Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/T45RuZyySxBansBFvjFNDNHPBM0.roa
File: T45RuZyySxBansBFvjFNDNHPBM0.roa (raw, json)
Hash identifier: jvAYeBvazUW+s1CowIOkYgk0EPScal+M8rRS8QikQGU=
Subject key identifier: 4F:8E:51:B9:9C:B2:4B:10:5A:9E:C0:45:BE:31:4D:0C:D1:CF:04:CD
Certificate issuer: /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial: 0194221FFE2520143D965D91D3035F13B831
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/T45RuZyySxBansBFvjFNDNHPBM0.roa
Signing time: Wed 01 Jan 2025 13:48:29 +0000
ROA not before: Wed 01 Jan 2025 13:48:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8708
IP address blocks: 45.91.6.0/24 maxlen: 24
45.133.152.0/24 maxlen: 24
45.133.154.0/23 maxlen: 24
45.135.224.0/24 maxlen: 24
45.145.18.0/23 maxlen: 24
45.150.82.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:fe:25:20:14:3d:96:5d:91:d3:03:5f:13:b8:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Validity
Not Before: Jan 1 13:48:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f8e51b99cb24b105a9ec045be314d0cd1cf04cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:d0:f3:ad:f8:c2:4b:d3:00:83:72:99:e5:f2:
5a:a5:14:03:92:10:4c:a4:44:c1:96:be:5b:91:b8:
4f:6b:41:76:64:19:2c:89:35:b6:ec:eb:16:ae:ae:
34:f6:85:8e:f5:8b:d8:65:b8:e3:0a:e3:52:70:97:
e4:40:7f:8d:1b:d8:59:8a:69:ce:b9:8e:3f:bf:27:
39:bd:39:e0:0b:56:69:5a:e6:e5:53:cd:67:00:02:
f4:6d:c8:2b:29:1d:9e:23:3a:fa:36:d0:c1:db:5c:
ec:3e:8a:66:f2:0a:39:f5:ec:60:fa:0c:66:b6:15:
a1:59:67:ad:47:a5:41:db:9a:ba:a4:b2:94:54:4c:
2b:e8:83:af:ea:97:af:c9:29:cb:f9:1d:cf:1d:4e:
8f:2d:fc:4d:be:e0:69:39:82:20:bd:2d:23:71:4d:
70:b2:c7:73:ec:82:7c:72:21:27:c4:d2:b6:8c:18:
8e:94:dc:b3:d4:27:cb:b2:38:b5:bd:fb:7b:2b:a8:
8b:53:04:db:44:fc:64:d5:3e:15:0c:e3:eb:0a:21:
20:8e:51:fe:8b:3e:24:48:5c:d5:99:f2:ec:6b:7f:
c4:0d:dd:19:7b:e8:ff:12:2e:1b:fe:29:cd:a8:66:
43:b3:e6:53:7c:ae:a0:bc:3e:20:2a:d7:14:e8:95:
28:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:8E:51:B9:9C:B2:4B:10:5A:9E:C0:45:BE:31:4D:0C:D1:CF:04:CD
X509v3 Authority Key Identifier:
keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/T45RuZyySxBansBFvjFNDNHPBM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.6.0/24
45.133.152.0/24
45.133.154.0/23
45.135.224.0/24
45.145.18.0/23
45.150.82.0/23
Signature Algorithm: sha256WithRSAEncryption
14:e0:80:7d:ef:ea:e9:9c:8b:a3:a7:bd:b2:dd:58:c0:2d:72:
d8:16:67:3c:64:0f:33:dc:4c:4d:cb:73:00:97:f9:87:14:d4:
f2:2f:2c:7b:cf:1a:f9:09:9b:d8:d8:36:ce:bc:c5:aa:78:25:
6e:1f:dc:ba:43:35:02:56:90:a3:9d:b3:47:57:b3:63:08:f6:
00:df:99:66:71:01:c2:47:d6:d1:b0:f7:52:ea:d7:b2:9a:dd:
f5:11:aa:73:2f:36:51:11:5a:e1:63:13:43:74:1b:66:e8:4a:
a4:40:cc:f1:77:34:f3:73:87:a9:bf:6b:7e:d3:bb:43:e2:c0:
0a:9e:e6:f0:e8:c8:d4:4b:83:46:0a:fc:46:7c:35:a4:9a:81:
69:bc:b1:fb:18:42:a1:66:4e:b2:54:45:34:af:37:10:3c:92:
d3:e0:fc:bc:aa:26:13:fa:d0:65:08:10:f6:24:b6:ba:36:3a:
43:6f:73:9c:c1:86:2a:1a:03:73:43:76:dd:9f:79:ae:a2:36:
d1:3f:e5:f6:21:93:f4:79:0d:53:1d:ec:3d:87:d8:c2:7a:e4:
be:b7:89:e4:14:05:58:af:12:58:30:f6:5a:16:c3:e5:f5:1a:
d8:d6:4e:6f:b6:a0:22:0a:37:bb:f8:93:91:77:2e:37:b0:fe:
c3:4d:25:89
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQiH/4lIBQ9ll2R0wNfE7gxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwMTAxMTM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjhlNTFiOTljYjI0YjEwNWE5ZWMwNDViZTMxNGQwY2QxY2YwNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8tDzrfjCS9MAg3KZ5fJapRQDkhBM
pETBlr5bkbhPa0F2ZBksiTW27OsWrq409oWO9YvYZbjjCuNScJfkQH+NG9hZimnO
uY4/vyc5vTngC1ZpWublU81nAAL0bcgrKR2eIzr6NtDB21zsPopm8go59exg+gxm
thWhWWetR6VB25q6pLKUVEwr6IOv6pevySnL+R3PHU6PLfxNvuBpOYIgvS0jcU1w
ssdz7IJ8ciEnxNK2jBiOlNyz1CfLsji1vft7K6iLUwTbRPxk1T4VDOPrCiEgjlH+
iz4kSFzVmfLsa3/EDd0Ze+j/Ei4b/inNqGZDs+ZTfK6gvD4gKtcU6JUo3wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFE+OUbmcsksQWp7ARb4xTQzRzwTNMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvVDQ1UnVaeXlTeEJhbnNCRnZqRk5ETkhQQk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALVsGAwQA
LYWYAwQBLYWaAwQALYfgAwQBLZESAwQBLZZSMA0GCSqGSIb3DQEBCwUAA4IBAQAU
4IB97+rpnIujp72y3VjALXLYFmc8ZA8z3ExNy3MAl/mHFNTyLyx7zxr5CZvY2DbO
vMWqeCVuH9y6QzUCVpCjnbNHV7NjCPYA35lmcQHCR9bRsPdS6teymt31EapzLzZR
EVrhYxNDdBtm6EqkQMzxdzTzc4epv2t+07tD4sAKnubw6MjUS4NGCvxGfDWkmoFp
vLH7GEKhZk6yVEU0rzcQPJLT4Py8qiYT+tBlCBD2JLa6NjpDb3OcwYYqGgNzQ3bd
n3muojbRP+X2IZP0eQ1THew9h9jCeuS+t4nkFAVYrxJYMPZaFsPl9RrY1k5vtqAi
Cje7+JORdy43sP7DTSWJ
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:39:33 2025 by rpki-client