Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/tjVmYf6NbOBow5FQiV6eykSkKww.roa
File: tjVmYf6NbOBow5FQiV6eykSkKww.roa (raw, json)
Hash identifier: AjlOwydsuxzy/xsbFCVUzt9S4Rs3+sViSew7daf+Uzc=
Subject key identifier: B6:35:66:61:FE:8D:6C:E0:68:C3:91:50:89:5E:9E:CA:44:A4:2B:0C
Certificate issuer: /CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Certificate serial: 018926657616DA1F4C9AE44B445AC95A89F7
Authority key identifier: E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/tjVmYf6NbOBow5FQiV6eykSkKww.roa
Signing time: Wed 05 Jul 2023 14:12:10 +0000
ROA not before: Wed 05 Jul 2023 14:12:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212238
IP address blocks: 45.149.154.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:26:65:76:16:da:1f:4c:9a:e4:4b:44:5a:c9:5a:89:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e795c9617ca5a6a3bff263fc1837992fd1ac47f2
Validity
Not Before: Jul 5 14:12:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b6356661fe8d6ce068c39150895e9eca44a42b0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:1d:9b:1f:66:81:fb:5a:bf:51:9c:c5:11:63:
42:52:c2:ef:cf:a3:13:bf:1e:17:b2:65:0c:cd:9b:
2b:d7:fa:8c:17:d6:b6:03:29:4c:5b:a4:c4:e8:21:
c0:c1:0e:8b:bd:45:75:49:92:28:78:8b:8d:ef:a2:
2a:16:36:4c:2a:47:97:a2:3d:4b:06:c3:7c:01:75:
1a:0d:99:35:24:61:76:47:8d:63:ad:c1:97:5e:3f:
56:f6:bf:ff:76:77:19:00:03:85:89:18:80:fc:b3:
6f:d1:fa:54:ef:b2:32:db:d7:df:9a:e0:fc:9d:34:
48:f0:4c:5b:fa:1b:b4:d6:67:91:89:da:97:25:a1:
06:cc:54:c3:7e:d0:29:cc:da:02:c4:02:a5:2b:24:
cd:7d:59:fc:89:2e:f6:54:c1:96:49:2e:a9:3a:5a:
24:3f:fc:4a:ce:44:4b:6a:f6:e7:34:c7:c5:c7:79:
50:a4:76:65:f5:50:e0:91:4e:c4:35:11:c4:fa:96:
ca:fe:94:27:ef:14:12:8f:fd:f7:92:5b:6f:ff:ec:
58:42:1e:02:c7:b1:a9:1c:1f:cb:e7:05:f2:e9:c0:
3e:48:49:12:fb:74:b0:db:7f:70:7b:03:0a:3f:61:
96:66:f0:48:e6:77:be:01:c1:e7:87:24:d8:d8:26:
91:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:35:66:61:FE:8D:6C:E0:68:C3:91:50:89:5E:9E:CA:44:A4:2B:0C
X509v3 Authority Key Identifier:
keyid:E7:95:C9:61:7C:A5:A6:A3:BF:F2:63:FC:18:37:99:2F:D1:AC:47:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/55XJYXylpqO_8mP8GDeZL9GsR_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/tjVmYf6NbOBow5FQiV6eykSkKww.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/986dde-5f68-4c21-b546-d540df886bab/1/55XJYXylpqO_8mP8GDeZL9GsR_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.154.0/24
