Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MQxFqHhC7vVh-EM_nGCYmFMzhM4.roa
File: MQxFqHhC7vVh-EM_nGCYmFMzhM4.roa (raw, json)
Hash identifier: 94yvBxKWsrvEmzQ2hazx3bR6HHgxBsNDs/A7dHjxBZY=
Subject key identifier: 31:0C:45:A8:78:42:EE:F5:61:F8:43:3F:9C:60:98:98:53:33:84:CE
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 018D408E25F25177D7C268F4EE0D7820D000
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MQxFqHhC7vVh-EM_nGCYmFMzhM4.roa
Signing time: Thu 25 Jan 2024 12:17:54 +0000
ROA not before: Thu 25 Jan 2024 12:17:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202513
IP address blocks: 45.141.240.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:40:8e:25:f2:51:77:d7:c2:68:f4:ee:0d:78:20:d0:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Jan 25 12:17:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=310c45a87842eef561f8433f9c609898533384ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:93:e1:0d:39:d4:20:4b:cc:60:63:56:a0:fc:
af:41:cf:33:15:09:b5:3b:1f:52:31:a4:8b:43:a0:
d1:a4:4a:17:ed:91:00:b4:98:c9:57:e3:60:7d:26:
ae:a2:62:c2:45:0b:91:a6:2f:bf:d1:e9:c2:da:c7:
89:f4:01:f9:c9:0d:87:b8:be:aa:3d:b4:d7:a7:52:
72:c1:d4:86:77:37:87:b4:42:be:ea:a4:d2:8c:70:
96:a1:38:3e:c5:39:6a:5e:cb:b9:73:99:d3:b3:d3:
59:99:27:48:be:c3:d8:10:de:81:73:37:08:d3:7b:
d9:f5:de:29:98:6c:50:df:ac:43:e1:ff:9f:aa:a7:
11:c5:ac:8c:6b:63:c0:e6:87:d5:cc:fc:e1:03:c1:
a3:23:63:94:05:3a:80:cb:a4:01:b7:91:c7:f8:73:
d6:c9:9f:29:3e:5a:80:8b:3f:31:ae:14:08:e1:89:
e8:cf:36:3a:b2:d7:ac:c4:c1:7c:7d:0e:5f:06:5a:
c3:b4:03:77:ca:34:49:2c:22:e5:9a:29:17:6d:7b:
74:8c:15:43:81:5a:91:65:36:da:d2:9b:c9:5b:4b:
0c:a4:4c:57:49:15:dc:64:58:7f:37:5d:6c:8d:1d:
47:ff:d6:a7:10:75:74:07:56:7d:5e:9d:c0:f5:84:
25:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:0C:45:A8:78:42:EE:F5:61:F8:43:3F:9C:60:98:98:53:33:84:CE
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MQxFqHhC7vVh-EM_nGCYmFMzhM4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.240.0/23
Signature Algorithm: sha256WithRSAEncryption
3c:2d:de:ab:f8:85:a9:2c:ec:db:1c:05:fc:47:18:57:f7:26:
37:75:1b:19:13:04:41:14:44:7e:ea:d4:0a:0a:0e:f7:6c:ff:
d2:b3:13:a0:32:43:a8:0a:9e:a8:08:80:e1:78:4a:49:88:cb:
5e:11:fd:6a:90:74:18:fb:d8:42:c8:75:de:77:2a:e2:05:04:
46:ca:a8:01:c4:b9:c9:f4:55:67:48:89:f2:49:a2:5a:59:77:
4a:bb:05:3d:7c:18:90:37:86:49:6c:5b:84:49:58:b1:39:3f:
22:19:05:45:9d:04:20:ce:42:56:34:e7:ff:7b:ba:22:6e:01:
70:6c:04:5f:eb:79:52:d2:f0:a2:92:92:cd:cc:15:8c:76:f4:
6c:6f:4d:b6:dc:fe:b2:07:ef:57:fe:af:0e:54:cc:1e:d5:cc:
ae:8d:55:5f:22:44:76:55:be:c6:1c:b9:d1:f0:ae:45:da:ca:
96:3c:13:3d:54:65:73:24:1e:92:64:01:a8:82:f6:50:e2:e7:
be:7f:cc:6f:a1:3e:5a:51:4e:cc:ac:8c:d5:56:96:18:0d:82:
9e:af:db:4e:76:1e:3f:80:5c:86:08:63:38:67:7d:24:a4:47:
43:08:f9:a4:6d:94:c6:a3:b2:f9:99:6e:aa:16:57:a9:bf:c4:
38:91:09:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1AjiXyUXfXwmj07g14INAAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjQwMTI1MTIxNzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBjNDVhODc4NDJlZWY1NjFmODQzM2Y5YzYwOTg5ODUzMzM4NGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5PhDTnUIEvMYGNWoPyvQc8zFQm1
Ox9SMaSLQ6DRpEoX7ZEAtJjJV+NgfSauomLCRQuRpi+/0enC2seJ9AH5yQ2HuL6q
PbTXp1JywdSGdzeHtEK+6qTSjHCWoTg+xTlqXsu5c5nTs9NZmSdIvsPYEN6BczcI
03vZ9d4pmGxQ36xD4f+fqqcRxayMa2PA5ofVzPzhA8GjI2OUBTqAy6QBt5HH+HPW
yZ8pPlqAiz8xrhQI4YnozzY6stesxMF8fQ5fBlrDtAN3yjRJLCLlmikXbXt0jBVD
gVqRZTba0pvJW0sMpExXSRXcZFh/N11sjR1H/9anEHV0B1Z9Xp3A9YQl/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDEMRah4Qu71YfhDP5xgmJhTM4TOMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvTVF4RnFIaEM3dlZoLUVNX25HQ1ltRk16aE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY3wMA0G
CSqGSIb3DQEBCwUAA4IBAQA8Ld6r+IWpLOzbHAX8RxhX9yY3dRsZEwRBFER+6tQK
Cg73bP/SsxOgMkOoCp6oCIDheEpJiMteEf1qkHQY+9hCyHXedyriBQRGyqgBxLnJ
9FVnSInySaJaWXdKuwU9fBiQN4ZJbFuESVixOT8iGQVFnQQgzkJWNOf/e7oibgFw
bARf63lS0vCikpLNzBWMdvRsb0223P6yB+9X/q8OVMwe1cyujVVfIkR2Vb7GHLnR
8K5F2sqWPBM9VGVzJB6SZAGogvZQ4ue+f8xvoT5aUU7MrIzVVpYYDYKer9tOdh4/
gFyGCGM4Z30kpEdDCPmkbZTGo7L5mW6qFlepv8Q4kQkD
-----END CERTIFICATE-----
Generated at Sun Apr 27 17:10:46 2025 by rpki-client