Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/UfGRZgc83jAgP1uwJbva6P0kvII.roa
File: UfGRZgc83jAgP1uwJbva6P0kvII.roa (raw, json)
Hash identifier: YyafRfLrI/cm0ZWyO0ziVfQrLn5zRPH9z40jo/LflpE=
Subject key identifier: 51:F1:91:66:07:3C:DE:30:20:3F:5B:B0:25:BB:DA:E8:FD:24:BC:82
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 018D408E25C7FBA3670E7CC21DB1298231F0
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/UfGRZgc83jAgP1uwJbva6P0kvII.roa
Signing time: Thu 25 Jan 2024 12:17:54 +0000
ROA not before: Thu 25 Jan 2024 12:17:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62236
IP address blocks: 45.141.243.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:40:8e:25:c7:fb:a3:67:0e:7c:c2:1d:b1:29:82:31:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Jan 25 12:17:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=51f19166073cde30203f5bb025bbdae8fd24bc82
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:54:56:5f:7b:84:9e:b6:7f:b4:ab:cd:c9:c5:
95:fc:06:79:21:f1:a0:c4:47:d3:0a:52:51:d9:0e:
9c:15:67:74:45:d1:c4:21:29:0b:d6:0b:6f:d8:f5:
75:cd:fb:d4:b2:46:f0:90:7f:44:65:db:ad:e1:5f:
7f:46:47:fb:39:94:24:35:28:ca:a9:b0:59:9c:be:
4d:d5:81:3f:b1:27:05:59:7c:02:b7:94:7d:3f:7b:
76:24:31:93:fc:84:02:32:d3:4d:7f:54:d0:b0:d2:
3d:21:15:9e:b6:f7:b8:88:d2:a4:96:17:3e:bf:ed:
c5:4d:80:40:5d:4a:23:a5:7a:5f:01:8c:29:9f:1f:
81:0e:0b:96:5f:06:41:48:da:e2:c7:04:2e:d5:6a:
c8:0a:60:b3:4f:23:91:ba:35:70:66:15:60:e1:3e:
5c:b1:21:4b:d2:a5:e0:b1:1c:e2:e8:26:ee:e0:37:
75:75:7d:0f:8e:93:0b:c7:9f:bf:ee:c8:c5:f9:e3:
01:31:e0:12:ce:9c:fe:72:b7:30:bd:97:21:70:dd:
0c:0a:70:88:33:27:a4:db:1c:ab:81:e7:b7:f8:b2:
47:13:58:71:52:29:dd:a8:9c:08:dd:cf:2c:4e:18:
2e:a2:15:6b:60:ad:7d:00:4e:d9:97:d0:ae:b5:1c:
bd:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:F1:91:66:07:3C:DE:30:20:3F:5B:B0:25:BB:DA:E8:FD:24:BC:82
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/UfGRZgc83jAgP1uwJbva6P0kvII.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.243.0/24
Signature Algorithm: sha256WithRSAEncryption
73:8f:af:5a:b7:54:b7:a0:6d:93:3b:79:7e:51:05:b1:4d:87:
ea:32:62:78:3e:c1:e8:1b:e9:0a:b3:25:28:e3:40:fa:61:30:
a7:4a:09:01:e8:3f:5c:c0:84:eb:36:17:ed:17:d5:6e:75:5d:
d7:42:ca:c2:75:65:75:c9:a3:20:7a:dd:dc:99:fc:13:6f:7f:
fe:64:9f:46:a0:1e:5c:f9:60:20:88:cc:4c:e1:08:51:fd:0a:
2e:58:6e:d3:23:c1:56:99:e2:b4:7f:25:ab:28:c5:5b:50:19:
d7:28:8f:a8:d7:5d:35:53:22:50:9a:b2:b8:0c:89:46:39:a6:
02:75:ff:df:c1:5b:7d:0e:18:3a:46:e0:5a:51:40:0d:7f:de:
fe:07:b6:8c:ea:a1:f1:71:6a:d8:d2:33:96:9c:eb:c9:dd:76:
5e:0d:c8:11:16:a3:2a:f3:b1:2b:ef:0d:03:c5:d5:3c:6b:53:
c4:55:24:d4:4b:4b:58:8d:6d:1d:af:89:f7:02:6e:ef:e8:63:
d5:46:67:f8:99:da:b2:54:c9:bb:48:40:e3:35:2f:69:66:7c:
61:52:94:9c:18:e3:61:f6:c9:c5:60:f7:2c:ae:fa:98:e1:52:
0f:f9:69:16:d5:81:b1:c1:aa:29:e9:19:1b:67:71:61:dd:71:
bb:d2:8c:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1AjiXH+6NnDnzCHbEpgjHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjQwMTI1MTIxNzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWYxOTE2NjA3M2NkZTMwMjAzZjViYjAyNWJiZGFlOGZkMjRiYzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVRWX3uEnrZ/tKvNycWV/AZ5IfGg
xEfTClJR2Q6cFWd0RdHEISkL1gtv2PV1zfvUskbwkH9EZdut4V9/Rkf7OZQkNSjK
qbBZnL5N1YE/sScFWXwCt5R9P3t2JDGT/IQCMtNNf1TQsNI9IRWetve4iNKklhc+
v+3FTYBAXUojpXpfAYwpnx+BDguWXwZBSNrixwQu1WrICmCzTyORujVwZhVg4T5c
sSFL0qXgsRzi6Cbu4Dd1dX0PjpMLx5+/7sjF+eMBMeASzpz+crcwvZchcN0MCnCI
Myek2xyrgee3+LJHE1hxUindqJwI3c8sThguohVrYK19AE7Zl9CutRy9eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHxkWYHPN4wID9bsCW72uj9JLyCMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvVWZHUlpnYzgzakFnUDF1d0pidmE2UDBrdklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY3zMA0G
CSqGSIb3DQEBCwUAA4IBAQBzj69at1S3oG2TO3l+UQWxTYfqMmJ4PsHoG+kKsyUo
40D6YTCnSgkB6D9cwITrNhftF9VudV3XQsrCdWV1yaMget3cmfwTb3/+ZJ9GoB5c
+WAgiMxM4QhR/QouWG7TI8FWmeK0fyWrKMVbUBnXKI+o1101UyJQmrK4DIlGOaYC
df/fwVt9Dhg6RuBaUUANf97+B7aM6qHxcWrY0jOWnOvJ3XZeDcgRFqMq87Er7w0D
xdU8a1PEVSTUS0tYjW0dr4n3Am7v6GPVRmf4mdqyVMm7SEDjNS9pZnxhUpScGONh
9snFYPcsrvqY4VIP+WkW1YGxwaop6RkbZ3Fh3XG70owB
-----END CERTIFICATE-----
Generated at Sun Apr 27 18:20:09 2025 by rpki-client