Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/2VzjCE-wLq9465sS27wHs-lXLTc.roa
File: 2VzjCE-wLq9465sS27wHs-lXLTc.roa (raw, json)
Hash identifier: rabgDduiR2gecUVe4Oc+WnJ6aNyeclrbC481y/obol0=
Subject key identifier: D9:5C:E3:08:4F:B0:2E:AF:78:EB:9B:12:DB:BC:07:B3:E9:57:2D:37
Certificate issuer: /CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Certificate serial: 019423D7CD94A0241706843A4A2A853D2010
Authority key identifier: E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/2VzjCE-wLq9465sS27wHs-lXLTc.roa
Signing time: Wed 01 Jan 2025 21:48:52 +0000
ROA not before: Wed 01 Jan 2025 21:48:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56339
IP address blocks: 45.149.152.0/22 maxlen: 22
45.149.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:cd:94:a0:24:17:06:84:3a:4a:2a:85:3d:20:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Validity
Not Before: Jan 1 21:48:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d95ce3084fb02eaf78eb9b12dbbc07b3e9572d37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:8c:63:2e:c1:11:85:e2:57:99:e1:d6:5c:cb:
57:29:9b:3f:2f:b2:23:34:55:57:12:3e:a2:7a:56:
16:fd:79:13:5a:74:22:f7:d3:77:92:e1:a6:fb:cd:
23:6f:f6:d5:73:13:4c:ed:21:c2:78:60:75:ea:24:
ac:07:29:c3:3a:e2:c3:eb:94:f0:aa:75:2e:5b:19:
e4:b8:f3:e0:99:6e:d5:0c:25:c1:9e:d2:ba:89:0f:
e2:0b:6c:d4:21:79:fb:d2:c2:ae:09:c1:f9:5b:f6:
9c:3c:55:74:5c:0e:d5:1b:1d:e7:73:50:40:fc:01:
0c:87:a6:64:84:76:5a:dc:19:7a:17:3b:2e:cb:f4:
b1:31:50:1b:57:94:9f:4d:92:8e:11:a4:cd:c9:97:
d9:35:62:f6:e7:4c:87:61:3d:c6:90:97:3d:61:42:
75:39:5c:c4:79:46:a0:4c:62:0b:eb:bb:fb:ac:2c:
43:99:77:a5:51:c2:8c:ca:fa:25:93:3d:07:04:73:
27:1f:01:c7:2b:da:e9:5c:fc:07:54:83:2a:8a:47:
db:32:ee:01:19:46:08:09:d5:59:e9:50:4e:33:51:
84:09:75:73:cb:86:df:d8:af:5f:b8:5b:e5:84:17:
e5:0e:6d:71:96:1a:34:32:62:20:1c:2f:64:92:df:
49:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:5C:E3:08:4F:B0:2E:AF:78:EB:9B:12:DB:BC:07:B3:E9:57:2D:37
X509v3 Authority Key Identifier:
keyid:E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/2VzjCE-wLq9465sS27wHs-lXLTc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/55XJYXylpqO_8mP8GDeZL9GsR_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.152.0/22
Signature Algorithm: sha256WithRSAEncryption
38:80:0e:4c:d2:e1:6f:50:bd:c2:e4:4f:f1:b4:71:7d:5b:e7:
67:fe:df:d3:1d:ac:32:37:ed:95:3a:1d:d0:3f:00:4e:39:34:
76:66:df:6f:03:b9:81:d4:0b:34:41:fc:71:c6:be:0f:c6:70:
ab:99:0b:e4:4e:9e:30:b5:5d:8b:5d:f6:c1:87:6b:8c:eb:be:
81:27:e9:25:75:0e:55:d7:4d:cf:22:d1:5e:b5:a7:45:c4:15:
d3:93:b7:b7:89:b4:b6:d5:63:4d:5e:70:84:98:29:9c:17:3c:
9d:93:04:19:37:69:6e:f9:5e:87:2a:89:a7:32:88:8d:69:33:
2d:e7:32:53:68:37:91:dc:6e:2f:a3:b4:5d:97:c2:03:00:56:
67:8c:e3:68:30:cf:78:0b:31:41:3b:40:24:2e:06:00:18:4c:
07:69:33:42:9f:03:06:f0:f0:5b:35:0d:c9:c0:8e:3e:b7:66:
0a:b9:35:96:c0:8d:3d:10:1e:28:5c:d0:ca:c2:e8:e0:34:6f:
63:3b:33:b8:2c:3d:30:22:a0:0c:55:e6:0c:8b:aa:86:89:d9:
2e:26:01:5f:bc:54:80:ef:5c:51:c4:78:0e:22:d4:15:e8:ae:
37:5d:f4:a3:a8:19:f0:2f:1a:a3:28:48:f0:ba:32:05:f2:fe:
4e:80:73:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj182UoCQXBoQ6SiqFPSAQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OTVjOTYxN2NhNWE2YTNiZmYyNjNmYzE4Mzc5OTJmZDFh
YzQ3ZjIwHhcNMjUwMTAxMjE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTVjZTMwODRmYjAyZWFmNzhlYjliMTJkYmJjMDdiM2U5NTcyZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoxjLsERheJXmeHWXMtXKZs/L7Ij
NFVXEj6ielYW/XkTWnQi99N3kuGm+80jb/bVcxNM7SHCeGB16iSsBynDOuLD65Tw
qnUuWxnkuPPgmW7VDCXBntK6iQ/iC2zUIXn70sKuCcH5W/acPFV0XA7VGx3nc1BA
/AEMh6ZkhHZa3Bl6Fzsuy/SxMVAbV5SfTZKOEaTNyZfZNWL250yHYT3GkJc9YUJ1
OVzEeUagTGIL67v7rCxDmXelUcKMyvolkz0HBHMnHwHHK9rpXPwHVIMqikfbMu4B
GUYICdVZ6VBOM1GECXVzy4bf2K9fuFvlhBflDm1xlho0MmIgHC9kkt9JLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlc4whPsC6veOubEtu8B7PpVy03MB8GA1UdIwQY
MBaAFOeVyWF8paajv/Jj/Bg3mS/RrEfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYt
ZDU0MGRmODg2YmFiLzEvMlZ6akNFLXdMcTk0NjVzUzI3d0hzLWxYTFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYtZDU0MGRmODg2YmFi
LzEvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZWYMA0G
CSqGSIb3DQEBCwUAA4IBAQA4gA5M0uFvUL3C5E/xtHF9W+dn/t/THawyN+2VOh3Q
PwBOOTR2Zt9vA7mB1As0Qfxxxr4PxnCrmQvkTp4wtV2LXfbBh2uM676BJ+kldQ5V
103PItFetadFxBXTk7e3ibS21WNNXnCEmCmcFzydkwQZN2lu+V6HKomnMoiNaTMt
5zJTaDeR3G4vo7Rdl8IDAFZnjONoMM94CzFBO0AkLgYAGEwHaTNCnwMG8PBbNQ3J
wI4+t2YKuTWWwI09EB4oXNDKwujgNG9jOzO4LD0wIqAMVeYMi6qGidkuJgFfvFSA
71xRxHgOItQV6K43XfSjqBnwLxqjKEjwujIF8v5OgHPh
-----END CERTIFICATE-----
Generated at Tue Apr 15 13:57:32 2025 by rpki-client