Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/nvUCkZriCKDHDGevAkRCeu7ze2M.roa
File: nvUCkZriCKDHDGevAkRCeu7ze2M.roa (raw, json)
Hash identifier: OzFo2hdRcbX3JKFctab9eA3hzN0tcu0gDM377hVpzDo=
Subject key identifier: 9E:F5:02:91:9A:E2:08:A0:C7:0C:67:AF:02:44:42:7A:EE:F3:7B:63
Certificate issuer: /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial: 01856CEF3382BCA90EB7C246987E46F0B3D7
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/nvUCkZriCKDHDGevAkRCeu7ze2M.roa
Signing time: Sun 01 Jan 2023 10:44:53 +0000
ROA not before: Sun 01 Jan 2023 10:44:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 979
IP address blocks: 45.145.228.0/24 maxlen: 24
45.145.229.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ef:33:82:bc:a9:0e:b7:c2:46:98:7e:46:f0:b3:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Validity
Not Before: Jan 1 10:44:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9ef502919ae208a0c70c67af0244427aeef37b63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:3a:f0:84:3d:8e:07:f7:f7:fa:86:50:38:d9:
56:c6:5f:98:e0:25:45:87:a2:1c:87:d6:04:57:f0:
5c:73:11:e2:eb:9b:70:46:e3:6d:b2:32:c0:12:f2:
51:56:a8:63:87:a6:e6:6c:04:75:62:1c:bd:5d:ed:
d2:cb:b8:3f:5e:c5:f4:60:e4:a3:75:43:3d:65:f4:
59:2c:a8:c6:72:24:57:38:9b:fe:38:91:0d:37:09:
55:cb:97:e9:6a:f5:19:b1:57:c7:c0:e3:6c:fe:b5:
9c:ed:c6:a0:04:1c:c5:57:96:01:f3:0c:45:34:45:
f5:46:0b:5e:1c:48:c1:39:56:0f:08:27:18:ff:c6:
21:e3:2f:44:49:f4:1d:13:3f:ad:39:8e:d0:e3:e9:
b8:02:f5:1f:cb:bc:4f:24:ab:55:09:51:12:6e:a6:
a4:c8:3b:1e:d6:60:13:f1:e9:96:21:a2:07:14:1e:
92:70:fd:0a:30:bb:71:e0:38:cb:c1:fd:fe:cf:2a:
7e:3c:7f:f4:bf:b2:1c:c7:4b:1e:a9:7b:ce:02:25:
97:af:21:f0:be:d0:be:43:c1:6b:4a:ed:21:83:57:
ce:fd:0b:c0:c3:43:ed:d6:a7:7a:a4:64:5b:ad:67:
8f:ef:5e:07:be:8e:3f:1a:32:1e:f7:5b:33:56:2f:
bf:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:F5:02:91:9A:E2:08:A0:C7:0C:67:AF:02:44:42:7A:EE:F3:7B:63
X509v3 Authority Key Identifier:
keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/nvUCkZriCKDHDGevAkRCeu7ze2M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.145.228.0/23
Signature Algorithm: sha256WithRSAEncryption
4e:f0:6b:64:5d:07:5c:c5:7a:e6:1c:f2:e7:76:67:ec:34:fc:
27:d6:b0:c7:ce:9c:eb:8b:a7:0f:f8:d9:6b:7b:03:ba:a2:68:
d4:9e:44:e0:db:fb:54:f8:0b:d9:e5:10:5d:ef:69:df:a9:38:
50:5f:92:d6:7a:dd:f7:f4:0a:97:b3:bc:09:7a:1f:87:c3:9b:
af:1b:d4:fe:fb:fa:d5:1a:9f:57:4d:33:2c:7f:b6:ed:37:c0:
ae:ac:96:10:df:1c:92:19:63:0b:d5:25:3b:c0:9c:d6:69:8e:
76:af:d0:d6:e7:5c:fe:f3:a9:3b:18:23:79:a2:98:29:64:30:
33:65:82:09:d9:a7:6d:21:9c:85:3a:4b:92:7d:0b:84:c1:30:
f2:99:e7:89:1b:60:d1:ce:d8:4b:6f:12:a7:bc:57:b3:67:32:
44:f2:8b:a0:7d:c0:ca:d7:af:75:1b:eb:e4:05:66:1c:f4:92:
79:e9:a1:67:82:32:f3:ee:fd:5b:da:51:70:60:89:d2:51:dc:
84:30:5d:54:0d:f4:b2:d6:05:d0:0f:f0:94:da:01:5a:72:7b:
a4:df:bc:b9:56:4c:29:67:a0:b2:fe:36:3a:5a:17:03:55:de:
38:99:6e:4f:2f:60:2e:95:81:79:41:96:74:d3:e4:f2:12:d0:
7b:97:a9:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs7zOCvKkOt8JGmH5G8LPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjMwMTAxMTA0NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY1MDI5MTlhZTIwOGEwYzcwYzY3YWYwMjQ0NDI3YWVlZjM3YjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDrwhD2OB/f3+oZQONlWxl+Y4CVF
h6Ich9YEV/BccxHi65twRuNtsjLAEvJRVqhjh6bmbAR1Yhy9Xe3Sy7g/XsX0YOSj
dUM9ZfRZLKjGciRXOJv+OJENNwlVy5fpavUZsVfHwONs/rWc7cagBBzFV5YB8wxF
NEX1RgteHEjBOVYPCCcY/8Yh4y9ESfQdEz+tOY7Q4+m4AvUfy7xPJKtVCVESbqak
yDse1mAT8emWIaIHFB6ScP0KMLtx4DjLwf3+zyp+PH/0v7Icx0seqXvOAiWXryHw
vtC+Q8FrSu0hg1fO/QvAw0Pt1qd6pGRbrWeP714Hvo4/GjIe91szVi+/KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ71ApGa4gigxwxnrwJEQnru83tjMB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvbnZVQ2tacmlDS0RIREdldkFrUkNldTd6ZTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZHkMA0G
CSqGSIb3DQEBCwUAA4IBAQBO8GtkXQdcxXrmHPLndmfsNPwn1rDHzpzri6cP+Nlr
ewO6omjUnkTg2/tU+AvZ5RBd72nfqThQX5LWet339AqXs7wJeh+Hw5uvG9T++/rV
Gp9XTTMsf7btN8CurJYQ3xySGWML1SU7wJzWaY52r9DW51z+86k7GCN5opgpZDAz
ZYIJ2adtIZyFOkuSfQuEwTDymeeJG2DRzthLbxKnvFezZzJE8ougfcDK1691G+vk
BWYc9JJ56aFngjLz7v1b2lFwYInSUdyEMF1UDfSy1gXQD/CU2gFacnuk37y5Vkwp
Z6Cy/jY6WhcDVd44mW5PL2AulYF5QZZ00+TyEtB7l6nL
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:29:33 2025 by rpki-client