Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/ag1EsuNGAuYPLyXjf7joZV1WP2o.roa
File: ag1EsuNGAuYPLyXjf7joZV1WP2o.roa (raw, json)
Hash identifier: CAAmct2uK+0I/uT5P4P52EPM5E267Wu+Qftl0rSsscU=
Subject key identifier: 6A:0D:44:B2:E3:46:02:E6:0F:2F:25:E3:7F:B8:E8:65:5D:56:3F:6A
Certificate issuer: /CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
Certificate serial: 0CE1D42D
Authority key identifier: 08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/ag1EsuNGAuYPLyXjf7joZV1WP2o.roa
Signing time: Thu 12 May 2022 19:46:02 +0000
ROA not before: Thu 12 May 2022 19:46:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60134
IP address blocks: 45.152.157.0/24 maxlen: 24
45.152.156.0/24 maxlen: 24
193.30.129.0/24 maxlen: 24
45.152.158.0/24 maxlen: 24
45.152.159.0/24 maxlen: 24
185.158.253.0/24 maxlen: 24
185.158.252.0/22 maxlen: 22
185.158.252.0/24 maxlen: 24
185.158.255.0/24 maxlen: 24
185.158.254.0/24 maxlen: 24
45.144.206.0/24 maxlen: 24
45.144.205.0/24 maxlen: 24
45.144.204.0/22 maxlen: 22
45.144.204.0/24 maxlen: 24
45.144.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 216126509 (0xce1d42d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08d3a515683e9ddb85d38e7ab39c33aedacaf7ef
Validity
Not Before: May 12 19:46:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6a0d44b2e34602e60f2f25e37fb8e8655d563f6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:c0:0c:96:2d:8b:2f:e8:8b:43:b7:3b:0d:e9:
94:b6:ae:5f:f1:01:fa:a3:59:da:0d:42:2d:c5:0f:
6f:7a:e9:25:e3:34:82:3c:f2:19:0e:e3:97:a0:6f:
fd:e9:05:f2:a0:45:b7:52:29:09:a4:e1:26:c7:90:
2d:da:ce:6b:c8:f2:66:bf:d9:16:c4:3f:6d:b1:a5:
d7:4b:8a:2c:a2:d9:16:a5:cc:68:6b:d0:ea:48:ae:
0a:1e:3c:d7:fb:39:d1:d4:bb:bf:fc:a3:d5:50:c5:
11:86:31:93:e5:14:2e:a3:42:16:1b:60:b5:c0:13:
7e:d9:c3:ac:68:aa:e1:16:67:af:26:3a:26:93:02:
c5:8a:2c:bc:45:6b:d0:83:31:18:41:ea:3f:30:6a:
fe:d0:70:34:2f:4e:23:04:d6:31:00:a4:eb:f3:f4:
1c:80:88:39:1b:89:55:22:c7:73:8e:d8:cf:d6:98:
7a:12:a7:56:aa:dc:2d:80:28:3e:de:16:7a:a9:dd:
cd:4c:ed:7a:36:11:c0:bd:94:0e:f6:02:d8:a1:21:
63:82:de:e6:02:ec:ac:01:09:93:c9:38:0f:d8:51:
74:d7:03:44:21:e3:45:33:8d:9b:00:37:97:a4:36:
bc:80:10:45:28:a3:d2:6d:17:95:10:e4:02:42:49:
31:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:0D:44:B2:E3:46:02:E6:0F:2F:25:E3:7F:B8:E8:65:5D:56:3F:6A
X509v3 Authority Key Identifier:
keyid:08:D3:A5:15:68:3E:9D:DB:85:D3:8E:7A:B3:9C:33:AE:DA:CA:F7:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CNOlFWg-nduF0456s5wzrtrK9-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/ag1EsuNGAuYPLyXjf7joZV1WP2o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/67cfa0-a32b-4063-9370-0b5c5d94426a/1/CNOlFWg-nduF0456s5wzrtrK9-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.144.204.0/22
