Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kPxiABfO81x9VledBPlrlrDFTF8.roa
File: kPxiABfO81x9VledBPlrlrDFTF8.roa (raw, json)
Hash identifier: Guala7kQNfMMXJ8m6aj4dblRg4JUSSpY1Xld3A8PY3o=
Subject key identifier: 90:FC:62:00:17:CE:F3:5C:7D:56:57:9D:04:F9:6B:96:B0:C5:4C:5F
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018F42D883B45861846F9FE9180A2C44FEE5
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kPxiABfO81x9VledBPlrlrDFTF8.roa
Signing time: Sat 04 May 2024 09:03:56 +0000
ROA not before: Sat 04 May 2024 09:03:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212238
IP address blocks: 45.12.60.0/24 maxlen: 24
45.128.79.0/24 maxlen: 24
45.141.178.0/24 maxlen: 24
93.190.246.0/24 maxlen: 24
2a0f:7d03::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:42:d8:83:b4:58:61:84:6f:9f:e9:18:0a:2c:44:fe:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: May 4 09:03:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=90fc620017cef35c7d56579d04f96b96b0c54c5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:c7:96:4d:c6:48:e1:28:95:5c:69:bb:5e:bb:
d6:33:e3:ce:18:b8:93:dc:cf:d5:a7:8b:7d:33:4f:
37:98:3b:de:54:72:4c:5f:eb:a1:07:22:9a:6a:33:
ac:91:9a:d4:cb:e3:8a:04:c2:80:35:51:35:52:de:
0e:a2:32:4a:a2:04:ab:fc:df:41:d1:11:9d:8d:84:
df:57:ac:74:60:88:29:74:3c:ee:50:18:38:7c:04:
90:6e:60:9f:1e:71:55:b2:87:4e:8b:ce:e7:1a:51:
40:a8:ae:1e:ba:1b:b2:4b:df:6b:91:d8:e0:e2:39:
89:18:44:ae:b2:fd:be:e6:35:4a:72:df:6e:45:7b:
00:70:f6:4b:fa:96:ab:ca:4a:2c:11:b3:92:b6:7f:
7c:04:eb:af:ae:62:6d:08:12:d5:87:1a:9b:7d:7f:
4d:8f:8a:58:3a:be:ba:4b:0a:07:ec:8f:db:91:65:
e5:70:2b:bb:0f:14:94:00:99:60:16:c3:de:a8:7b:
4d:68:0f:51:db:92:5f:d8:88:d2:4c:23:d4:55:4a:
e1:9e:a4:0d:9a:d2:7a:8a:5f:eb:b7:84:4f:7e:2a:
61:0c:24:3c:b7:c7:d8:5a:49:7e:30:56:fa:63:99:
9d:0f:f0:7a:ac:15:ab:cd:42:22:97:79:de:a2:4f:
fe:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:FC:62:00:17:CE:F3:5C:7D:56:57:9D:04:F9:6B:96:B0:C5:4C:5F
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kPxiABfO81x9VledBPlrlrDFTF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.60.0/24
45.128.79.0/24
45.141.178.0/24
93.190.246.0/24
IPv6:
2a0f:7d03::/32
Signature Algorithm: sha256WithRSAEncryption
b5:ad:b3:98:f2:82:28:ea:6a:22:fc:69:7c:cb:4e:00:17:d2:
e6:48:d7:c2:b2:06:42:94:7c:e3:a5:3e:77:1f:0a:0e:ba:ed:
53:fc:96:69:8c:ae:d9:11:bc:03:94:63:dd:54:58:9b:3d:31:
1e:ea:97:42:0f:b5:24:21:7e:99:76:28:4b:fe:f8:4a:9a:6a:
21:f1:91:fb:96:95:c8:e3:22:bb:b4:e1:1f:a8:1f:5c:64:82:
25:7a:e8:f0:ef:30:8b:cc:fc:04:2f:a9:2f:4f:d8:a8:02:8c:
d3:99:a2:2f:ae:e3:67:71:a2:f4:1a:b3:eb:69:68:86:c1:95:
4e:b5:26:b5:a1:3a:31:7c:a5:34:7c:8f:4b:1d:4a:a5:57:28:
64:26:1e:c7:d6:6f:bc:4d:84:f1:b6:40:d0:f9:d6:5b:ff:38:
92:f5:3e:dd:c1:ab:52:0f:5e:2a:16:ed:05:ef:e1:35:17:d5:
b2:6a:53:2c:b2:51:0f:30:b4:a3:40:16:85:d6:0f:3c:b5:a2:
db:7a:5b:46:0c:74:08:1e:04:10:5d:ea:19:d6:33:15:20:38:
85:aa:e0:85:a7:81:3c:20:a1:05:ca:85:46:25:05:2f:48:a0:
91:d6:b6:e2:6c:ea:24:74:52:f5:73:17:0e:f3:56:f4:01:bf:
08:b2:01:ee
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY9C2IO0WGGEb5/pGAosRP7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNTA0MDkwMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZjNjIwMDE3Y2VmMzVjN2Q1NjU3OWQwNGY5NmI5NmIwYzU0YzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08eWTcZI4SiVXGm7XrvWM+POGLiT
3M/Vp4t9M083mDveVHJMX+uhByKaajOskZrUy+OKBMKANVE1Ut4OojJKogSr/N9B
0RGdjYTfV6x0YIgpdDzuUBg4fASQbmCfHnFVsodOi87nGlFAqK4euhuyS99rkdjg
4jmJGESusv2+5jVKct9uRXsAcPZL+parykosEbOStn98BOuvrmJtCBLVhxqbfX9N
j4pYOr66SwoH7I/bkWXlcCu7DxSUAJlgFsPeqHtNaA9R25Jf2IjSTCPUVUrhnqQN
mtJ6il/rt4RPfiphDCQ8t8fYWkl+MFb6Y5mdD/B6rBWrzUIil3neok/+HQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJD8YgAXzvNcfVZXnQT5a5awxUxfMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEva1B4aUFCZk84MXg5VmxlZEJQbHJsckRGVEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQALQw8AwQA
LYBPAwQALY2yAwQAXb72MA0EAgACMAcDBQAqD30DMA0GCSqGSIb3DQEBCwUAA4IB
AQC1rbOY8oIo6moi/Gl8y04AF9LmSNfCsgZClHzjpT53HwoOuu1T/JZpjK7ZEbwD
lGPdVFibPTEe6pdCD7UkIX6ZdihL/vhKmmoh8ZH7lpXI4yK7tOEfqB9cZIIleujw
7zCLzPwEL6kvT9ioAozTmaIvruNncaL0GrPraWiGwZVOtSa1oToxfKU0fI9LHUql
VyhkJh7H1m+8TYTxtkDQ+dZb/ziS9T7dwatSD14qFu0F7+E1F9WyalMsslEPMLSj
QBaF1g88taLbeltGDHQIHgQQXeoZ1jMVIDiFquCFp4E8IKEFyoVGJQUvSKCR1rbi
bOokdFL1cxcO81b0Ab8IsgHu
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:04:47 2025 by rpki-client