Signature Algorithm: sha256WithRSAEncryption
bd:96:a2:78:72:36:06:50:e3:6b:02:65:fe:c4:30:c1:6e:40:
56:5c:2c:aa:0f:be:cf:91:d4:f0:3b:ca:b2:2e:f7:26:f3:f9:
a0:3c:06:c5:d8:4c:c5:9b:71:66:ea:65:40:cd:38:7c:8f:76:
57:fa:04:70:ca:03:80:ac:76:62:34:a0:d5:35:e5:be:53:02:
90:97:1d:d1:06:65:66:48:08:cc:a1:4b:68:f1:d6:46:d4:51:
1c:3c:e0:84:ac:43:c2:a7:cf:ff:45:63:dd:77:4d:14:79:b9:
50:6b:db:f1:91:23:9d:6d:1a:3e:e2:80:eb:ee:65:bf:2e:9a:
b6:c9:56:8a:d5:45:23:56:91:97:c8:5c:8a:33:c2:85:d5:38:
a2:df:c5:bc:45:ba:4f:d2:a4:c6:b0:17:ac:9b:4c:7a:58:e8:
58:5c:f7:4b:4c:78:25:9f:53:f7:3e:56:ca:8a:6d:eb:a4:8e:
6e:69:77:0e:6b:27:7d:41:fc:11:b5:57:b9:d5:af:e4:65:f2:
22:60:77:51:a3:20:7a:c2:03:36:b8:0d:50:da:9a:a4:fa:0c:
0d:4a:c5:b9:fb:0e:f5:dc:87:8a:55:b7:fb:8e:bf:60:24:e1:
93:c8:59:89:3d:2b:08:9b:8c:54:5e:af:c6:a8:66:c1:83:6e:
3e:16:b4:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYkmZXYW2h9MmuRLRFrJWon3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OTVjOTYxN2NhNWE2YTNiZmYyNjNmYzE4Mzc5OTJmZDFh
YzQ3ZjIwHhcNMjMwNzA1MTQxMjEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjM1NjY2MWZlOGQ2Y2UwNjhjMzkxNTA4OTVlOWVjYTQ0YTQyYjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiB2bH2aB+1q/UZzFEWNCUsLvz6MT
vx4XsmUMzZsr1/qMF9a2AylMW6TE6CHAwQ6LvUV1SZIoeIuN76IqFjZMKkeXoj1L
BsN8AXUaDZk1JGF2R41jrcGXXj9W9r//dncZAAOFiRiA/LNv0fpU77Iy29ffmuD8
nTRI8Exb+hu01meRidqXJaEGzFTDftApzNoCxAKlKyTNfVn8iS72VMGWSS6pOlok
P/xKzkRLavbnNMfFx3lQpHZl9VDgkU7ENRHE+pbK/pQn7xQSj/33kltv/+xYQh4C
x7GpHB/L5wXy6cA+SEkS+3Sw239wewMKP2GWZvBI5ne+AcHnhyTY2CaR1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLY1ZmH+jWzgaMORUIlenspEpCsMMB8GA1UdIwQY
MBaAFOeVyWF8paajv/Jj/Bg3mS/RrEfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYt
ZDU0MGRmODg2YmFiLzEvdGpWbVlmNk5iT0JvdzVGUWlWNmV5a1NrS3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC85ODZkZGUtNWY2OC00YzIxLWI1NDYtZDU0MGRmODg2YmFi
LzEvNTVYSllYeWxwcU9fOG1QOEdEZVpMOUdzUl9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZWaMA0G
CSqGSIb3DQEBCwUAA4IBAQC9lqJ4cjYGUONrAmX+xDDBbkBWXCyqD77PkdTwO8qy
Lvcm8/mgPAbF2EzFm3Fm6mVAzTh8j3ZX+gRwygOArHZiNKDVNeW+UwKQlx3RBmVm
SAjMoUto8dZG1FEcPOCErEPCp8//RWPdd00UeblQa9vxkSOdbRo+4oDr7mW/Lpq2
yVaK1UUjVpGXyFyKM8KF1Tii38W8RbpP0qTGsBesm0x6WOhYXPdLTHgln1P3PlbK
im3rpI5uaXcOayd9QfwRtVe51a/kZfIiYHdRoyB6wgM2uA1Q2pqk+gwNSsW5+w71
3IeKVbf7jr9gJOGTyFmJPSsIm4xUXq/GqGbBg24+FrQy
-----END CERTIFICATE-----
Generated at Tue Apr 15 14:14:42 2025 by rpki-client