Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/fX_n4KifYUwjctH_2ICEFp8Eh9I.roa
File: fX_n4KifYUwjctH_2ICEFp8Eh9I.roa (raw, json)
Hash identifier: WHdA5fNghct+JMKaufiP6I4M4r5MJJk8yu568YANnJ0=
Subject key identifier: 7D:7F:E7:E0:A8:9F:61:4C:23:72:D1:FF:D8:80:84:16:9F:04:87:D2
Certificate issuer: /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial: 018D9599B6C72A189E40DEDE12D608CF4D4E
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/fX_n4KifYUwjctH_2ICEFp8Eh9I.roa
Signing time: Sun 11 Feb 2024 00:38:15 +0000
ROA not before: Sun 11 Feb 2024 00:38:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61317
IP address blocks: 45.143.238.0/24 maxlen: 24
45.143.239.0/24 maxlen: 24
91.184.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:95:99:b6:c7:2a:18:9e:40:de:de:12:d6:08:cf:4d:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Validity
Not Before: Feb 11 00:38:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7d7fe7e0a89f614c2372d1ffd88084169f0487d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:af:4d:23:54:6c:1e:9d:ad:99:a2:a4:3f:30:
94:d4:f5:b3:cb:d5:41:96:0c:81:5d:6b:50:2c:e6:
f0:a7:3c:a0:a4:ce:73:e3:b8:ca:0d:09:44:f8:24:
7c:6a:55:e5:e1:7f:ba:db:22:6e:c5:70:92:40:16:
36:2a:53:db:48:a8:7f:3e:6a:79:cd:78:76:b2:e4:
a8:1c:08:4c:a9:67:8d:1a:81:7d:bd:48:87:af:26:
68:bb:a9:f1:71:13:02:04:10:41:00:14:98:82:47:
33:dc:f7:68:e3:cc:2b:0c:cd:12:d4:d2:42:7a:c8:
ef:b5:3e:51:57:ce:8d:8e:e1:bf:94:76:6a:5d:23:
0e:61:18:71:54:06:af:45:81:6c:e7:ff:a7:f1:bc:
2d:66:f3:f0:6f:08:bb:47:a9:94:a0:65:0c:c2:9e:
c0:2d:ca:14:0c:7a:56:20:24:df:95:49:5a:de:1b:
58:3f:3c:a6:57:19:40:cf:8c:5a:63:b8:68:66:f4:
9d:94:13:57:fa:bf:19:bd:85:3a:8f:a6:05:32:f1:
3b:05:76:4d:95:c0:24:a3:22:9d:eb:76:e8:1d:09:
c1:54:88:d7:f0:e5:e5:3b:96:ef:16:6b:80:a5:f5:
a2:9b:c9:b5:2f:9e:49:29:16:60:ae:90:c4:1b:6b:
47:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:7F:E7:E0:A8:9F:61:4C:23:72:D1:FF:D8:80:84:16:9F:04:87:D2
X509v3 Authority Key Identifier:
keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/fX_n4KifYUwjctH_2ICEFp8Eh9I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.238.0/23
91.184.253.0/24
Signature Algorithm: sha256WithRSAEncryption
1f:c9:00:8a:5f:57:a7:a6:67:a5:ad:ea:92:5f:d6:04:d7:5f:
b2:15:6a:e0:8a:91:4f:55:a2:c4:43:e3:70:d1:38:a2:5c:f2:
c4:30:a7:af:bf:c1:f9:75:38:d3:7b:a9:fa:86:6a:55:40:12:
86:f9:91:a7:2f:7e:79:72:9c:1d:c2:47:63:95:5f:4d:e5:99:
7c:25:6c:e8:42:ca:84:02:61:b7:71:a1:40:ab:b0:f9:ac:33:
54:f5:de:ec:77:b5:10:37:6f:19:c5:21:9f:15:05:d2:84:65:
5a:44:10:86:31:11:6e:b9:ab:f0:cd:58:e7:af:0c:ea:cf:a6:
2f:a7:b1:53:b8:1b:44:e6:81:26:25:ef:0e:ad:68:5d:a6:4b:
60:06:33:6f:0c:20:a6:60:31:89:a8:51:3b:96:15:f2:d1:4f:
28:06:12:07:e8:20:39:0f:0c:6a:75:46:22:17:37:f6:06:87:
e7:e3:ea:a7:cd:3f:5f:af:86:43:2d:59:4b:4d:4f:97:9a:a5:
17:f7:b0:56:60:86:95:f4:74:60:a2:15:01:45:15:e1:bd:dd:
dd:2f:30:2e:07:29:c1:e7:1c:14:04:90:2e:3a:1b:a7:c8:ef:
fb:9f:57:d0:a4:db:8b:e0:99:15:d2:60:4d:55:3f:2f:29:b5:
e9:06:58:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2VmbbHKhieQN7eEtYIz01OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjQwMjExMDAzODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDdmZTdlMGE4OWY2MTRjMjM3MmQxZmZkODgwODQxNjlmMDQ4N2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApK9NI1RsHp2tmaKkPzCU1PWzy9VB
lgyBXWtQLObwpzygpM5z47jKDQlE+CR8alXl4X+62yJuxXCSQBY2KlPbSKh/Pmp5
zXh2suSoHAhMqWeNGoF9vUiHryZou6nxcRMCBBBBABSYgkcz3Pdo48wrDM0S1NJC
esjvtT5RV86NjuG/lHZqXSMOYRhxVAavRYFs5/+n8bwtZvPwbwi7R6mUoGUMwp7A
LcoUDHpWICTflUla3htYPzymVxlAz4xaY7hoZvSdlBNX+r8ZvYU6j6YFMvE7BXZN
lcAkoyKd63boHQnBVIjX8OXlO5bvFmuApfWim8m1L55JKRZgrpDEG2tHXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH1/5+Con2FMI3LR/9iAhBafBIfSMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvZlhfbjRLaWZZVXdqY3RIXzJJQ0VGcDhFaDlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY/uAwQA
W7j9MA0GCSqGSIb3DQEBCwUAA4IBAQAfyQCKX1enpmelreqSX9YE11+yFWrgipFP
VaLEQ+Nw0TiiXPLEMKevv8H5dTjTe6n6hmpVQBKG+ZGnL355cpwdwkdjlV9N5Zl8
JWzoQsqEAmG3caFAq7D5rDNU9d7sd7UQN28ZxSGfFQXShGVaRBCGMRFuuavwzVjn
rwzqz6Yvp7FTuBtE5oEmJe8OrWhdpktgBjNvDCCmYDGJqFE7lhXy0U8oBhIH6CA5
DwxqdUYiFzf2Bofn4+qnzT9fr4ZDLVlLTU+XmqUX97BWYIaV9HRgohUBRRXhvd3d
LzAuBynB5xwUBJAuOhunyO/7n1fQpNuL4JkV0mBNVT8vKbXpBlj1
-----END CERTIFICATE-----
Generated at Thu Apr 17 00:11:44 2025 by rpki-client