Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/XisI7mDJ23DNxBHsWYzusGqU5-Y.roa
File: XisI7mDJ23DNxBHsWYzusGqU5-Y.roa (raw, json)
Hash identifier: AJLyaIAcy7pZW/enQQHxJmZexaCMykrYz+o9eUHHPJo=
Subject key identifier: 5E:2B:08:EE:60:C9:DB:70:CD:C4:11:EC:59:8C:EE:B0:6A:94:E7:E6
Certificate issuer: /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial: 019396A8DFC59743DB725B736281E7132E4E
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/XisI7mDJ23DNxBHsWYzusGqU5-Y.roa
Signing time: Thu 05 Dec 2024 11:51:09 +0000
ROA not before: Thu 05 Dec 2024 11:51:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212372
IP address blocks: 45.132.56.0/24 maxlen: 24
45.132.57.0/24 maxlen: 24
45.132.58.0/24 maxlen: 24
45.132.59.0/24 maxlen: 24
160.238.124.0/23 maxlen: 23
160.238.126.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:96:a8:df:c5:97:43:db:72:5b:73:62:81:e7:13:2e:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Validity
Not Before: Dec 5 11:51:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5e2b08ee60c9db70cdc411ec598ceeb06a94e7e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:5b:a5:62:14:30:b5:cc:32:cb:05:51:b0:c0:
11:fa:e0:1b:6f:bc:13:ff:58:07:42:33:4b:13:03:
86:6a:8a:16:f4:b7:35:58:a3:01:b7:4c:c0:8a:7d:
34:3f:67:d6:f5:ea:bb:f6:a0:e3:22:e9:65:1c:03:
f3:fb:c7:45:6c:f5:fd:f1:1d:77:e1:ed:dc:14:05:
be:be:15:6d:cc:b5:72:29:19:91:8e:f3:2a:57:b6:
e9:26:db:16:be:b5:9e:a5:39:79:c7:19:1d:a9:0b:
cd:f7:83:21:8e:e6:cc:93:ca:ad:2d:3b:8c:4e:16:
cd:36:03:79:1c:3e:9b:69:0c:ff:76:2d:b9:35:e0:
0b:1e:1a:e7:bc:ec:52:05:53:5f:11:88:74:2e:ae:
94:7f:d7:48:50:4e:a6:c7:d3:a0:0c:51:b0:9c:cd:
86:d7:83:4a:55:f7:1b:fd:13:df:dd:bf:45:d9:3a:
25:3f:80:d7:e4:ec:29:1f:26:f2:02:91:d9:b1:a6:
2e:fd:53:b0:8f:1e:55:a1:bb:b6:da:1c:4c:95:cb:
47:5f:53:23:c7:5b:e3:63:d2:13:6a:53:00:bf:2d:
f8:69:b1:5a:e5:a1:47:eb:87:de:8c:ae:d2:a8:41:
99:bb:11:a8:03:12:43:85:1e:5f:f1:c2:04:bd:d3:
81:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:2B:08:EE:60:C9:DB:70:CD:C4:11:EC:59:8C:EE:B0:6A:94:E7:E6
X509v3 Authority Key Identifier:
keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/XisI7mDJ23DNxBHsWYzusGqU5-Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.132.56.0/22
160.238.124.0/22
Signature Algorithm: sha256WithRSAEncryption
3c:ef:9e:95:c5:0f:0e:e4:94:cd:ef:cb:34:d1:8b:aa:7e:25:
42:3b:ae:8d:44:c1:f3:02:47:93:c2:32:d3:ed:f4:e4:73:7d:
80:51:97:89:12:39:e0:66:a3:20:2b:55:08:e6:15:5c:1f:d8:
56:e7:f7:de:c8:65:8d:9b:86:b8:f1:b4:92:55:da:49:18:2b:
01:90:f9:b5:01:90:99:c0:84:0f:8d:4a:32:4b:94:26:7c:24:
69:cc:00:21:1a:04:23:65:08:31:9e:a8:d8:93:4b:4c:85:4a:
7a:3e:b0:f1:05:82:c5:40:e3:f6:e1:15:1c:bc:11:22:4f:99:
a2:af:58:53:c6:8a:ec:d1:41:24:e2:61:d8:fa:0f:e7:80:a1:
7f:4e:4a:47:4e:89:81:7c:4b:e9:7f:24:8e:3c:71:68:ae:d7:
59:ac:0d:c1:62:9a:bb:1e:e6:a2:9b:65:20:50:e3:6c:9c:80:
71:8b:50:1a:b1:92:5e:59:d1:17:5c:57:2d:b4:77:b4:65:5b:
d3:0b:b2:6e:5b:c9:76:fa:a0:06:de:fc:55:e9:96:d4:29:fb:
47:23:ff:19:d9:c0:77:ac:e9:c1:a6:20:de:34:46:f1:96:2d:
47:d0:c7:6e:ee:fe:ee:c4:56:2c:aa:2f:d9:42:b8:88:fd:de:
35:6c:da:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZOWqN/Fl0PbcltzYoHnEy5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQxMjA1MTE1MTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJiMDhlZTYwYzlkYjcwY2RjNDExZWM1OThjZWViMDZhOTRlN2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1ulYhQwtcwyywVRsMAR+uAbb7wT
/1gHQjNLEwOGaooW9Lc1WKMBt0zAin00P2fW9eq79qDjIullHAPz+8dFbPX98R13
4e3cFAW+vhVtzLVyKRmRjvMqV7bpJtsWvrWepTl5xxkdqQvN94MhjubMk8qtLTuM
ThbNNgN5HD6baQz/di25NeALHhrnvOxSBVNfEYh0Lq6Uf9dIUE6mx9OgDFGwnM2G
14NKVfcb/RPf3b9F2TolP4DX5OwpHybyApHZsaYu/VOwjx5Vobu22hxMlctHX1Mj
x1vjY9ITalMAvy34abFa5aFH64fejK7SqEGZuxGoAxJDhR5f8cIEvdOBnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF4rCO5gydtwzcQR7FmM7rBqlOfmMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvWGlzSTdtREoyM0ROeEJIc1dZenVzR3FVNS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYQ4AwQC
oO58MA0GCSqGSIb3DQEBCwUAA4IBAQA8756VxQ8O5JTN78s00YuqfiVCO66NRMHz
AkeTwjLT7fTkc32AUZeJEjngZqMgK1UI5hVcH9hW5/feyGWNm4a48bSSVdpJGCsB
kPm1AZCZwIQPjUoyS5QmfCRpzAAhGgQjZQgxnqjYk0tMhUp6PrDxBYLFQOP24RUc
vBEiT5mir1hTxors0UEk4mHY+g/ngKF/TkpHTomBfEvpfySOPHFortdZrA3BYpq7
Huaim2UgUONsnIBxi1AasZJeWdEXXFcttHe0ZVvTC7JuW8l2+qAG3vxV6ZbUKftH
I/8Z2cB3rOnBpiDeNEbxli1H0Mdu7v7uxFYsqi/ZQriI/d41bNrV
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:43:31 2025 by rpki-client