Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/OQYge3uDVvJnQ6VdIOkxO-yVIi4.roa
File: OQYge3uDVvJnQ6VdIOkxO-yVIi4.roa (raw, json)
Hash identifier: FOMPXlzh+UcXwWVArMx1ljqfUDNgpIhbR07HAQJn37A=
Subject key identifier: 39:06:20:7B:7B:83:56:F2:67:43:A5:5D:20:E9:31:3B:EC:95:22:2E
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 01856CF881EAF322470D3AE4221AD538A630
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/OQYge3uDVvJnQ6VdIOkxO-yVIi4.roa
Signing time: Sun 01 Jan 2023 10:55:03 +0000
ROA not before: Sun 01 Jan 2023 10:55:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202513
IP address blocks: 45.141.240.0/23 maxlen: 23
45.141.252.0/23 maxlen: 24
193.38.226.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:f8:81:ea:f3:22:47:0d:3a:e4:22:1a:d5:38:a6:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Jan 1 10:55:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3906207b7b8356f26743a55d20e9313bec95222e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:d0:9e:92:38:d8:99:75:0e:e3:52:62:fa:ad:
92:69:e9:dc:40:bc:ae:4d:05:55:39:92:a2:88:17:
96:36:4f:76:4e:53:e8:04:bc:ed:6d:ec:8e:ed:16:
e6:2b:3e:2d:f6:19:73:c2:a8:f6:15:f8:d9:1f:8d:
f7:bf:8d:e7:c5:b5:0e:a4:0c:ae:51:9d:0e:5a:23:
ce:51:63:73:9c:9f:d2:07:c9:eb:05:58:08:9b:e9:
8b:39:8f:f7:e1:e7:3b:ac:77:01:ae:df:63:84:c7:
98:3e:02:07:f1:8a:fb:e0:64:69:6f:bd:91:a9:ec:
b3:0b:f1:43:3c:10:2c:fb:87:ac:c9:61:4f:ea:38:
be:d6:b2:90:fd:ef:a1:9d:a0:82:93:fd:6a:de:b5:
74:b2:f6:5b:d9:c2:40:a5:a1:53:97:fd:4d:d9:ec:
a5:75:15:ed:f6:0e:ee:29:e5:7c:8f:e0:05:0a:ca:
f9:10:c4:72:4b:e4:58:28:1a:3c:ed:63:50:05:a9:
1b:a4:11:4e:8b:9f:10:77:c1:2e:0f:c3:1f:7f:ca:
67:f2:79:19:79:67:66:d8:38:f4:13:59:87:6a:e0:
99:5c:fe:4e:ab:09:a7:6a:a5:d7:e3:4d:e4:ab:6e:
51:07:eb:63:ef:a5:2e:e1:e6:4a:be:24:88:a8:5e:
75:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:06:20:7B:7B:83:56:F2:67:43:A5:5D:20:E9:31:3B:EC:95:22:2E
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/OQYge3uDVvJnQ6VdIOkxO-yVIi4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.240.0/23
45.141.252.0/23
193.38.226.0/23
Signature Algorithm: sha256WithRSAEncryption
8f:83:2b:6c:42:c9:bd:38:d1:f3:99:e8:f8:ba:0b:52:41:70:
da:1c:c8:f7:11:c0:53:fa:b1:1b:56:fd:04:60:3b:9a:bb:d7:
ae:9f:e2:27:e3:46:99:80:a4:c4:5c:00:d9:e9:59:c0:6a:86:
fb:da:cc:0f:f3:5a:22:f8:35:6f:58:68:ad:6b:48:d7:6b:b2:
2e:d7:00:e3:ef:97:27:b4:ff:90:c4:ce:1c:fd:b6:84:d8:01:
9e:32:de:9b:17:45:69:d4:fe:dc:d4:c6:8a:7d:8e:f2:d6:30:
69:da:12:93:48:42:a2:e9:a0:ce:05:d3:a8:2e:e4:60:f6:be:
4d:ca:1c:c2:bc:e7:5f:b8:4d:e7:46:d4:88:42:92:b2:59:90:
c2:a2:1a:72:32:33:b6:9f:34:e2:d6:99:a1:85:05:2b:c4:52:
f3:1b:c1:70:51:8f:f3:23:9d:f0:cb:78:0b:a9:4b:24:ef:f3:
17:ac:20:0a:a6:6c:df:9f:24:33:74:80:92:ec:a5:08:8a:e2:
b1:22:10:21:af:ce:db:69:cf:cf:63:69:b1:08:4e:d2:9e:56:
f3:07:da:29:73:1d:ae:15:a6:0b:55:cb:ea:35:67:29:25:32:
3b:67:2f:cc:63:6a:86:bb:25:39:23:c5:d3:17:85:2f:77:f1:
74:be:44:7c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVs+IHq8yJHDTrkIhrVOKYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjMwMTAxMTA1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTA2MjA3YjdiODM1NmYyNjc0M2E1NWQyMGU5MzEzYmVjOTUyMjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNCekjjYmXUO41Ji+q2SaencQLyu
TQVVOZKiiBeWNk92TlPoBLztbeyO7RbmKz4t9hlzwqj2FfjZH433v43nxbUOpAyu
UZ0OWiPOUWNznJ/SB8nrBVgIm+mLOY/34ec7rHcBrt9jhMeYPgIH8Yr74GRpb72R
qeyzC/FDPBAs+4esyWFP6ji+1rKQ/e+hnaCCk/1q3rV0svZb2cJApaFTl/1N2eyl
dRXt9g7uKeV8j+AFCsr5EMRyS+RYKBo87WNQBakbpBFOi58Qd8EuD8Mff8pn8nkZ
eWdm2Dj0E1mHauCZXP5OqwmnaqXX403kq25RB+tj76Uu4eZKviSIqF51dwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDkGIHt7g1byZ0OlXSDpMTvslSIuMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvT1FZZ2UzdURWdkpuUTZWZElPa3hPLXlWSWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLY3wAwQB
LY38AwQBwSbiMA0GCSqGSIb3DQEBCwUAA4IBAQCPgytsQsm9ONHzmej4ugtSQXDa
HMj3EcBT+rEbVv0EYDuau9eun+In40aZgKTEXADZ6VnAaob72swP81oi+DVvWGit
a0jXa7Iu1wDj75cntP+QxM4c/baE2AGeMt6bF0Vp1P7c1MaKfY7y1jBp2hKTSEKi
6aDOBdOoLuRg9r5NyhzCvOdfuE3nRtSIQpKyWZDCohpyMjO2nzTi1pmhhQUrxFLz
G8FwUY/zI53wy3gLqUsk7/MXrCAKpmzfnyQzdICS7KUIiuKxIhAhr87bac/PY2mx
CE7SnlbzB9opcx2uFaYLVcvqNWcpJTI7Zy/MY2qGuyU5I8XTF4Uvd/F0vkR8
-----END CERTIFICATE-----
Generated at Sun Apr 27 17:02:24 2025 by rpki-client