Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/9yYP_TpgmMFW-nLUQuupuxCPl0w.roa
File: 9yYP_TpgmMFW-nLUQuupuxCPl0w.roa (raw, json)
Hash identifier: c8DrY07yNxtfr4ZZEoC2/C+AD2a+RQtLa8juD4lYjsU=
Subject key identifier: F7:26:0F:FD:3A:60:98:C1:56:FA:72:D4:42:EB:A9:BB:10:8F:97:4C
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 01828DAED6D7EBC0D505CA57D947FD2401D9
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/9yYP_TpgmMFW-nLUQuupuxCPl0w.roa
Signing time: Thu 11 Aug 2022 16:13:41 +0000
ROA not before: Thu 11 Aug 2022 16:13:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202513
IP address blocks: 45.141.240.0/23 maxlen: 23
45.141.252.0/23 maxlen: 24
193.38.226.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:8d:ae:d6:d7:eb:c0:d5:05:ca:57:d9:47:fd:24:01:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Aug 11 16:13:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f7260ffd3a6098c156fa72d442eba9bb108f974c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:eb:f5:39:78:37:c0:db:22:84:56:25:ac:79:
d5:e6:66:a3:8a:e8:ca:21:6e:07:1d:14:3e:ac:56:
26:7d:af:7d:8a:32:6e:ad:53:ca:7e:a4:01:c9:e8:
7c:e1:02:8d:8d:46:29:bd:22:be:bc:e9:85:f8:a9:
3d:fb:7f:53:05:7f:49:47:61:df:7e:eb:9a:42:51:
1b:6d:49:1f:9e:f4:a7:27:08:d0:fa:d9:1c:99:36:
dd:bd:c3:01:45:5b:a5:b9:08:62:87:b1:c8:ae:bd:
5d:05:61:df:40:75:07:cd:d7:24:67:bc:b5:8a:db:
aa:41:93:8b:dd:3e:cb:42:8d:3e:69:c5:68:7b:6e:
a5:8c:ad:e6:b5:f9:60:1d:55:02:61:34:85:a3:b9:
06:b4:22:d9:3e:45:12:1b:13:97:b9:c0:c0:bf:f0:
2b:39:b9:1c:a2:8c:b3:5e:50:2f:40:51:75:33:4b:
0d:b3:ce:53:24:f4:ee:c1:3d:74:01:24:7e:ea:e5:
2d:ae:a5:dd:3e:0a:02:d1:30:7f:e5:d1:97:46:dc:
28:0c:b0:48:d5:7a:e5:65:b9:dd:c2:f7:e4:61:6c:
2d:49:10:e2:2e:b0:1c:fe:8c:96:1b:29:2b:9c:bf:
59:5c:6b:d5:47:58:f6:02:e7:f3:39:89:64:e9:3e:
89:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:26:0F:FD:3A:60:98:C1:56:FA:72:D4:42:EB:A9:BB:10:8F:97:4C
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/9yYP_TpgmMFW-nLUQuupuxCPl0w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.240.0/23
45.141.252.0/23
193.38.226.0/23
Signature Algorithm: sha256WithRSAEncryption
2e:3c:e5:40:76:2c:b1:a7:59:69:db:41:f2:38:d5:44:47:ef:
82:9b:fc:b6:3e:90:fe:ef:1e:60:8d:4a:6b:58:d8:ae:a3:c7:
57:5b:97:85:40:d9:4e:8c:5d:2c:5f:f8:b5:89:cc:5d:af:f5:
ce:64:65:05:53:1b:8b:fe:4d:a2:a0:5b:ac:ed:2e:f5:c2:89:
0a:e1:92:4b:d1:ea:70:66:4d:7e:94:0f:6f:af:5a:2c:21:8f:
32:b9:d3:7a:42:3f:a7:8e:26:db:7d:e1:73:1d:7d:e7:be:4a:
57:06:de:c1:fa:66:51:9d:73:09:f0:67:8a:4c:4c:d9:8b:70:
f8:6c:03:c9:a8:5e:58:12:61:15:92:f0:ea:eb:b2:8c:ef:3b:
7f:00:9c:50:68:3b:21:a6:78:b2:a4:66:da:de:3f:11:34:c6:
50:f4:b9:b9:57:db:98:e5:00:99:d7:47:ec:41:40:9f:c3:86:
0f:94:d1:c5:00:71:4d:9a:79:c7:94:03:bf:68:7f:2d:c4:57:
14:f9:e8:8d:3a:87:39:d7:ed:be:45:ab:29:f7:2d:81:fd:e3:
b2:ed:da:f9:5b:a9:6e:2f:f6:c6:3c:a1:0b:8d:4d:56:ab:21:
4d:fd:87:b8:e6:db:4f:49:e8:13:ed:fa:e6:ba:93:53:19:8b:
52:a3:00:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYKNrtbX68DVBcpX2Uf9JAHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjIwODExMTYxMzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzI2MGZmZDNhNjA5OGMxNTZmYTcyZDQ0MmViYTliYjEwOGY5NzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOv1OXg3wNsihFYlrHnV5majiujK
IW4HHRQ+rFYmfa99ijJurVPKfqQByeh84QKNjUYpvSK+vOmF+Kk9+39TBX9JR2Hf
fuuaQlEbbUkfnvSnJwjQ+tkcmTbdvcMBRVuluQhih7HIrr1dBWHfQHUHzdckZ7y1
ituqQZOL3T7LQo0+acVoe26ljK3mtflgHVUCYTSFo7kGtCLZPkUSGxOXucDAv/Ar
ObkcooyzXlAvQFF1M0sNs85TJPTuwT10ASR+6uUtrqXdPgoC0TB/5dGXRtwoDLBI
1XrlZbndwvfkYWwtSRDiLrAc/oyWGykrnL9ZXGvVR1j2AufzOYlk6T6JFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPcmD/06YJjBVvpy1ELrqbsQj5dMMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvOXlZUF9UcGdtTUZXLW5MVVF1dXB1eENQbDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLY3wAwQB
LY38AwQBwSbiMA0GCSqGSIb3DQEBCwUAA4IBAQAuPOVAdiyxp1lp20HyONVER++C
m/y2PpD+7x5gjUprWNiuo8dXW5eFQNlOjF0sX/i1icxdr/XOZGUFUxuL/k2ioFus
7S71wokK4ZJL0epwZk1+lA9vr1osIY8yudN6Qj+njibbfeFzHX3nvkpXBt7B+mZR
nXMJ8GeKTEzZi3D4bAPJqF5YEmEVkvDq67KM7zt/AJxQaDshpniypGba3j8RNMZQ
9Lm5V9uY5QCZ10fsQUCfw4YPlNHFAHFNmnnHlAO/aH8txFcU+eiNOoc51+2+Rasp
9y2B/eOy7dr5W6luL/bGPKELjU1WqyFN/Ye45ttPSegT7frmupNTGYtSowDG
-----END CERTIFICATE-----
Generated at Mon Apr 28 01:56:15 2025 by rpki-client