Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/iSTjCH-_Ynb1YCIcO0ZpFj-uZeY.roa
File: iSTjCH-_Ynb1YCIcO0ZpFj-uZeY.roa (raw, json)
Hash identifier: RFpxLG/LDqNqCYrvfVaFWR4hijYnRCLj9t/Kq/fk30Y=
Subject key identifier: 89:24:E3:08:7F:BF:62:76:F5:60:22:1C:3B:46:69:16:3F:AE:65:E6
Certificate issuer: /CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Certificate serial: 01856DB8824F2CCA555FE88C6635502A0B9C
Authority key identifier: 11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/iSTjCH-_Ynb1YCIcO0ZpFj-uZeY.roa
Signing time: Sun 01 Jan 2023 14:24:46 +0000
ROA not before: Sun 01 Jan 2023 14:24:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3169
IP address blocks: 45.88.4.0/24 maxlen: 24
155.133.62.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:b8:82:4f:2c:ca:55:5f:e8:8c:66:35:50:2a:0b:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=111d6814375271d1a3cbd12155db11d2bd41a8d3
Validity
Not Before: Jan 1 14:24:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8924e3087fbf6276f560221c3b4669163fae65e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:b0:62:40:b1:09:ae:0a:7f:20:e3:ef:ed:6b:
19:2d:9e:30:75:57:cb:38:09:d7:12:91:0d:7a:22:
0a:a6:54:74:b5:85:a8:ee:67:a6:84:32:07:93:88:
f8:49:fc:03:52:b6:dd:ae:91:dc:92:04:42:30:23:
81:ea:74:96:20:bc:f4:a1:ae:4a:5a:27:f8:14:a2:
79:2d:a2:4f:f4:3a:89:7e:e7:6a:ec:7c:df:9e:33:
ca:23:b1:cb:10:5a:53:8a:14:11:a5:42:2f:7c:06:
03:b0:d1:02:a0:48:ea:15:0f:3c:c5:3e:9c:14:06:
e2:57:3a:36:21:22:45:8a:e8:6a:50:69:bb:b5:be:
53:f8:8f:ff:f1:9f:96:50:23:5f:1a:65:ba:28:f3:
86:b7:b2:22:fb:56:e4:83:95:2b:53:3e:34:33:73:
7a:16:75:59:5f:fd:80:68:20:0e:60:ba:26:1b:04:
9c:c4:5f:30:31:03:81:07:fd:82:df:8d:44:a8:3c:
0f:eb:54:fd:cd:6c:33:21:a7:ca:e0:d3:f3:0e:9c:
d2:d0:95:35:21:91:1a:65:ae:22:a0:18:f2:f0:94:
6b:4b:7b:44:ea:14:38:bb:b6:55:06:0f:56:a2:1c:
8a:a7:df:d7:5d:90:eb:f9:08:d8:cf:bc:44:45:ba:
6b:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:24:E3:08:7F:BF:62:76:F5:60:22:1C:3B:46:69:16:3F:AE:65:E6
X509v3 Authority Key Identifier:
keyid:11:1D:68:14:37:52:71:D1:A3:CB:D1:21:55:DB:11:D2:BD:41:A8:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER1oFDdScdGjy9EhVdsR0r1BqNM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/iSTjCH-_Ynb1YCIcO0ZpFj-uZeY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/a8b14b-fb25-47f8-8b0d-271d25e20574/1/ER1oFDdScdGjy9EhVdsR0r1BqNM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.88.4.0/24
