Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/x4Wo11fabvfd7Q6wFcA0B7KEUE4.roa
File: x4Wo11fabvfd7Q6wFcA0B7KEUE4.roa (raw, json)
Hash identifier: vaAe5uyha0l5qZDodIYr4nUW+MBRg1oFHc7HEA22haY=
Subject key identifier: C7:85:A8:D7:57:DA:6E:F7:DD:ED:0E:B0:15:C0:34:07:B2:84:50:4E
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 0190493F29414D543B2E4DCF3890BE8B6713
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/x4Wo11fabvfd7Q6wFcA0B7KEUE4.roa
Signing time: Mon 24 Jun 2024 07:56:34 +0000
ROA not before: Mon 24 Jun 2024 07:56:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209235
IP address blocks: 45.141.240.0/23 maxlen: 23
2a09:c0c0::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:49:3f:29:41:4d:54:3b:2e:4d:cf:38:90:be:8b:67:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Jun 24 07:56:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c785a8d757da6ef7dded0eb015c03407b284504e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:bc:42:02:43:4a:5d:e6:a4:a0:48:e6:90:e9:
08:4d:76:c1:d5:9d:7b:40:0a:24:68:2e:1b:c0:bf:
6a:99:d8:12:1e:00:8a:ab:71:d0:db:74:49:b3:1b:
93:ce:27:af:72:ab:5b:8a:b8:f8:d2:de:68:87:50:
2c:39:90:f7:d6:b6:a3:1c:26:d8:52:5b:86:16:f0:
0e:00:8c:1d:ff:b0:42:42:81:12:2a:a5:e3:e2:4a:
be:aa:e2:08:ee:df:0c:bb:92:20:fd:ea:7f:1d:56:
62:d4:47:d8:28:38:af:a4:04:5f:e8:32:53:fb:7e:
f5:9c:06:a1:eb:a8:76:ad:cf:68:eb:eb:aa:0c:61:
63:d0:28:94:6a:35:be:37:03:8c:02:f0:20:c4:55:
65:65:d4:3d:09:84:e6:26:42:65:f5:f0:9c:36:0e:
a6:a6:2e:d1:1f:56:8d:18:e8:f0:9b:16:82:6e:6c:
10:2f:1d:60:d3:dc:33:df:57:99:b2:0e:e1:7e:59:
2e:db:15:81:d3:d6:51:19:68:04:c2:0c:02:81:af:
dc:95:5c:30:1a:e3:be:1c:86:1b:b0:e7:41:f8:30:
91:6a:c7:89:a1:20:4c:7a:54:10:42:29:5c:1f:7d:
90:d7:d9:29:f0:10:2b:4c:5c:ac:fa:0c:13:fd:61:
e7:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:85:A8:D7:57:DA:6E:F7:DD:ED:0E:B0:15:C0:34:07:B2:84:50:4E
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/x4Wo11fabvfd7Q6wFcA0B7KEUE4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.240.0/23
IPv6:
2a09:c0c0::/29
Signature Algorithm: sha256WithRSAEncryption
28:ce:7d:0a:31:e5:7b:fa:30:d2:ae:a7:64:e7:e7:85:c5:61:
db:a8:51:e8:8f:e0:6f:62:f7:be:3b:cb:58:5f:92:a9:51:f5:
7e:db:ac:47:6d:1f:77:99:5a:96:52:08:6a:f3:53:70:4b:84:
bd:21:84:f1:2e:a5:5f:6a:96:63:6f:1e:a5:f8:ef:6d:11:0b:
fe:60:c1:20:fe:82:ce:e0:bc:3a:33:69:2c:85:d5:24:6c:cb:
9e:72:13:9c:ae:20:98:ae:2a:85:b4:ef:95:ad:72:27:d0:f5:
f1:3a:34:d4:bf:36:a4:34:d7:78:34:83:e4:dd:2f:4c:7f:59:
63:8a:04:ec:c6:6f:47:4f:23:c1:03:b3:24:21:1f:6a:9d:d9:
68:99:32:03:fa:30:22:ab:f9:5e:33:a3:2d:f8:25:dc:79:e9:
ee:7d:86:55:82:04:32:ed:6d:9c:3d:c4:6d:b4:25:1c:36:56:
d7:79:b4:ef:45:3d:9e:cf:e1:4f:7c:fa:9d:6b:7e:97:85:f1:
5c:eb:52:27:fc:19:0e:eb:3b:a9:e9:e2:3b:7a:3a:46:62:6a:
fb:f3:36:f1:44:b9:9d:92:88:ad:fd:9d:4a:1c:a2:ac:3b:e4:
2b:66:dc:d4:02:c7:e5:50:2d:1d:1a:8e:a6:57:6d:7a:33:86:
60:91:b4:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBJPylBTVQ7Lk3POJC+i2cTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjQwNjI0MDc1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzg1YThkNzU3ZGE2ZWY3ZGRlZDBlYjAxNWMwMzQwN2IyODQ1MDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7xCAkNKXeakoEjmkOkITXbB1Z17
QAokaC4bwL9qmdgSHgCKq3HQ23RJsxuTzievcqtbirj40t5oh1AsOZD31rajHCbY
UluGFvAOAIwd/7BCQoESKqXj4kq+quII7t8Mu5Ig/ep/HVZi1EfYKDivpARf6DJT
+371nAah66h2rc9o6+uqDGFj0CiUajW+NwOMAvAgxFVlZdQ9CYTmJkJl9fCcNg6m
pi7RH1aNGOjwmxaCbmwQLx1g09wz31eZsg7hflku2xWB09ZRGWgEwgwCga/clVww
GuO+HIYbsOdB+DCRaseJoSBMelQQQilcH32Q19kp8BArTFys+gwT/WHnyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMeFqNdX2m733e0OsBXANAeyhFBOMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEveDRXbzExZmFidmZkN1E2d0ZjQTBCN0tFVUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLY3wMA0E
AgACMAcDBQMqCcDAMA0GCSqGSIb3DQEBCwUAA4IBAQAozn0KMeV7+jDSrqdk5+eF
xWHbqFHoj+BvYve+O8tYX5KpUfV+26xHbR93mVqWUghq81NwS4S9IYTxLqVfapZj
bx6l+O9tEQv+YMEg/oLO4Lw6M2kshdUkbMuechOcriCYriqFtO+VrXIn0PXxOjTU
vzakNNd4NIPk3S9Mf1ljigTsxm9HTyPBA7MkIR9qndlomTID+jAiq/leM6Mt+CXc
eenufYZVggQy7W2cPcRttCUcNlbXebTvRT2ez+FPfPqda36XhfFc61In/BkO6zup
6eI7ejpGYmr78zbxRLmdkoit/Z1KHKKsO+QrZtzUAsflUC0dGo6mV216M4ZgkbQp
-----END CERTIFICATE-----
Generated at Sun Apr 27 17:49:06 2025 by rpki-client