Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/nb5PYLk8H1oA_p8M5BjKGq0KutU.roa
File: nb5PYLk8H1oA_p8M5BjKGq0KutU.roa (raw, json)
Hash identifier: jQ5w0ZC5nLmAqO09eDC80iB8OIPTfPq6Xjsa4uKUVgk=
Subject key identifier: 9D:BE:4F:60:B9:3C:1F:5A:00:FE:9F:0C:E4:18:CA:1A:AD:0A:BA:D5
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 0185093393FFB3EA180BAF3C17384E1360C7
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/nb5PYLk8H1oA_p8M5BjKGq0KutU.roa
Signing time: Tue 13 Dec 2022 01:57:33 +0000
ROA not before: Tue 13 Dec 2022 01:57:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209235
IP address blocks: 2.56.84.0/24 maxlen: 24
2.56.85.0/24 maxlen: 24
45.141.242.0/24 maxlen: 24
45.141.255.0/24 maxlen: 24
193.38.224.0/24 maxlen: 24
2a09:c0c0::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:09:33:93:ff:b3:ea:18:0b:af:3c:17:38:4e:13:60:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Dec 13 01:57:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9dbe4f60b93c1f5a00fe9f0ce418ca1aad0abad5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:9d:be:ac:24:63:da:3e:07:eb:b7:50:e3:b5:
64:0d:dd:06:d1:26:30:72:4f:d1:80:f9:67:56:1a:
8a:e0:21:e2:df:ca:46:ee:1e:50:ca:40:88:8b:ca:
26:e0:84:b5:59:30:11:ad:59:2a:9d:28:83:f3:75:
b7:43:39:8b:d2:8f:c3:1d:a0:b6:19:80:bc:67:30:
f2:1c:77:39:9f:24:f2:48:7b:eb:73:21:ee:4c:67:
99:ed:c0:ce:7d:4b:fc:6d:dc:93:49:b7:66:e0:ee:
4d:f6:bd:18:62:b7:1d:26:53:58:c9:4e:54:d1:c9:
84:f1:98:a2:1d:64:26:8b:79:1e:d8:07:e4:38:f1:
fa:e7:3d:24:96:00:dd:c2:98:e1:b9:19:f4:35:1c:
da:f7:af:2a:07:20:c0:bd:85:c0:99:6d:53:9c:21:
c7:01:40:2c:38:b6:f2:a8:c9:58:21:d6:b4:85:7d:
90:0e:79:83:22:27:38:0f:70:bf:23:50:ff:9c:62:
dc:75:89:5f:68:33:21:c8:bd:8a:95:a1:02:8b:f8:
f0:fb:1c:a3:57:f6:af:51:f7:35:45:b2:68:b5:d9:
31:dd:aa:30:e4:53:4f:b4:fb:05:fa:04:e2:70:a9:
5f:34:ba:96:0c:18:3c:a0:8f:8c:a6:e7:c8:f6:5d:
cc:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:BE:4F:60:B9:3C:1F:5A:00:FE:9F:0C:E4:18:CA:1A:AD:0A:BA:D5
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/nb5PYLk8H1oA_p8M5BjKGq0KutU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.84.0/23
45.141.242.0/24
45.141.255.0/24
193.38.224.0/24
IPv6:
2a09:c0c0::/29
Signature Algorithm: sha256WithRSAEncryption
29:70:ee:37:11:73:6d:79:f8:89:18:e2:10:67:59:26:45:ed:
a0:58:e3:f1:cb:55:cd:34:ce:7c:d5:33:08:14:35:25:d3:28:
bc:65:86:d8:7f:03:8f:2b:7d:71:3f:a6:3e:af:47:2a:34:03:
a6:1a:9b:1c:b8:8c:5c:45:1a:3b:55:d9:69:bf:8a:d5:18:fc:
f1:6a:43:25:c8:45:cf:8f:c2:2a:86:99:6d:c2:3c:62:30:e8:
86:30:43:90:20:56:ac:81:24:6e:50:23:2f:b9:5f:2f:59:1a:
df:db:d7:75:ad:29:39:0e:91:b7:16:74:36:14:45:9a:a0:ed:
44:b0:ef:38:d8:6f:49:51:cf:23:ba:d4:59:47:05:de:23:ee:
72:70:49:e1:9c:20:24:61:4b:f3:d5:31:94:47:b2:38:f8:df:
05:f8:03:d0:0a:b9:12:11:36:2b:93:07:e2:81:04:ef:54:04:
1d:fb:b8:c3:50:92:e1:65:ce:aa:97:aa:67:7b:d4:ca:85:7b:
9b:8b:25:23:88:d4:7f:65:6d:10:ef:6c:85:9b:93:0d:eb:c3:
56:7b:fc:84:79:e0:88:37:52:8c:19:39:f8:29:b1:24:34:de:
0c:97:71:11:1b:35:ff:62:f6:bb:07:9f:f6:20:97:73:13:a4:
f2:52:d9:4f
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYUJM5P/s+oYC688FzhOE2DHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjIxMjEzMDE1NzMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGJlNGY2MGI5M2MxZjVhMDBmZTlmMGNlNDE4Y2ExYWFkMGFiYWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq52+rCRj2j4H67dQ47VkDd0G0SYw
ck/RgPlnVhqK4CHi38pG7h5QykCIi8om4IS1WTARrVkqnSiD83W3QzmL0o/DHaC2
GYC8ZzDyHHc5nyTySHvrcyHuTGeZ7cDOfUv8bdyTSbdm4O5N9r0YYrcdJlNYyU5U
0cmE8ZiiHWQmi3ke2AfkOPH65z0klgDdwpjhuRn0NRza968qByDAvYXAmW1TnCHH
AUAsOLbyqMlYIda0hX2QDnmDIic4D3C/I1D/nGLcdYlfaDMhyL2KlaECi/jw+xyj
V/avUfc1RbJotdkx3aow5FNPtPsF+gTicKlfNLqWDBg8oI+MpufI9l3MhwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJ2+T2C5PB9aAP6fDOQYyhqtCrrVMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvbmI1UFlMazhIMW9BX3A4TTVCaktHcTBLdXRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBAjhUAwQA
LY3yAwQALY3/AwQAwSbgMA0EAgACMAcDBQMqCcDAMA0GCSqGSIb3DQEBCwUAA4IB
AQApcO43EXNtefiJGOIQZ1kmRe2gWOPxy1XNNM581TMIFDUl0yi8ZYbYfwOPK31x
P6Y+r0cqNAOmGpscuIxcRRo7Vdlpv4rVGPzxakMlyEXPj8IqhpltwjxiMOiGMEOQ
IFasgSRuUCMvuV8vWRrf29d1rSk5DpG3FnQ2FEWaoO1EsO842G9JUc8jutRZRwXe
I+5ycEnhnCAkYUvz1TGUR7I4+N8F+APQCrkSETYrkwfigQTvVAQd+7jDUJLhZc6q
l6pne9TKhXubiyUjiNR/ZW0Q72yFm5MN68NWe/yEeeCIN1KMGTn4KbEkNN4Ml3ER
GzX/Yva7B5/2IJdzE6TyUtlP
-----END CERTIFICATE-----
Generated at Mon Apr 28 06:08:45 2025 by rpki-client