Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/2b179c-2d2d-4423-b6d6-b0837a7d4641/1/LGu11vROpUNW1r2FTFqy4-OMB5w.roa
File: LGu11vROpUNW1r2FTFqy4-OMB5w.roa (raw, json)
Hash identifier: kmMOQyAlOJQBiQOtoMpr7GW41yIOzbvTiMdPDQtvgcg=
Subject key identifier: 2C:6B:B5:D6:F4:4E:A5:43:56:D6:BD:85:4C:5A:B2:E3:E3:8C:07:9C
Certificate issuer: /CN=3f56a63331552ef91d8a0005a338ec982df37c8b
Certificate serial: 01856B53120FC0F79F1B8F0A0ADBFA18E4A2
Authority key identifier: 3F:56:A6:33:31:55:2E:F9:1D:8A:00:05:A3:38:EC:98:2D:F3:7C:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P1amMzFVLvkdigAFozjsmC3zfIs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/2b179c-2d2d-4423-b6d6-b0837a7d4641/1/LGu11vROpUNW1r2FTFqy4-OMB5w.roa
Signing time: Sun 01 Jan 2023 03:14:44 +0000
ROA not before: Sun 01 Jan 2023 03:14:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198575
IP address blocks: 45.85.44.0/22 maxlen: 22
194.146.66.0/24 maxlen: 24
194.146.66.0/23 maxlen: 23
194.146.67.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:53:12:0f:c0:f7:9f:1b:8f:0a:0a:db:fa:18:e4:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3f56a63331552ef91d8a0005a338ec982df37c8b
Validity
Not Before: Jan 1 03:14:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2c6bb5d6f44ea54356d6bd854c5ab2e3e38c079c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:28:d8:ab:7d:c3:a7:13:82:e0:92:f6:b1:d1:
ea:f9:01:62:29:fe:4f:cf:0a:f6:5b:86:c8:4c:54:
55:10:5e:82:39:8e:31:ae:a5:1b:e9:a7:a6:ce:f9:
0d:66:2b:86:20:c6:ba:22:5e:16:c3:be:99:e2:66:
a6:df:08:db:e2:22:99:c4:69:81:f8:6f:74:45:1b:
91:52:50:70:6c:e6:a8:88:34:1f:a2:8c:72:78:df:
ea:b8:72:d5:56:23:fb:7e:58:d4:d8:3b:61:c8:31:
81:06:c8:ae:8e:3a:99:19:72:1b:eb:e1:51:3b:28:
ee:8a:1f:ba:09:f1:43:bb:b3:10:a2:4d:32:67:9b:
e6:13:3e:0f:49:f4:ab:2e:eb:d2:dd:62:96:ff:5d:
95:11:56:4b:e8:30:bb:6c:8a:1e:20:62:22:e8:c9:
29:29:67:e9:73:d6:f6:e3:f4:4b:78:1d:89:ba:6e:
cb:d1:8c:d2:3c:f9:3b:c7:af:57:63:9e:26:96:c1:
44:05:62:b6:48:a1:90:9a:c6:ae:ed:1a:f2:de:e7:
4e:ef:20:cc:2d:1c:c8:13:18:21:31:02:67:3a:ed:
60:84:06:32:a9:64:48:17:24:1e:0f:f3:0c:ab:ef:
7b:d3:e1:68:d4:32:5f:93:53:22:6f:cb:e3:ef:f6:
f4:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:6B:B5:D6:F4:4E:A5:43:56:D6:BD:85:4C:5A:B2:E3:E3:8C:07:9C
X509v3 Authority Key Identifier:
keyid:3F:56:A6:33:31:55:2E:F9:1D:8A:00:05:A3:38:EC:98:2D:F3:7C:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P1amMzFVLvkdigAFozjsmC3zfIs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/2b179c-2d2d-4423-b6d6-b0837a7d4641/1/LGu11vROpUNW1r2FTFqy4-OMB5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/2b179c-2d2d-4423-b6d6-b0837a7d4641/1/P1amMzFVLvkdigAFozjsmC3zfIs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.85.44.0/22
