Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TCFrXzldG5L1rX9Zh-nEnzDDyRE.roa
File: TCFrXzldG5L1rX9Zh-nEnzDDyRE.roa (raw, json)
Hash identifier: Dgu7SCi0AL+uTOXvLo9sEdLTXjgeE++cQa3P2nGGq34=
Subject key identifier: 4C:21:6B:5F:39:5D:1B:92:F5:AD:7F:59:87:E9:C4:9F:30:C3:C9:11
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018E8EB190C1CB4E1CB54C5C4653DE19FF9A
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TCFrXzldG5L1rX9Zh-nEnzDDyRE.roa
Signing time: Sat 30 Mar 2024 09:29:45 +0000
ROA not before: Sat 30 Mar 2024 09:29:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29066
IP address blocks: 2.56.102.0/24 maxlen: 24
2.56.103.0/24 maxlen: 24
2.59.22.0/24 maxlen: 24
2.59.23.0/24 maxlen: 24
45.9.119.0/24 maxlen: 24
45.9.120.0/24 maxlen: 24
45.152.203.0/24 maxlen: 24
193.39.244.0/24 maxlen: 24
2a0f:4a00::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:8e:b1:90:c1:cb:4e:1c:b5:4c:5c:46:53:de:19:ff:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Mar 30 09:29:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4c216b5f395d1b92f5ad7f5987e9c49f30c3c911
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a0:1b:3c:9a:50:20:70:f4:bd:bb:38:f9:58:
d9:a2:63:2e:af:5a:40:88:bf:eb:48:2a:d8:53:00:
f4:d3:e5:67:30:fd:d3:46:49:49:5f:05:b4:53:eb:
27:61:05:ef:11:f8:b2:c6:9e:b4:77:88:2e:09:ff:
c6:43:6e:fc:7e:7e:05:79:f2:95:0b:42:73:67:09:
af:55:e3:53:99:ca:3e:16:ee:df:41:15:bb:88:cc:
ab:39:f9:c5:43:8d:85:23:fb:88:82:1d:bb:5e:c0:
87:ef:27:09:7a:2a:3e:7c:ba:69:00:6c:1b:5e:e2:
34:81:5d:d6:2c:21:45:0a:c4:dd:29:fe:fe:33:19:
9b:ff:01:08:73:78:04:42:46:2b:e5:0b:73:d7:1e:
2d:9d:da:69:0b:22:e5:79:26:fc:24:ea:1c:c8:2d:
01:ab:29:d1:5a:8c:60:25:68:1c:5d:c6:4c:33:a1:
04:fe:f6:77:56:f7:79:bf:d9:1c:93:5f:97:c1:2e:
33:79:af:c8:35:b4:d7:9d:e5:4c:e6:de:61:ec:9f:
10:a8:d5:40:c0:4c:ff:74:89:a7:9a:e6:7f:a1:ce:
a9:81:6b:6f:ea:ec:42:bd:1d:73:9c:f5:ac:69:a4:
07:41:ee:24:8c:cd:a6:72:2c:f2:0d:1e:7b:ca:1f:
eb:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:21:6B:5F:39:5D:1B:92:F5:AD:7F:59:87:E9:C4:9F:30:C3:C9:11
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TCFrXzldG5L1rX9Zh-nEnzDDyRE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.102.0/23
2.59.22.0/23
45.9.119.0-45.9.120.255
45.152.203.0/24
193.39.244.0/24
IPv6:
2a0f:4a00::/29
Signature Algorithm: sha256WithRSAEncryption
c2:2e:72:c3:27:15:ee:c1:6e:0d:62:2d:86:8a:21:c0:bc:9e:
53:7d:bd:f8:fd:1a:08:2e:1c:47:36:94:1e:c4:78:2c:7b:42:
eb:ba:87:4c:3d:4f:12:51:35:c4:3f:93:03:08:20:bf:5f:d7:
69:30:f4:16:4c:75:40:6a:80:60:cf:c8:06:b6:e2:77:b5:8c:
3d:91:7a:4e:f6:c9:96:81:17:c1:29:17:2a:85:e5:e8:4d:d9:
e9:f2:b4:48:0c:a6:e2:44:c2:9d:51:2a:56:bf:89:06:0b:6b:
15:00:03:53:64:8b:53:55:03:a7:78:13:d6:66:c8:28:97:fa:
a0:f5:8a:2b:e1:a9:8d:94:5c:be:39:59:cc:ff:f3:78:c1:93:
08:9b:b7:37:23:bb:98:a2:dd:3d:12:2d:23:61:cc:e1:71:a6:
06:f6:b8:f6:52:9a:fd:38:1f:1a:2a:cb:55:9a:bb:46:d0:b9:
e5:15:ac:92:b7:c7:72:51:59:63:64:98:05:cf:d4:a0:bc:9f:
45:9f:a9:76:2d:44:43:b3:3e:98:1d:ca:df:ff:8e:ed:9c:15:
c6:e0:f2:7e:db:aa:f8:ab:59:82:09:66:f9:a2:c4:72:49:a7:
c9:a7:e9:10:9d:60:9d:db:93:a5:e7:1b:09:46:0a:47:62:e5:
1c:ed:dd:77
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAY6OsZDBy04ctUxcRlPeGf+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMzMwMDkyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzIxNmI1ZjM5NWQxYjkyZjVhZDdmNTk4N2U5YzQ5ZjMwYzNjOTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaAbPJpQIHD0vbs4+VjZomMur1pA
iL/rSCrYUwD00+VnMP3TRklJXwW0U+snYQXvEfiyxp60d4guCf/GQ278fn4FefKV
C0JzZwmvVeNTmco+Fu7fQRW7iMyrOfnFQ42FI/uIgh27XsCH7ycJeio+fLppAGwb
XuI0gV3WLCFFCsTdKf7+Mxmb/wEIc3gEQkYr5Qtz1x4tndppCyLleSb8JOocyC0B
qynRWoxgJWgcXcZMM6EE/vZ3Vvd5v9kck1+XwS4zea/INbTXneVM5t5h7J8QqNVA
wEz/dImnmuZ/oc6pgWtv6uxCvR1znPWsaaQHQe4kjM2mcizyDR57yh/rxwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFEwha185XRuS9a1/WYfpxJ8ww8kRMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvVENGclh6bGRHNUwxclg5WmgtbkVuekREeVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQBAjhmAwQB
AjsWMAwDBAAtCXcDBAAtCXgDBAAtmMsDBADBJ/QwDQQCAAIwBwMFAyoPSgAwDQYJ
KoZIhvcNAQELBQADggEBAMIucsMnFe7Bbg1iLYaKIcC8nlN9vfj9GgguHEc2lB7E
eCx7Quu6h0w9TxJRNcQ/kwMIIL9f12kw9BZMdUBqgGDPyAa24ne1jD2Rek72yZaB
F8EpFyqF5ehN2enytEgMpuJEwp1RKla/iQYLaxUAA1Nki1NVA6d4E9ZmyCiX+qD1
iivhqY2UXL45Wcz/83jBkwibtzcju5ii3T0SLSNhzOFxpgb2uPZSmv04Hxoqy1Wa
u0bQueUVrJK3x3JRWWNkmAXP1KC8n0WfqXYtREOzPpgdyt//ju2cFcbg8n7bqvir
WYIJZvmixHJJp8mn6RCdYJ3bk6XnGwlGCkdi5Rzt3Xc=
-----END CERTIFICATE-----
Generated at Mon Apr 21 22:21:39 2025 by rpki-client