Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/JfZV2AgDgJ1PbU2fq6RxQvVIkk0.roa
File: JfZV2AgDgJ1PbU2fq6RxQvVIkk0.roa (raw, json)
Hash identifier: nt/JLZSJySXiVKQd6nxlJFNdtREYYmawM/Lw5BdBkvE=
Subject key identifier: 25:F6:55:D8:08:03:80:9D:4F:6D:4D:9F:AB:A4:71:42:F5:48:92:4D
Certificate issuer: /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial: 018C7DC622AB8FA65A952B466BADF59EA17B
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/JfZV2AgDgJ1PbU2fq6RxQvVIkk0.roa
Signing time: Mon 18 Dec 2023 16:33:06 +0000
ROA not before: Mon 18 Dec 2023 16:33:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213220
IP address blocks: 193.239.179.0/24 maxlen: 24
45.150.238.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:7d:c6:22:ab:8f:a6:5a:95:2b:46:6b:ad:f5:9e:a1:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
Validity
Not Before: Dec 18 16:33:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=25f655d80803809d4f6d4d9faba47142f548924d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:5b:12:44:8d:a5:ce:c0:53:55:11:fd:2b:13:
03:09:c4:c1:cf:87:06:1c:6d:1d:e7:35:ae:48:db:
b0:7b:e0:7e:fa:19:de:1f:e1:73:92:4f:e5:9b:a8:
cf:3f:1e:52:5d:5c:8b:f4:bd:0e:91:57:e0:ca:aa:
65:b8:89:75:17:66:ce:2d:39:7e:2c:53:4f:3c:ab:
b9:ff:3f:3a:2d:ae:8e:a7:cf:1d:d1:a5:3d:03:d8:
f6:aa:8d:f9:1d:a3:b8:0a:13:a7:a9:ad:54:76:b0:
5e:71:c0:fd:cf:7d:aa:21:9e:9a:53:37:03:9b:62:
58:e9:13:87:b7:0c:ca:e1:78:d1:e4:c7:87:53:b3:
27:cc:74:7b:a0:92:b3:b9:cd:30:c9:5b:71:14:c8:
ff:85:c0:d1:0c:c1:2a:49:68:52:05:50:bd:68:0e:
fe:5d:f7:cc:56:d3:8c:f3:93:8f:ff:25:45:70:8d:
f0:1e:15:1f:64:c3:a1:70:da:35:c8:bd:ce:04:0d:
9d:58:1c:1b:07:cf:f5:b9:a0:e6:05:2c:9d:c1:91:
bc:3d:a2:4a:7e:df:dd:c5:66:12:97:89:e3:a3:e1:
a0:c8:b7:bd:f8:d4:b4:b8:4d:91:ba:12:10:98:9b:
01:95:ba:56:55:a6:5e:24:4d:c5:6a:96:db:78:af:
d7:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:F6:55:D8:08:03:80:9D:4F:6D:4D:9F:AB:A4:71:42:F5:48:92:4D
X509v3 Authority Key Identifier:
keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/JfZV2AgDgJ1PbU2fq6RxQvVIkk0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.150.238.0/23
193.239.179.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:de:32:38:5d:9e:30:ac:3d:6e:78:ad:1f:4f:2e:f7:7b:13:
31:91:1b:6d:a3:af:99:3f:07:b5:62:5d:6b:f1:cf:d6:89:cc:
1d:a2:35:ed:c0:d1:ee:94:f1:46:5d:a3:8e:77:34:4f:3d:56:
1c:e5:f0:f7:40:97:6d:55:de:cd:b2:1f:53:9c:5f:58:b1:fe:
c4:f6:d8:cc:46:a4:13:eb:01:e7:c1:2e:8b:e2:33:6d:de:c4:
08:43:ea:40:a6:ee:ed:3e:12:d3:32:8a:f7:7b:9e:df:d3:f1:
fc:14:8c:f1:38:7b:3a:f5:98:2a:b8:56:b9:71:b0:ef:7b:d3:
50:cf:b0:50:1b:b4:67:d4:37:e2:ac:f1:42:2e:8b:17:01:d7:
7b:3c:df:28:9c:ef:28:c9:08:95:1d:db:33:74:14:1b:3e:4c:
06:9e:e5:08:fd:1e:c4:41:fc:19:9f:b9:da:f9:ca:05:c4:37:
d8:77:c5:ea:44:06:5d:a4:01:22:16:1d:30:99:28:49:70:e0:
01:9a:1c:1d:75:f4:ae:de:71:18:04:04:8a:ef:69:c3:b5:11:
07:d5:8c:80:95:a0:71:57:5d:7c:de:01:14:7a:bf:79:bb:b4:
fa:39:e7:25:c0:70:0f:15:9b:75:1d:de:89:4b:3d:27:d5:3a:
65:f7:55:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYx9xiKrj6ZalStGa631nqF7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjMxMjE4MTYzMzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY2NTVkODA4MDM4MDlkNGY2ZDRkOWZhYmE0NzE0MmY1NDg5MjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41sSRI2lzsBTVRH9KxMDCcTBz4cG
HG0d5zWuSNuwe+B++hneH+Fzkk/lm6jPPx5SXVyL9L0OkVfgyqpluIl1F2bOLTl+
LFNPPKu5/z86La6Op88d0aU9A9j2qo35HaO4ChOnqa1UdrBeccD9z32qIZ6aUzcD
m2JY6ROHtwzK4XjR5MeHU7MnzHR7oJKzuc0wyVtxFMj/hcDRDMEqSWhSBVC9aA7+
XffMVtOM85OP/yVFcI3wHhUfZMOhcNo1yL3OBA2dWBwbB8/1uaDmBSydwZG8PaJK
ft/dxWYSl4njo+GgyLe9+NS0uE2RuhIQmJsBlbpWVaZeJE3FapbbeK/X6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCX2VdgIA4CdT21Nn6ukcUL1SJJNMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvSmZaVjJBZ0RnSjFQYlUyZnE2UnhRdlZJa2swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLZbuAwQA
we+zMA0GCSqGSIb3DQEBCwUAA4IBAQA63jI4XZ4wrD1ueK0fTy73exMxkRtto6+Z
Pwe1Yl1r8c/WicwdojXtwNHulPFGXaOOdzRPPVYc5fD3QJdtVd7Nsh9TnF9Ysf7E
9tjMRqQT6wHnwS6L4jNt3sQIQ+pApu7tPhLTMor3e57f0/H8FIzxOHs69ZgquFa5
cbDve9NQz7BQG7Rn1DfirPFCLosXAdd7PN8onO8oyQiVHdszdBQbPkwGnuUI/R7E
QfwZn7na+coFxDfYd8XqRAZdpAEiFh0wmShJcOABmhwddfSu3nEYBASK72nDtREH
1YyAlaBxV1183gEUer95u7T6OeclwHAPFZt1Hd6JSz0n1Tpl91Vj
-----END CERTIFICATE-----
Generated at Tue Mar 11 05:02:01 2025 by rpki-client