155.133.62.0/23
Signature Algorithm: sha256WithRSAEncryption
6c:40:55:d8:a0:48:4d:0c:dd:03:ab:58:f4:23:09:b7:63:15:
e1:18:22:2f:02:ae:b2:b8:f8:6a:dc:5b:a4:0f:2e:22:13:61:
f0:3e:f1:d6:a7:12:0f:9c:23:b2:26:b4:99:b4:3c:67:2f:d8:
13:90:32:5d:dc:65:0e:e6:e9:8f:0d:3d:b8:79:35:92:23:12:
20:9e:d2:7e:55:1c:24:22:e5:9a:f9:c9:bc:09:ca:36:99:3b:
7f:19:66:42:34:02:6f:b4:10:01:0f:3c:a1:ab:de:4c:76:78:
10:1e:80:d3:4f:cb:21:fa:43:69:16:53:ab:f1:51:67:75:f3:
19:c5:8e:27:6c:34:c8:83:1d:14:1d:be:3c:2d:4b:aa:ff:e4:
e5:f6:95:2e:bf:95:a6:ef:79:00:d8:4b:01:6b:43:b0:b2:18:
d5:13:a4:7d:ff:b4:a6:e5:4f:8f:04:0c:a4:8f:cb:c7:a4:0f:
36:ee:a6:40:19:f1:fe:df:9f:75:74:98:c5:ee:7a:2d:85:a1:
55:6b:f4:11:21:7b:df:c6:bc:7b:ed:59:a5:4c:ba:85:6f:d6:
54:37:ea:b7:bf:f1:8a:f7:2c:c4:d5:52:59:28:c7:1c:c8:2f:
2a:57:2b:b7:6e:98:ba:a3:fa:82:c4:c1:22:b2:c1:ac:0e:55:
a3:a1:97:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtuIJPLMpVX+iMZjVQKgucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWQ2ODE0Mzc1MjcxZDFhM2NiZDEyMTU1ZGIxMWQyYmQ0
MWE4ZDMwHhcNMjMwMTAxMTQyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTI0ZTMwODdmYmY2Mjc2ZjU2MDIyMWMzYjQ2NjkxNjNmYWU2NWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirBiQLEJrgp/IOPv7WsZLZ4wdVfL
OAnXEpENeiIKplR0tYWo7memhDIHk4j4SfwDUrbdrpHckgRCMCOB6nSWILz0oa5K
Wif4FKJ5LaJP9DqJfudq7HzfnjPKI7HLEFpTihQRpUIvfAYDsNECoEjqFQ88xT6c
FAbiVzo2ISJFiuhqUGm7tb5T+I//8Z+WUCNfGmW6KPOGt7Ii+1bkg5UrUz40M3N6
FnVZX/2AaCAOYLomGwScxF8wMQOBB/2C341EqDwP61T9zWwzIafK4NPzDpzS0JU1
IZEaZa4ioBjy8JRrS3tE6hQ4u7ZVBg9WohyKp9/XXZDr+QjYz7xERbprAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIkk4wh/v2J29WAiHDtGaRY/rmXmMB8GA1UdIwQY
MBaAFBEdaBQ3UnHRo8vRIVXbEdK9QajTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQt
MjcxZDI1ZTIwNTc0LzEvaVNUakNILV9ZbmIxWUNJY08wWnBGai11WmVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9hOGIxNGItZmIyNS00N2Y4LThiMGQtMjcxZDI1ZTIwNTc0
LzEvRVIxb0ZEZFNjZEdqeTlFaFZkc1IwcjFCcU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVgEAwQB
m4U+MA0GCSqGSIb3DQEBCwUAA4IBAQBsQFXYoEhNDN0Dq1j0Iwm3YxXhGCIvAq6y
uPhq3FukDy4iE2HwPvHWpxIPnCOyJrSZtDxnL9gTkDJd3GUO5umPDT24eTWSIxIg
ntJ+VRwkIuWa+cm8Cco2mTt/GWZCNAJvtBABDzyhq95MdngQHoDTT8sh+kNpFlOr
8VFndfMZxY4nbDTIgx0UHb48LUuq/+Tl9pUuv5Wm73kA2EsBa0OwshjVE6R9/7Sm
5U+PBAykj8vHpA827qZAGfH+3591dJjF7nothaFVa/QRIXvfxrx77VmlTLqFb9ZU
N+q3v/GK9yzE1VJZKMccyC8qVyu3bpi6o/qCxMEissGsDlWjoZeb
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:32 2025 by rpki-client