194.146.66.0/23
Signature Algorithm: sha256WithRSAEncryption
91:a4:ba:fc:ad:63:27:cf:a6:f9:f1:14:c7:f9:14:a9:0d:c9:
6a:20:5a:c4:ee:32:ab:24:83:65:37:d6:0a:5e:93:d3:0a:5b:
da:04:80:39:93:3e:94:dd:3d:75:0c:c7:a9:72:52:f4:1b:82:
dc:c5:e1:40:e2:2d:d4:a6:47:e0:c1:71:b2:a0:13:f6:e7:c8:
f7:3f:c6:88:34:e6:4e:7a:61:00:44:fe:7a:90:88:38:31:28:
ab:53:c6:a1:d7:f2:a1:81:01:0f:e9:36:58:ac:21:7f:99:8e:
18:9c:93:a7:50:84:b2:54:61:d0:94:d9:41:aa:93:e7:fa:49:
cd:76:4b:d9:1e:8c:01:6a:2f:84:72:be:e5:f7:2a:a4:d6:ac:
4d:bc:90:47:13:e7:f6:69:5d:71:86:61:53:10:17:01:51:9e:
75:29:5c:34:84:49:d7:41:90:cf:ec:3c:d3:65:12:70:0a:3f:
08:f4:d1:cc:b0:35:ae:7e:51:43:aa:7d:ed:7f:ad:cb:3f:84:
71:ee:a4:81:16:2e:b4:b8:29:57:1a:90:d9:39:84:a1:6f:6c:
41:4e:95:8c:ed:3d:76:8d:a5:b5:e8:e3:30:0d:a3:28:0e:ab:
45:5b:1e:0b:fd:bd:3d:16:c2:1c:69:95:ce:fa:9f:09:c5:34:
79:53:37:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVrUxIPwPefG48KCtv6GOSiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNTZhNjMzMzE1NTJlZjkxZDhhMDAwNWEzMzhlYzk4MmRm
MzdjOGIwHhcNMjMwMTAxMDMxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzZiYjVkNmY0NGVhNTQzNTZkNmJkODU0YzVhYjJlM2UzOGMwNzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyjYq33DpxOC4JL2sdHq+QFiKf5P
zwr2W4bITFRVEF6COY4xrqUb6aemzvkNZiuGIMa6Il4Ww76Z4mam3wjb4iKZxGmB
+G90RRuRUlBwbOaoiDQfooxyeN/quHLVViP7fljU2DthyDGBBsiujjqZGXIb6+FR
Oyjuih+6CfFDu7MQok0yZ5vmEz4PSfSrLuvS3WKW/12VEVZL6DC7bIoeIGIi6Mkp
KWfpc9b24/RLeB2Jum7L0YzSPPk7x69XY54mlsFEBWK2SKGQmsau7Rry3udO7yDM
LRzIExghMQJnOu1ghAYyqWRIFyQeD/MMq+970+Fo1DJfk1Mib8vj7/b0bQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCxrtdb0TqVDVta9hUxasuPjjAecMB8GA1UdIwQY
MBaAFD9WpjMxVS75HYoABaM47Jgt83yLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDFhbU16RlZMdmtkaWdBRm96anNtQzN6ZklzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8yYjE3OWMtMmQyZC00NDIzLWI2ZDYt
YjA4MzdhN2Q0NjQxLzEvTEd1MTF2Uk9wVU5XMXIyRlRGcXk0LU9NQjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8yYjE3OWMtMmQyZC00NDIzLWI2ZDYtYjA4MzdhN2Q0NjQx
LzEvUDFhbU16RlZMdmtkaWdBRm96anNtQzN6ZklzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVUsAwQB
wpJCMA0GCSqGSIb3DQEBCwUAA4IBAQCRpLr8rWMnz6b58RTH+RSpDclqIFrE7jKr
JINlN9YKXpPTClvaBIA5kz6U3T11DMepclL0G4LcxeFA4i3UpkfgwXGyoBP258j3
P8aINOZOemEARP56kIg4MSirU8ah1/KhgQEP6TZYrCF/mY4YnJOnUISyVGHQlNlB
qpPn+knNdkvZHowBai+Ecr7l9yqk1qxNvJBHE+f2aV1xhmFTEBcBUZ51KVw0hEnX
QZDP7DzTZRJwCj8I9NHMsDWuflFDqn3tf63LP4Rx7qSBFi60uClXGpDZOYShb2xB
TpWM7T12jaW16OMwDaMoDqtFWx4L/b09FsIcaZXO+p8JxTR5Uzfh
-----END CERTIFICATE-----
Generated at Sat Apr 19 18:13:52 2025 by rpki-client