Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/qjcXM62J3fR9V-Zb05_Fm76U1YI.roa
File: qjcXM62J3fR9V-Zb05_Fm76U1YI.roa (raw, json)
Hash identifier: gIZtl8qAb+eS+LR3nIlWG409rAsxYLhIsfdcQ8N/36A=
Subject key identifier: AA:37:17:33:AD:89:DD:F4:7D:57:E6:5B:D3:9F:C5:9B:BE:94:D5:82
Certificate issuer: /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial: 01856CEF35EB9D39A6D36E2E118223B8AFAA
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/qjcXM62J3fR9V-Zb05_Fm76U1YI.roa
Signing time: Sun 01 Jan 2023 10:44:54 +0000
ROA not before: Sun 01 Jan 2023 10:44:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 22769
IP address blocks: 45.138.68.0/24 maxlen: 24
45.138.69.0/24 maxlen: 24
45.138.70.0/24 maxlen: 24
45.138.71.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ef:35:eb:9d:39:a6:d3:6e:2e:11:82:23:b8:af:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Validity
Not Before: Jan 1 10:44:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aa371733ad89ddf47d57e65bd39fc59bbe94d582
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:f7:f4:9f:70:b0:63:9d:7b:be:67:4d:e7:99:
f3:a5:de:bb:24:61:ec:f8:88:fb:6e:5a:9d:ca:7f:
95:d7:88:21:f9:a8:62:56:7a:a0:64:cc:38:6c:25:
9c:5f:73:a2:38:4a:78:1e:ce:ee:c9:a9:03:f6:7f:
07:c0:ba:9f:b5:56:70:75:49:08:0c:86:6d:6f:5e:
69:45:e4:81:39:32:79:37:be:17:7e:f1:cd:03:a9:
2c:63:5b:bd:8f:23:1b:6c:cb:99:8f:64:d4:0d:71:
29:c3:ee:1d:c7:21:fc:68:ec:eb:c2:88:bd:c1:62:
bb:6c:b5:97:8a:54:84:9c:87:f2:16:ce:08:6a:41:
41:ac:63:3c:13:a0:35:ec:bb:95:95:08:e4:19:c5:
92:b8:6c:98:5a:75:e5:fa:76:b6:df:7b:4f:93:7b:
65:c7:f5:66:a8:39:52:96:62:28:32:17:fb:cd:3c:
0e:65:ad:ac:e7:62:86:6f:85:dc:4b:e8:15:45:2e:
60:56:96:83:a2:fd:fd:80:71:b9:1b:cc:fc:0c:64:
b1:68:65:b2:2f:e6:02:ab:e1:d0:f8:5e:5a:50:32:
96:cf:83:2f:38:1b:a4:8d:45:96:e5:57:1a:13:eb:
60:e3:35:ec:64:67:9c:01:1a:97:29:ca:90:b2:d6:
ac:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:37:17:33:AD:89:DD:F4:7D:57:E6:5B:D3:9F:C5:9B:BE:94:D5:82
X509v3 Authority Key Identifier:
keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/qjcXM62J3fR9V-Zb05_Fm76U1YI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.138.68.0/22
Signature Algorithm: sha256WithRSAEncryption
b0:fb:31:6b:e7:92:31:99:46:34:cb:7f:49:c6:de:70:0f:54:
9e:9b:42:e3:ee:3a:1f:db:82:4b:d5:8a:8e:be:2d:71:7e:86:
61:43:b0:0b:b4:43:c4:1f:8d:08:a7:50:3a:1d:90:5d:2e:0b:
d3:de:57:14:38:f6:ed:f5:96:0a:3c:27:18:09:82:05:25:c9:
61:92:38:60:07:12:96:bc:cc:4f:9c:86:90:f2:49:86:9f:1c:
f9:e9:c3:03:d0:3c:e6:4e:4a:f3:ca:cc:16:c3:83:5c:f3:ca:
2f:d3:ae:1d:7e:7a:86:9f:64:51:61:3f:a3:a8:73:37:25:d3:
fd:9b:2d:05:97:34:90:39:23:66:95:38:2e:5c:44:40:fb:d3:
8b:b5:eb:90:78:53:e6:85:84:89:b3:b1:3a:cd:1f:2b:39:7c:
24:2f:3b:51:62:ed:f2:2c:bf:3f:90:dc:21:bd:4b:e4:cd:85:
68:ca:97:44:7c:f5:47:7c:a4:d0:bb:a1:63:f0:77:5d:0c:78:
e7:3c:99:82:87:b1:97:53:48:60:c5:53:6a:71:e2:27:a3:91:
e4:f7:b3:f7:5d:f9:0c:74:d9:48:fd:09:77:1c:f6:bf:13:38:
dc:7f:b8:87:40:f3:21:02:e8:c8:28:d3:fb:2e:e7:45:bc:79:
6e:83:97:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs7zXrnTmm024uEYIjuK+qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjMwMTAxMTA0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTM3MTczM2FkODlkZGY0N2Q1N2U2NWJkMzlmYzU5YmJlOTRkNTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPf0n3CwY517vmdN55nzpd67JGHs
+Ij7blqdyn+V14gh+ahiVnqgZMw4bCWcX3OiOEp4Hs7uyakD9n8HwLqftVZwdUkI
DIZtb15pReSBOTJ5N74XfvHNA6ksY1u9jyMbbMuZj2TUDXEpw+4dxyH8aOzrwoi9
wWK7bLWXilSEnIfyFs4IakFBrGM8E6A17LuVlQjkGcWSuGyYWnXl+na233tPk3tl
x/VmqDlSlmIoMhf7zTwOZa2s52KGb4XcS+gVRS5gVpaDov39gHG5G8z8DGSxaGWy
L+YCq+HQ+F5aUDKWz4MvOBukjUWW5VcaE+tg4zXsZGecARqXKcqQstasxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKo3FzOtid30fVfmW9OfxZu+lNWCMB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvcWpjWE02MkozZlI5Vi1aYjA1X0ZtNzZVMVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYpEMA0G
CSqGSIb3DQEBCwUAA4IBAQCw+zFr55IxmUY0y39Jxt5wD1Sem0Lj7jof24JL1YqO
vi1xfoZhQ7ALtEPEH40Ip1A6HZBdLgvT3lcUOPbt9ZYKPCcYCYIFJclhkjhgBxKW
vMxPnIaQ8kmGnxz56cMD0DzmTkrzyswWw4Nc88ov064dfnqGn2RRYT+jqHM3JdP9
my0FlzSQOSNmlTguXERA+9OLteuQeFPmhYSJs7E6zR8rOXwkLztRYu3yLL8/kNwh
vUvkzYVoypdEfPVHfKTQu6Fj8HddDHjnPJmCh7GXU0hgxVNqceIno5Hk97P3XfkM
dNlI/Ql3HPa/Ezjcf7iHQPMhAujIKNP7LudFvHlug5cz
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:40:00 2025 by rpki-client