Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/rT-axA-p2KIh7d7a2W1TAUngs5w.roa
File: rT-axA-p2KIh7d7a2W1TAUngs5w.roa (raw, json)
Hash identifier: /D/OXcZYNK2pP528VnHbNToDXrbBapq35rRXHkR+kos=
Subject key identifier: AD:3F:9A:C4:0F:A9:D8:A2:21:ED:DE:DA:D9:6D:53:01:49:E0:B3:9C
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 018CC26CF65586B2DF288F495BE7DF8635DB
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/rT-axA-p2KIh7d7a2W1TAUngs5w.roa
Signing time: Mon 01 Jan 2024 00:29:30 +0000
ROA not before: Mon 01 Jan 2024 00:29:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202513
IP address blocks: 45.141.240.0/23 maxlen: 23
45.141.252.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6c:f6:55:86:b2:df:28:8f:49:5b:e7:df:86:35:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Jan 1 00:29:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ad3f9ac40fa9d8a221eddedad96d530149e0b39c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:56:f3:66:21:4c:9a:08:2d:a8:b4:0a:fa:da:
37:09:ac:eb:4b:1e:50:65:4f:af:52:77:67:c4:df:
aa:27:7d:46:28:a7:7f:0b:78:ef:51:b3:c6:87:63:
94:16:e2:9d:c0:03:05:96:50:36:d0:7d:5b:e2:f0:
13:8a:b7:a7:e0:07:9a:0d:7a:41:72:10:2c:d7:2a:
f3:a6:36:bf:72:10:73:98:a4:4e:13:27:12:e5:a1:
08:1b:bd:f5:6f:e0:5c:71:17:de:ed:60:f4:dd:02:
62:c7:53:0f:06:e9:5f:a5:a9:d4:37:2d:c4:55:59:
2c:95:bd:1f:c5:aa:32:a5:41:38:5c:3b:cc:5f:db:
a0:38:10:2f:c9:7c:ec:a5:76:dc:57:41:dd:b0:aa:
6b:4d:23:e8:a9:b8:e1:0e:7d:ff:02:78:91:24:09:
f1:9d:7d:ed:75:f8:4e:bd:ea:b1:13:3c:2e:7c:74:
38:33:a6:00:9a:8f:75:88:dd:9b:3d:fd:99:f1:4a:
23:be:59:8d:66:f4:e0:51:0e:c4:b5:18:9c:a7:ce:
96:13:9c:2e:78:bf:cd:33:93:78:c1:01:ff:6b:8e:
2c:65:cb:ec:4f:da:a8:83:8d:e1:2b:42:02:2a:b9:
fd:fa:27:c5:e5:33:e3:d0:41:06:82:34:aa:72:2f:
38:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:3F:9A:C4:0F:A9:D8:A2:21:ED:DE:DA:D9:6D:53:01:49:E0:B3:9C
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/rT-axA-p2KIh7d7a2W1TAUngs5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.240.0/23
45.141.252.0/23
Signature Algorithm: sha256WithRSAEncryption
4b:eb:6b:70:4a:2c:22:37:9e:89:a9:be:d2:06:13:cc:bd:53:
c5:9a:0d:e2:ba:9b:1a:b0:50:05:a8:32:cf:34:cc:35:65:fe:
90:d2:ea:b4:63:b0:e1:c5:2d:e5:25:41:4b:38:ae:26:99:51:
87:c9:b0:a7:fa:98:ce:e5:6a:71:e3:47:c1:d8:a7:4d:ed:35:
91:a6:b8:3c:85:7a:33:ff:31:18:d4:c3:7c:80:35:23:d6:ed:
8c:2c:13:36:55:81:41:f6:88:de:ca:96:be:a1:ff:4c:e6:04:
dc:be:d9:58:77:1f:29:8c:3d:f6:ae:3b:b2:2f:df:03:39:3d:
17:a6:b6:aa:fe:aa:92:b9:16:d7:40:9a:37:db:29:e2:b7:c8:
ab:73:28:05:7f:96:e8:fe:cb:85:6f:34:03:6c:21:45:4b:6c:
3e:25:81:3c:a6:17:ef:11:1b:a1:01:9c:2d:ca:49:10:30:66:
43:17:89:60:ea:81:ac:57:35:89:f9:b5:89:15:a7:c0:f1:1e:
c6:c9:04:16:29:6b:e5:8b:d6:26:e9:7f:68:a1:aa:3f:95:49:
1f:fb:1c:91:99:47:8d:9e:b9:70:7b:f2:89:d4:a1:93:fd:00:
69:cd:31:32:fc:dd:40:7a:86:77:db:e0:6c:34:f0:3c:a9:4d:
6a:bd:8e:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbPZVhrLfKI9JW+ffhjXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNmOWFjNDBmYTlkOGEyMjFlZGRlZGFkOTZkNTMwMTQ5ZTBiMzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVbzZiFMmggtqLQK+to3CazrSx5Q
ZU+vUndnxN+qJ31GKKd/C3jvUbPGh2OUFuKdwAMFllA20H1b4vATiren4AeaDXpB
chAs1yrzpja/chBzmKROEycS5aEIG731b+BccRfe7WD03QJix1MPBulfpanUNy3E
VVkslb0fxaoypUE4XDvMX9ugOBAvyXzspXbcV0HdsKprTSPoqbjhDn3/AniRJAnx
nX3tdfhOveqxEzwufHQ4M6YAmo91iN2bPf2Z8UojvlmNZvTgUQ7EtRicp86WE5wu
eL/NM5N4wQH/a44sZcvsT9qog43hK0ICKrn9+ifF5TPj0EEGgjSqci845wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK0/msQPqdiiIe3e2tltUwFJ4LOcMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvclQtYXhBLXAyS0loN2Q3YTJXMVRBVW5nczV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY3wAwQB
LY38MA0GCSqGSIb3DQEBCwUAA4IBAQBL62twSiwiN56Jqb7SBhPMvVPFmg3iupsa
sFAFqDLPNMw1Zf6Q0uq0Y7DhxS3lJUFLOK4mmVGHybCn+pjO5Wpx40fB2KdN7TWR
prg8hXoz/zEY1MN8gDUj1u2MLBM2VYFB9ojeypa+of9M5gTcvtlYdx8pjD32rjuy
L98DOT0Xpraq/qqSuRbXQJo32ynit8ircygFf5bo/suFbzQDbCFFS2w+JYE8phfv
ERuhAZwtykkQMGZDF4lg6oGsVzWJ+bWJFafA8R7GyQQWKWvli9Ym6X9ooao/lUkf
+xyRmUeNnrlwe/KJ1KGT/QBpzTEy/N1AeoZ32+BsNPA8qU1qvY67
-----END CERTIFICATE-----
Generated at Tue Feb 27 01:00:41 2024 by rpki-client on console.sobornost.net