Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/k-aY6RqruBNw59m5MGhxkcItte0.roa
File: k-aY6RqruBNw59m5MGhxkcItte0.roa (raw, json)
Hash identifier: y8l5SWThO8sevbbmebrZ9Stp+NQ43bAfffsHbgX8tI8=
Subject key identifier: 93:E6:98:E9:1A:AB:B8:13:70:E7:D9:B9:30:68:71:91:C2:2D:B5:ED
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 01828DAED60B43034DA8DD2F27A97B706B44
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/k-aY6RqruBNw59m5MGhxkcItte0.roa
Signing time: Thu 11 Aug 2022 16:13:41 +0000
ROA not before: Thu 11 Aug 2022 16:13:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202349
IP address blocks: 2.56.86.0/23 maxlen: 24
2.56.87.0/24 maxlen: 24
45.141.243.0/24 maxlen: 24
45.141.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:8d:ae:d6:0b:43:03:4d:a8:dd:2f:27:a9:7b:70:6b:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Aug 11 16:13:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=93e698e91aabb81370e7d9b930687191c22db5ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:2e:7b:70:c4:0d:ec:6f:ff:34:fe:40:45:ce:
0c:d5:f5:1a:ac:fd:82:44:e3:38:2a:8b:8c:aa:e7:
bf:0d:31:c2:56:61:b0:63:aa:5b:fd:24:86:59:4c:
9b:72:33:b7:b2:a8:c5:74:33:90:66:90:f2:95:0d:
2d:29:7d:a8:92:21:3d:a9:2f:5d:01:34:50:6e:a0:
52:32:2c:a8:5b:29:af:7d:1e:43:5d:a0:5a:30:50:
e5:d5:41:78:31:c8:e0:95:a2:38:5f:12:89:6e:9b:
51:23:d7:bb:28:fb:54:b2:58:ff:7a:c4:e7:7a:70:
1b:c7:22:78:f2:45:4c:e6:56:60:e2:30:2d:41:93:
4e:1f:41:ea:2b:d8:2d:ed:f4:9e:67:80:a7:c5:2a:
ba:e9:ab:14:7b:20:34:01:a9:d0:d4:11:6f:65:30:
10:ae:73:b0:39:ac:7d:f9:71:6c:46:c0:66:8f:a8:
fd:28:c8:6a:25:78:29:99:96:1d:71:ea:d9:03:5f:
3c:f5:b3:69:99:d5:3e:7a:b8:9a:96:14:aa:ac:b8:
37:1a:69:1b:41:1f:a2:77:29:5e:81:ca:ca:9b:bf:
d0:c2:00:6a:97:e9:a1:fb:f0:7c:83:a5:4c:4f:cd:
75:61:1d:bf:62:66:bf:03:0f:4b:8a:03:75:24:db:
57:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:E6:98:E9:1A:AB:B8:13:70:E7:D9:B9:30:68:71:91:C2:2D:B5:ED
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/k-aY6RqruBNw59m5MGhxkcItte0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.86.0/23
45.141.243.0/24
45.141.254.0/24
Signature Algorithm: sha256WithRSAEncryption
98:25:b3:ed:e1:96:72:1b:82:ee:3d:82:e8:64:d7:c3:a6:c7:
6b:f9:af:08:e1:32:a7:2b:58:27:03:a7:89:71:8a:2a:44:af:
47:97:06:9f:14:71:24:f6:5a:df:13:c9:57:9f:a7:f7:8e:70:
6a:66:09:94:9d:4b:83:dc:8d:a3:d7:9d:1f:bc:64:0a:61:40:
8f:46:70:2f:e9:b1:e0:f2:34:01:29:ec:53:6e:48:97:84:65:
18:88:f5:d9:df:11:49:e8:68:55:ff:e9:99:9b:22:dd:72:a3:
21:64:71:91:6f:21:1d:6e:45:b2:8e:53:53:59:3b:81:42:7a:
c7:33:31:d5:cd:4a:89:68:d5:34:36:36:de:54:2a:d6:8b:00:
fd:e0:c3:cb:04:18:42:e5:4c:e5:7e:39:67:a0:74:3a:1b:c0:
2c:52:de:29:2e:69:1c:95:f2:87:1d:ff:3b:d5:37:39:de:b2:
0f:91:8b:bc:f5:32:f0:e3:33:91:c6:c2:3d:d3:87:81:43:9a:
66:3f:0d:6e:9e:c2:db:b0:d6:eb:7d:80:cd:25:88:6e:0c:28:
3c:78:50:9d:65:69:ac:a5:6d:50:19:c8:66:02:47:96:d7:ac:
0c:70:11:54:d7:a4:94:3c:72:9e:48:8a:f4:30:e3:db:15:05:
84:2b:9e:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYKNrtYLQwNNqN0vJ6l7cGtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjIwODExMTYxMzQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2U2OThlOTFhYWJiODEzNzBlN2Q5YjkzMDY4NzE5MWMyMmRiNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS57cMQN7G//NP5ARc4M1fUarP2C
ROM4KouMque/DTHCVmGwY6pb/SSGWUybcjO3sqjFdDOQZpDylQ0tKX2okiE9qS9d
ATRQbqBSMiyoWymvfR5DXaBaMFDl1UF4McjglaI4XxKJbptRI9e7KPtUslj/esTn
enAbxyJ48kVM5lZg4jAtQZNOH0HqK9gt7fSeZ4CnxSq66asUeyA0AanQ1BFvZTAQ
rnOwOax9+XFsRsBmj6j9KMhqJXgpmZYdcerZA1889bNpmdU+erialhSqrLg3Gmkb
QR+idylegcrKm7/QwgBql+mh+/B8g6VMT811YR2/Yma/Aw9LigN1JNtXVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJPmmOkaq7gTcOfZuTBocZHCLbXtMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvay1hWTZScXJ1Qk53NTltNU1HaHhrY0l0dGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBAjhWAwQA
LY3zAwQALY3+MA0GCSqGSIb3DQEBCwUAA4IBAQCYJbPt4ZZyG4LuPYLoZNfDpsdr
+a8I4TKnK1gnA6eJcYoqRK9HlwafFHEk9lrfE8lXn6f3jnBqZgmUnUuD3I2j150f
vGQKYUCPRnAv6bHg8jQBKexTbkiXhGUYiPXZ3xFJ6GhV/+mZmyLdcqMhZHGRbyEd
bkWyjlNTWTuBQnrHMzHVzUqJaNU0NjbeVCrWiwD94MPLBBhC5UzlfjlnoHQ6G8As
Ut4pLmkclfKHHf871Tc53rIPkYu89TLw4zORxsI904eBQ5pmPw1unsLbsNbrfYDN
JYhuDCg8eFCdZWmspW1QGchmAkeW16wMcBFU16SUPHKeSIr0MOPbFQWEK57H
-----END CERTIFICATE-----
Generated at Sun Apr 27 14:11:43 2025 by rpki-client