:
ee:1d:ab:55:10:eb:17:a7:37:f4:c4:a7:85:4a:3b:
0a:41:04:cf:60:0a:fc:95:0e:5b:ad:5e:6b:2d:26:
bc:8a:40:1e:af:3e:ac:aa:72:da:a1:c5:6f:9e:73:
0d:5a:6a:b7:a1:03:0a:34:49:fe:2a:f6:de:79:75:
d2:e0:11:26:bd:23:37:5a:6d:04:44:c2:78:0e:d8:
00:5b:14:b4:1b:32:77:2f:4b:18:ce:d2:82:d7:d7:
7d:fa:bd:55:a1:05:e8:9c:6e:5e:44:68:53:e8:c5:
96:b4:3a:29:64:6e:b7:d4:16:98:2f:66:92:75:d8:
ec:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:C3:57:7A:BF:75:15:73:74:4E:D7:1F:0A:C3:53:44:61:EF:50:36
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/AcNXer91FXN0TtcfCsNTRGHvUDY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.65.0/24
194.187.120.0/24
Signature Algorithm: sha256WithRSAEncryption
a9:9f:9b:68:c8:e4:7e:ee:fd:75:35:12:f1:07:08:c0:3d:3b:
b5:92:43:28:54:22:21:f3:3e:c1:d9:4d:36:1d:ff:91:1e:27:
bb:41:a8:97:46:78:8e:0d:85:d6:bc:53:18:e8:51:5a:f0:ad:
81:77:89:f2:2f:e0:be:47:a3:79:fc:15:da:8b:53:52:f6:44:
88:a8:ee:cd:9f:14:75:20:af:e9:e2:07:c9:25:19:bb:5a:ad:
6b:e3:5d:5a:4d:c2:4c:78:6d:81:37:a9:4e:fc:96:5b:f8:dc:
4e:92:12:90:47:d2:03:8f:12:8f:51:58:15:43:1e:bc:0a:77:
92:aa:7b:26:4a:5f:35:da:7c:ca:b4:44:41:dc:ac:5b:9d:bf:
40:1d:2a:6f:dd:d4:19:96:e9:97:a0:e8:3c:c2:13:6f:04:6b:
0b:fe:b2:3f:3a:62:bf:b3:c2:5b:56:e4:59:06:c1:0a:74:df:
21:42:4f:f2:e6:3f:4b:32:3f:f3:ca:3b:f5:70:0d:4b:03:dd:
17:3c:ed:d3:c2:20:77:72:01:7a:65:33:bc:40:bd:c1:4d:17:
5c:a8:3d:ed:ac:e6:e8:a9:cc:eb:db:ff:c6:cf:33:7c:bb:c3:
60:98:b7:b6:ce:bc:03:68:0b:90:2a:5f:59:e6:08:83:83:25:
ce:f0:6e:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKj3JKyXz9+1bWixz4eXTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWMzNTc3YWJmNzUxNTczNzQ0ZWQ3MWYwYWMzNTM0NDYxZWY1MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstPLW178zXQS7L2h8OXG0VvlUHfV
XkZdUxb6h+g1bjjIn1lUeLOHGawtXVDF1xJR4vWLkKoalFxyoai6TTPyUEmgQ5gP
BgiEgHshOTgXLKIIdC8nyHhneur4AfaRSyZwTxZRNWzq1Q8qQFKx4nRFrIRL0gyB
BImd/G3OpaKwwoNjiCKxKrXuHatVEOsXpzf0xKeFSjsKQQTPYAr8lQ5brV5rLSa8
ikAerz6sqnLaocVvnnMNWmq3oQMKNEn+KvbeeXXS4BEmvSM3Wm0ERMJ4DtgAWxS0
GzJ3L0sYztKC19d9+r1VoQXonG5eRGhT6MWWtDopZG631BaYL2aSddjsOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAHDV3q/dRVzdE7XHwrDU0Rh71A2MB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvQWNOWGVyOTFGWE4wVHRjZkNzTlRSR0h2VURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVtBAwQA
wrt4MA0GCSqGSIb3DQEBCwUAA4IBAQCpn5toyOR+7v11NRLxBwjAPTu1kkMoVCIh
8z7B2U02Hf+RHie7QaiXRniODYXWvFMY6FFa8K2Bd4nyL+C+R6N5/BXai1NS9kSI
qO7NnxR1IK/p4gfJJRm7Wq1r411aTcJMeG2BN6lO/JZb+NxOkhKQR9IDjxKPUVgV
Qx68CneSqnsmSl812nzKtERB3Kxbnb9AHSpv3dQZlumXoOg8whNvBGsL/rI/OmK/
s8JbVuRZBsEKdN8hQk/y5j9LMj/zyjv1cA1LA90XPO3TwiB3cgF6ZTO8QL3BTRdc
qD3trOboqczr2//GzzN8u8NgmLe2zrwDaAuQKl9Z5giDgyXO8G7e
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:13:33 2025 by rpki-client