Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/Nhe3LGrO-Zx0fMKUFSEijBRNq-o.roa
File: Nhe3LGrO-Zx0fMKUFSEijBRNq-o.roa (raw, json)
Hash identifier: nXCjqPEVf9CjHKBDB4HYQhTHS5In/0wwQcNPSPPTm58=
Subject key identifier: 36:17:B7:2C:6A:CE:F9:9C:74:7C:C2:94:15:21:22:8C:14:4D:AB:EA
Certificate issuer: /CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Certificate serial: 019423D7CDDBDF63285E4AC288108A2CCA00
Authority key identifier: E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/Nhe3LGrO-Zx0fMKUFSEijBRNq-o.roa
Signing time: Wed 01 Jan 2025 21:48:53 +0000
ROA not before: Wed 01 Jan 2025 21:48:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208275
IP address blocks: 45.149.152.0/22 maxlen: 22
45.149.152.0/24 maxlen: 24
45.149.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:cd:db:df:63:28:5e:4a:c2:88:10:8a:2c:ca:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Validity
Not Before: Jan 1 21:48:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3617b72c6acef99c747cc2941521228c144dabea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:0d:14:b8:b8:b2:1b:36:a9:96:3d:e0:dc:d9:
32:b2:6f:00:4f:25:30:7d:45:ed:cb:e1:5c:bf:4f:
38:47:de:e9:e1:50:bd:38:4e:20:9e:dd:62:4f:1f:
d6:3a:50:d1:c8:63:9a:9a:fb:30:ca:a2:a9:3e:c0:
4d:22:36:b2:16:27:fd:e0:c2:b8:17:2a:22:74:d8:
c5:f6:d2:66:05:fc:0c:30:87:13:5a:50:32:1d:5c:
f5:1e:49:04:e1:c9:4d:21:ef:5b:5a:a5:ae:1e:0a:
6f:76:23:60:ac:73:13:e7:43:9f:0f:20:ab:ea:1d:
22:e2:67:2f:a9:90:7d:53:3b:e9:c4:6f:1f:c2:47:
14:27:2c:d5:2b:7e:94:ca:21:4a:b7:73:89:25:40:
2e:66:b4:39:e5:1d:50:a6:44:9d:3d:e0:1d:94:ee:
9f:7b:6b:dc:75:f3:38:4b:99:64:55:e5:b9:7a:db:
08:45:5a:00:d0:db:16:a2:dc:ee:7d:be:0a:d7:65:
6f:26:da:8f:fd:73:ad:b9:fe:67:a6:95:e4:db:bc:
34:7c:45:d2:2b:37:aa:4a:61:51:3d:14:b8:9b:c7:
75:4a:e5:11:de:c8:09:3e:82:57:e4:1f:6f:19:bb:
f1:39:34:9d:c0:f5:24:6c:77:9c:7d:ca:51:74:6d:
02:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:17:B7:2C:6A:CE:F9:9C:74:7C:C2:94:15:21:22:8C:14:4D:AB:EA
X509v3 Authority Key Identifier:
keyid:E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/Nhe3LGrO-Zx0fMKUFSEijBRNq-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/55XJYXylpqO_8mP8GDeZL9GsR_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.152.0/22
Signature Algorithm: sha256WithRSAEncryption
04:b0:ad:dc:93:42:d3:69:bf:ab:99:90:00:97:69:a3:ea:a8:
b2:b4:17:9b:66:d5:fa:e5:08:f3:0b:a7:d5:04:2a:ea:ff:95:
e1:20:fd:56:83:43:ec:5e:52:0f:a7:9d:76:5b:93:93:ff:dd:
0a:bd:65:1b:ef:0d:f3:57:5c:1b:89:4c:49:dc:d1:55:d6:b5:
5a:c1:ef:08:f3:9b:f2:71:ce:5f:9b:0e:bc:10:af:11:af:55:
fa:ce:a9:d3:fe:79:a0:8c:37:1e:f9:03:04:d4:e6:df:b4:8e:
6d:89:66:0d:64:6f:22:f2:e9:68:a0:eb:f5:1d:6c:e1:15:14:
8b:d7:32:0a:89:30:59:5a:5c:84:c0:75:82:4a:a4:5b:23:31:
3d:75:05:f7:7f:12:c5:24:73:94:da:fd:d5:a7:bb:e5:97:fc:
26:ed:5a:f0:b8:bc:07:4a:3e:13:ab:26:f6:44:bb:41:c2:a6:
fe:5a:a1:cb:f0:9a:60:71:8a:c8:5d:39:38:b3:4f:40:40:41:
1c:b1:2d:19:86:24:14:ec:b6:ec:e5:bf:da:b8:4a:fa:01:3c:
78:00:4b:70:d9:c5:20:59:ef:67:08:f8:51:9e:ce:9e:b2:d7:
2c:f8:cc:76:ae:65:53:43:2c:ee:f9:ba:7c:f5:4c:dd:58:e2:
59:fe:39:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj183b32MoXkrCiBCKLMoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OTVjOTYxN2NhNWE2YTNiZmYyNjNmYzE4Mzc5OTJmZDFh
YzQ3ZjIwHhcNMjUwMTAxMjE0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjE3YjcyYzZhY2VmOTljNzQ3Y2MyOTQxNTIxMjI4YzE0NGRhYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtA0UuLiyGzaplj3g3Nkysm8ATyUw
fUXty+Fcv084R97p4VC9OE4gnt1iTx/WOlDRyGOamvswyqKpPsBNIjayFif94MK4
FyoidNjF9tJmBfwMMIcTWlAyHVz1HkkE4clNIe9bWqWuHgpvdiNgrHMT50OfDyCr
6h0i4mcvqZB9UzvpxG8fwkcUJyzVK36UyiFKt3OJJUAuZrQ55R1QpkSdPeAdlO6f
e2vcdfM4S5lkVeW5etsIRVoA0NsWotzufb4K12VvJtqP/XOtuf5nppXk27w0fEXS
KzeqSmFRPRS4m8d1SuUR3sgJPoJX5B9vGbvxOTSdwPUkbHecfcpRdG0C6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYXtyxqzvmcdHzClBUhIowUTavqMB8GA1UdIwQY
MBaAFOeVyWF8paajv/Jj/Bg3mS/RrEfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYt
ZDU0MGRmODg2YmFiLzEvTmhlM0xHck8tWngwZk1LVUZTRWlqQlJOcS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYtZDU0MGRmODg2YmFi
LzEvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZWYMA0G
CSqGSIb3DQEBCwUAA4IBAQAEsK3ck0LTab+rmZAAl2mj6qiytBebZtX65QjzC6fV
BCrq/5XhIP1Wg0PsXlIPp512W5OT/90KvWUb7w3zV1wbiUxJ3NFV1rVawe8I85vy
cc5fmw68EK8Rr1X6zqnT/nmgjDce+QME1ObftI5tiWYNZG8i8ulooOv1HWzhFRSL
1zIKiTBZWlyEwHWCSqRbIzE9dQX3fxLFJHOU2v3Vp7vll/wm7VrwuLwHSj4Tqyb2
RLtBwqb+WqHL8JpgcYrIXTk4s09AQEEcsS0ZhiQU7Lbs5b/auEr6ATx4AEtw2cUg
We9nCPhRns6estcs+Mx2rmVTQyzu+bp89UzdWOJZ/jmn
-----END CERTIFICATE-----
Generated at Tue Apr 15 14:16:15 2025 by rpki-client