Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/xPHhRHsaDfIn35x9A2FI1FFVXl4.roa
File: xPHhRHsaDfIn35x9A2FI1FFVXl4.roa (raw, json)
Hash identifier: thXa7X91QBL3jmeu/BgEurHm1ZnbA/p6KelHp2H+FnM=
Subject key identifier: C4:F1:E1:44:7B:1A:0D:F2:27:DF:9C:7D:03:61:48:D4:51:55:5E:5E
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 018DA167F7935896D75F787AFDBCEFA08019
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/xPHhRHsaDfIn35x9A2FI1FFVXl4.roa
Signing time: Tue 13 Feb 2024 07:39:21 +0000
ROA not before: Tue 13 Feb 2024 07:39:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41789
IP address blocks: 45.82.14.0/23 maxlen: 23
45.91.64.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:a1:67:f7:93:58:96:d7:5f:78:7a:fd:bc:ef:a0:80:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Feb 13 07:39:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c4f1e1447b1a0df227df9c7d036148d451555e5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:da:8b:c6:30:fd:1b:ae:01:db:29:9e:f8:4f:
e1:aa:23:c7:bd:9f:41:08:ce:2d:07:03:bf:5d:c6:
43:b3:0e:9e:4c:69:85:9e:79:f3:0f:91:bf:2d:73:
af:91:8a:26:a4:49:33:45:18:95:9a:de:57:a3:64:
08:a5:54:e5:d9:ef:6e:bb:90:82:72:7d:86:ff:19:
88:ce:ec:0b:c7:f0:5d:74:9c:48:0c:85:4c:6a:25:
6e:0b:48:e0:8e:fd:28:39:67:17:44:34:72:06:2a:
42:33:a8:ad:36:a9:22:13:c9:68:64:23:00:24:a5:
fd:e2:13:80:47:e1:2d:cd:f6:05:14:ff:16:0b:04:
0d:2f:98:b3:69:2c:a2:c2:45:e1:7b:0f:06:ce:e8:
01:55:83:1c:fd:28:dc:ff:e0:b5:b7:74:56:b4:a8:
02:cd:77:2d:c6:da:27:88:23:31:ba:15:25:0b:e8:
87:65:e2:e3:3c:72:a4:51:02:8f:58:35:0f:f2:d3:
2d:13:63:ab:ee:20:61:cc:31:8d:60:07:00:10:80:
40:57:6f:c7:27:0d:01:c9:c1:ec:6b:66:2a:3e:bd:
38:4a:a9:11:07:99:5f:65:61:dc:f3:a4:42:04:c6:
5f:dc:59:20:6e:27:48:dc:ba:85:3d:a2:6b:80:75:
e1:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:F1:E1:44:7B:1A:0D:F2:27:DF:9C:7D:03:61:48:D4:51:55:5E:5E
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/xPHhRHsaDfIn35x9A2FI1FFVXl4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.82.14.0/23
45.91.64.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:01:f2:b7:07:e8:e8:d9:63:a5:f0:36:c4:75:b5:11:42:c8:
ce:ad:1d:1e:0a:05:fb:46:a1:56:80:5e:fd:2c:ae:74:68:de:
8a:bc:35:20:a9:a2:68:27:51:bd:0b:c6:74:da:62:f1:8e:59:
a7:1d:4b:ce:62:3a:4c:5f:95:17:4c:d9:44:a3:bc:f9:47:7a:
05:28:63:9e:e9:27:aa:56:f1:6d:ab:4d:90:4c:c7:f6:f2:00:
dd:f4:27:31:d0:82:81:ed:a7:49:8e:57:96:cf:8f:d8:17:21:
08:f2:6f:39:63:d2:1b:5f:d1:3c:02:58:2a:92:76:5f:9b:de:
73:4c:48:9b:c8:ec:57:7f:b0:2f:40:6a:92:0e:7c:5f:9d:72:
b1:fc:8b:b9:f9:eb:ae:5c:2b:aa:f5:59:ed:94:11:f9:7d:c8:
17:f8:4c:92:3e:8a:4c:bd:3e:dd:29:79:15:95:67:a9:24:69:
b5:14:44:de:95:6f:6c:32:e1:a1:ec:ea:55:60:2d:f7:44:58:
91:29:0e:57:3c:85:fb:5e:18:33:0f:37:47:00:63:b5:1c:4d:
03:40:a5:13:08:43:be:fa:1b:f5:19:bc:d3:fe:30:29:29:68:
c5:0d:78:30:9e:a9:c0:66:ae:08:bc:4b:86:73:9f:0f:96:d9:
25:c2:f8:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2hZ/eTWJbXX3h6/bzvoIAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjQwMjEzMDczOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGYxZTE0NDdiMWEwZGYyMjdkZjljN2QwMzYxNDhkNDUxNTU1ZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9qLxjD9G64B2yme+E/hqiPHvZ9B
CM4tBwO/XcZDsw6eTGmFnnnzD5G/LXOvkYompEkzRRiVmt5Xo2QIpVTl2e9uu5CC
cn2G/xmIzuwLx/BddJxIDIVMaiVuC0jgjv0oOWcXRDRyBipCM6itNqkiE8loZCMA
JKX94hOAR+EtzfYFFP8WCwQNL5izaSyiwkXhew8GzugBVYMc/Sjc/+C1t3RWtKgC
zXctxtoniCMxuhUlC+iHZeLjPHKkUQKPWDUP8tMtE2Or7iBhzDGNYAcAEIBAV2/H
Jw0BycHsa2YqPr04SqkRB5lfZWHc86RCBMZf3FkgbidI3LqFPaJrgHXhCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMTx4UR7Gg3yJ9+cfQNhSNRRVV5eMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEveFBIaFJIc2FEZkluMzV4OUEyRkkxRkZWWGw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLVIOAwQA
LVtAMA0GCSqGSIb3DQEBCwUAA4IBAQAbAfK3B+jo2WOl8DbEdbURQsjOrR0eCgX7
RqFWgF79LK50aN6KvDUgqaJoJ1G9C8Z02mLxjlmnHUvOYjpMX5UXTNlEo7z5R3oF
KGOe6SeqVvFtq02QTMf28gDd9Ccx0IKB7adJjleWz4/YFyEI8m85Y9IbX9E8Algq
knZfm95zTEibyOxXf7AvQGqSDnxfnXKx/Iu5+euuXCuq9VntlBH5fcgX+EySPopM
vT7dKXkVlWepJGm1FETelW9sMuGh7OpVYC33RFiRKQ5XPIX7XhgzDzdHAGO1HE0D
QKUTCEO++hv1GbzT/jApKWjFDXgwnqnAZq4IvEuGc58PltklwvjE
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:52:26 2025 by rpki-client