Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/5qpfDIYraFcEu6ZR2bf7DOzuFMU.roa
File: 5qpfDIYraFcEu6ZR2bf7DOzuFMU.roa (raw, json)
Hash identifier: JjgaE5nyccgw1T9ziYzBsoIORBkQSKB1IX1+HS/WT9M=
Subject key identifier: E6:AA:5F:0C:86:2B:68:57:04:BB:A6:51:D9:B7:FB:0C:EC:EE:14:C5
Certificate issuer: /CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Certificate serial: 018CC56DFDF7161AD5C6EDF3068DCEB75927
Authority key identifier: E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/5qpfDIYraFcEu6ZR2bf7DOzuFMU.roa
Signing time: Mon 01 Jan 2024 14:29:29 +0000
ROA not before: Mon 01 Jan 2024 14:29:29 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 45.149.153.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6d:fd:f7:16:1a:d5:c6:ed:f3:06:8d:ce:b7:59:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Validity
Not Before: Jan 1 14:29:29 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e6aa5f0c862b685704bba651d9b7fb0cecee14c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:46:d1:59:ac:c5:f0:cf:2c:4d:a7:c3:36:f5:
6b:3a:d3:1b:84:08:ba:5a:6c:4a:7c:21:85:95:af:
ff:ee:1e:cb:87:8f:c0:19:ec:53:c4:ee:e3:94:08:
fc:c7:ff:bd:a2:dc:a6:6f:24:18:58:a0:fd:a9:e0:
2c:76:a3:83:73:1b:ea:cd:0f:60:fd:67:37:74:6c:
71:e8:dd:d0:19:cd:8d:1b:c4:39:71:1c:b0:85:4d:
30:1a:95:0d:aa:7c:85:f9:27:01:13:28:5f:fc:6a:
98:63:6f:ce:cd:ee:43:c5:12:55:b9:53:f7:34:b4:
f7:5c:35:2f:3b:0e:fb:60:99:80:78:4c:31:b8:89:
df:c4:42:32:c4:f7:49:70:4e:a2:e4:04:ca:89:a2:
56:28:de:22:42:d5:36:34:14:15:05:4b:d9:8f:73:
a6:33:30:89:1b:c6:6d:16:6f:cd:3d:f0:e8:03:52:
1a:c6:6b:a5:de:2d:28:70:ee:ae:c1:0f:47:45:73:
47:41:b3:e9:91:4b:5b:98:7e:71:1c:42:ad:1b:ac:
87:ed:22:39:5f:8a:4c:05:71:02:62:4f:0f:7d:6f:
95:b1:0f:65:16:58:be:5b:6a:db:eb:27:2d:63:1f:
88:ea:75:d3:76:3b:5d:69:43:d8:38:ff:f6:08:5d:
7c:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:AA:5F:0C:86:2B:68:57:04:BB:A6:51:D9:B7:FB:0C:EC:EE:14:C5
X509v3 Authority Key Identifier:
keyid:E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/5qpfDIYraFcEu6ZR2bf7DOzuFMU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/55XJYXylpqO_8mP8GDeZL9GsR_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.153.0/24
Signature Algorithm: sha256WithRSAEncryption
e0:d5:c7:f9:8c:09:e1:42:83:7b:e4:2e:b4:88:2a:fe:69:fb:
60:f0:b6:8d:97:c7:e5:97:ec:33:9e:02:02:32:d9:92:0d:b1:
84:d7:b5:32:30:ef:36:63:52:8b:10:7b:e7:fa:fe:4f:3b:b3:
ce:77:06:6a:d1:12:8f:d4:95:ad:db:29:e7:26:0d:d8:55:f1:
6d:c5:f6:a7:23:7d:ec:29:c0:07:ea:73:2e:c9:86:ec:fa:89:
34:d1:30:d2:9e:86:fa:ea:12:eb:78:9a:62:a2:3f:aa:14:e4:
94:8d:9c:82:eb:e2:eb:bc:48:fd:e6:2b:74:49:c6:aa:b7:fa:
3b:8b:ab:a0:6a:eb:6e:b2:21:55:3b:63:5b:6d:35:3c:b0:c6:
c8:cd:52:c1:b1:e4:be:9e:5f:be:52:fd:60:af:5c:ea:b9:c1:
3e:55:d4:ee:75:89:45:a2:d8:9a:f3:bf:e0:53:1c:42:93:72:
cc:a0:d3:67:9d:d8:0b:a5:00:df:c1:c5:43:8a:af:43:e7:73:
7c:bf:23:e2:e8:f8:33:30:72:29:52:3d:79:58:07:92:0f:97:
2a:57:68:95:53:58:39:24:32:14:4f:3a:cb:6d:64:0e:51:47:
c6:69:f8:47:a6:c6:88:ba:dc:20:52:73:e9:18:c1:d9:42:aa:
f4:5f:64:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf33FhrVxu3zBo3Ot1knMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OTVjOTYxN2NhNWE2YTNiZmYyNjNmYzE4Mzc5OTJmZDFh
YzQ3ZjIwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmFhNWYwYzg2MmI2ODU3MDRiYmE2NTFkOWI3ZmIwY2VjZWUxNGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkbRWazF8M8sTafDNvVrOtMbhAi6
WmxKfCGFla//7h7Lh4/AGexTxO7jlAj8x/+9otymbyQYWKD9qeAsdqODcxvqzQ9g
/Wc3dGxx6N3QGc2NG8Q5cRywhU0wGpUNqnyF+ScBEyhf/GqYY2/Oze5DxRJVuVP3
NLT3XDUvOw77YJmAeEwxuInfxEIyxPdJcE6i5ATKiaJWKN4iQtU2NBQVBUvZj3Om
MzCJG8ZtFm/NPfDoA1Iaxmul3i0ocO6uwQ9HRXNHQbPpkUtbmH5xHEKtG6yH7SI5
X4pMBXECYk8PfW+VsQ9lFli+W2rb6yctYx+I6nXTdjtdaUPYOP/2CF18DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaqXwyGK2hXBLumUdm3+wzs7hTFMB8GA1UdIwQY
MBaAFOeVyWF8paajv/Jj/Bg3mS/RrEfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYt
ZDU0MGRmODg2YmFiLzEvNXFwZkRJWXJhRmNFdTZaUjJiZjdET3p1Rk1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYtZDU0MGRmODg2YmFi
LzEvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZWZMA0G
CSqGSIb3DQEBCwUAA4IBAQDg1cf5jAnhQoN75C60iCr+aftg8LaNl8fll+wzngIC
MtmSDbGE17UyMO82Y1KLEHvn+v5PO7POdwZq0RKP1JWt2ynnJg3YVfFtxfanI33s
KcAH6nMuyYbs+ok00TDSnob66hLreJpioj+qFOSUjZyC6+LrvEj95it0Scaqt/o7
i6ugautusiFVO2NbbTU8sMbIzVLBseS+nl++Uv1gr1zqucE+VdTudYlFotia87/g
UxxCk3LMoNNnndgLpQDfwcVDiq9D53N8vyPi6PgzMHIpUj15WAeSD5cqV2iVU1g5
JDIUTzrLbWQOUUfGafhHpsaIutwgUnPpGMHZQqr0X2Rd
-----END CERTIFICATE-----
Generated at Tue Apr 15 14:10:28 2025 by rpki-client