45.152.156.0/22
185.158.252.0/22
193.30.129.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:cb:96:7a:19:60:d0:4f:df:fa:24:55:a5:d6:67:0e:08:a2:
8a:bf:ac:16:df:9f:11:98:43:ca:c1:e6:b0:76:6e:e2:5d:a7:
9a:c0:86:b5:24:4d:0a:b0:d4:64:dc:c0:33:c6:7e:58:f1:2b:
46:17:ee:87:94:62:44:87:f5:49:7c:33:af:7b:27:5f:e3:ab:
f6:e6:c2:87:9d:2a:9a:e6:b3:56:cc:e0:fb:63:60:bd:0f:9d:
00:14:35:8d:4a:e3:2f:12:3e:ac:b3:cc:49:d9:10:a5:1d:cb:
45:e7:5c:e9:8b:f0:7f:88:9a:5f:0d:e6:dc:27:bc:91:9e:b4:
fb:f5:68:68:c6:28:4a:af:42:cc:b7:72:ba:70:10:bd:fe:db:
0e:e4:eb:ef:35:11:c9:79:9e:c7:11:58:94:02:12:1f:28:f2:
42:88:23:44:b0:fb:c7:f6:9d:77:36:d3:34:0a:45:b7:47:bd:
5c:7d:e2:5c:f3:6b:10:ca:8d:fd:c6:eb:f4:41:a5:f7:e6:ef:
00:04:41:2b:1b:b6:1c:95:82:74:c2:c7:c2:cf:49:54:99:fb:
08:9e:97:c1:22:c3:e4:cd:b7:9d:7a:85:56:eb:2c:fe:69:d1:
bf:40:62:da:a5:1c:e2:4d:20:a8:40:60:e8:15:65:12:4b:0e:
8a:5b:72:0b
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEDOHULTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
OGQzYTUxNTY4M2U5ZGRiODVkMzhlN2FiMzljMzNhZWRhY2FmN2VmMB4XDTIyMDUx
MjE5NDYwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmEwZDQ0YjJlMzQ2
MDJlNjBmMmYyNWUzN2ZiOGU4NjU1ZDU2M2Y2YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOrADJYtiy/oi0O3Ow3plLauX/EB+qNZ2g1CLcUPb3rpJeM0
gjzyGQ7jl6Bv/ekF8qBFt1IpCaThJseQLdrOa8jyZr/ZFsQ/bbGl10uKLKLZFqXM
aGvQ6kiuCh481/s50dS7v/yj1VDFEYYxk+UULqNCFhtgtcATftnDrGiq4RZnryY6
JpMCxYosvEVr0IMxGEHqPzBq/tBwNC9OIwTWMQCk6/P0HICIORuJVSLHc47Yz9aY
ehKnVqrcLYAoPt4WeqndzUztejYRwL2UDvYC2KEhY4Le5gLsrAEJk8k4D9hRdNcD
RCHjRTONmwA3l6Q2vIAQRSij0m0XlRDkAkJJMbcCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBRqDUSy40YC5g8vJeN/uOhlXVY/ajAfBgNVHSMEGDAWgBQI06UVaD6d24XT
jnqznDOu2sr37zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NOT2xGV2ctbmR1RjA0NTZzNXd6cnRySzktOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTkvNjdjZmEwLWEzMmItNDA2My05MzcwLTBiNWM1ZDk0NDI2YS8x
L2FnMUVzdU5HQXVZUEx5WGpmN2pvWlYxV1Ayby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTkv
NjdjZmEwLWEzMmItNDA2My05MzcwLTBiNWM1ZDk0NDI2YS8xL0NOT2xGV2ctbmR1
RjA0NTZzNXd6cnRySzktOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAi2QzAMEAi2YnAMEArme/AMEAMEe
gTANBgkqhkiG9w0BAQsFAAOCAQEAXMuWehlg0E/f+iRVpdZnDgiiir+sFt+fEZhD
ysHmsHZu4l2nmsCGtSRNCrDUZNzAM8Z+WPErRhfuh5RiRIf1SXwzr3snX+Or9ubC
h50qmuazVszg+2NgvQ+dABQ1jUrjLxI+rLPMSdkQpR3LRedc6Yvwf4iaXw3m3Ce8
kZ60+/VoaMYoSq9CzLdyunAQvf7bDuTr7zURyXmexxFYlAISHyjyQogjRLD7x/ad
dzbTNApFt0e9XH3iXPNrEMqN/cbr9EGl9+bvAARBKxu2HJWCdMLHws9JVJn7CJ6X
wSLD5M23nXqFVuss/mnRv0Bi2qUc4k0gqEBg6BVlEksOiltyCw==
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:28:58 2025 by rpki-client