Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/Co5RYLgmB11AbVS9wJgL3bpevjo.roa
File: Co5RYLgmB11AbVS9wJgL3bpevjo.roa (raw, json)
Hash identifier: DaJV8DnxHluVF+Hzq8+HBmYUX7/q2QpnEsfDFAkAuPc=
Subject key identifier: 0A:8E:51:60:B8:26:07:5D:40:6D:54:BD:C0:98:0B:DD:BA:5E:BE:3A
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 0253C55E
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/Co5RYLgmB11AbVS9wJgL3bpevjo.roa
Signing time: Sat 01 Jan 2022 14:08:29 +0000
ROA not before: Sat 01 Jan 2022 14:08:29 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202349
IP address blocks: 2.56.86.0/23 maxlen: 24
2.56.87.0/24 maxlen: 24
45.141.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 39044446 (0x253c55e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Jan 1 14:08:29 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0a8e5160b826075d406d54bdc0980bddba5ebe3a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:f0:f0:da:81:40:cf:e0:93:6b:07:91:2f:16:
ce:56:f8:13:07:ad:6a:83:2a:0e:54:cc:77:f6:28:
a9:af:32:86:97:6e:26:a9:fc:fc:a3:8a:9a:cc:fa:
46:19:38:97:27:2d:fa:17:4b:1a:d5:fb:46:01:f9:
18:87:a9:b9:04:71:1e:f9:55:ad:5d:62:59:d7:b5:
ad:09:c7:e7:f5:5b:38:76:42:bc:34:1b:cd:0a:42:
0f:2d:93:18:8a:06:a6:8a:5b:28:49:d6:b5:3c:79:
61:61:5a:66:4f:69:a3:78:85:d4:8d:b7:de:8d:48:
6e:8f:fd:0a:c4:0d:4f:9f:d1:6f:66:e4:bc:f2:30:
50:bb:c7:0d:70:a4:e4:29:a2:72:68:e5:ef:b6:65:
c3:ab:93:a5:d4:99:51:19:75:b0:b1:a7:4f:17:67:
36:41:a5:9a:9f:21:ab:64:13:b3:6d:bd:82:4f:bd:
6c:6f:25:cc:ec:c7:3a:f8:41:4d:89:c3:7e:4f:69:
d2:ed:8d:ac:92:de:57:b0:21:a3:b3:58:a2:4e:2e:
b5:b7:b5:03:98:65:91:ee:7a:b0:46:60:6f:86:a0:
db:7f:89:fb:46:f7:09:6f:35:94:93:7b:8d:83:18:
41:3a:be:9f:58:01:41:5f:51:6a:71:12:6f:4a:f3:
7e:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:8E:51:60:B8:26:07:5D:40:6D:54:BD:C0:98:0B:DD:BA:5E:BE:3A
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/Co5RYLgmB11AbVS9wJgL3bpevjo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.86.0/23
45.141.254.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:ff:2e:b1:9d:ad:a2:28:85:81:0f:2d:fb:c4:47:cd:48:51:
98:b1:91:21:6e:56:f7:0f:c4:26:9e:e2:19:11:b9:06:3e:2b:
83:a7:a6:22:a4:6e:20:5e:57:0f:ee:5b:6e:01:67:5f:39:be:
fe:48:ba:f0:37:54:46:bf:ec:7b:6c:cd:20:59:00:84:61:48:
1f:ad:ac:d9:85:75:b7:5c:5c:c5:61:21:f1:33:f2:8c:ca:6b:
87:b1:7f:4c:60:70:71:25:91:a5:62:ef:20:ab:96:d7:ef:44:
13:90:d4:d1:77:d7:64:e4:5d:a7:ee:4e:05:6a:cd:8c:53:8d:
db:eb:63:1b:83:72:e8:b9:45:c7:f9:d5:dd:7a:84:f0:4c:f8:
6d:6a:44:06:47:c0:2b:8a:a5:ef:5f:47:2f:50:98:f2:61:3c:
0c:85:58:80:63:b3:f3:a4:59:d7:31:7c:08:be:a5:f6:3a:05:
0e:65:b5:7a:3a:d3:da:52:c9:ce:e4:5f:2a:53:1b:11:ae:27:
3e:89:f7:92:4f:cd:49:ea:e6:b9:50:eb:d1:b4:6d:bd:37:e7:
5b:86:0a:7a:50:0d:9e:9e:cd:df:08:5b:28:2d:22:45:ee:77:
72:07:72:0d:d7:4b:c3:09:c3:56:c8:0d:4d:32:38:60:33:a8:
93:cc:79:80
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEAlPFXjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
MmM3OGVlZWY3YWNiNDUxZmMzNzU3NWZlYjkxMTRkZmNjYzFjZGZiMB4XDTIyMDEw
MTE0MDgyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGE4ZTUxNjBiODI2
MDc1ZDQwNmQ1NGJkYzA5ODBiZGRiYTVlYmUzYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL3w8NqBQM/gk2sHkS8Wzlb4EwetaoMqDlTMd/Yoqa8yhpdu
Jqn8/KOKmsz6Rhk4lyct+hdLGtX7RgH5GIepuQRxHvlVrV1iWde1rQnH5/VbOHZC
vDQbzQpCDy2TGIoGpopbKEnWtTx5YWFaZk9po3iF1I233o1Ibo/9CsQNT5/Rb2bk
vPIwULvHDXCk5Cmicmjl77Zlw6uTpdSZURl1sLGnTxdnNkGlmp8hq2QTs229gk+9
bG8lzOzHOvhBTYnDfk9p0u2NrJLeV7Aho7NYok4utbe1A5hlke56sEZgb4ag23+J
+0b3CW81lJN7jYMYQTq+n1gBQV9RanESb0rzfo8CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQKjlFguCYHXUBtVL3AmAvdul6+OjAfBgNVHSMEGDAWgBQyx47u96y0Ufw3
V1/rkRTfzMHN+zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L01zZU83dmVzdEZIOE4xZGY2NUVVMzh6Qnpmcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjQvMjI1YmNiLTZkM2QtNGMwZS04MjRmLTJmMWM4ZTQwOGI2NC8x
L0NvNVJZTGdtQjExQWJWUzl3SmdMM2JwZXZqby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQv
MjI1YmNiLTZkM2QtNGMwZS04MjRmLTJmMWM4ZTQwOGI2NC8xL01zZU83dmVzdEZI
OE4xZGY2NUVVMzh6Qnpmcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAQI4VgMEAC2N/jANBgkqhkiG9w0B
AQsFAAOCAQEAXf8usZ2toiiFgQ8t+8RHzUhRmLGRIW5W9w/EJp7iGRG5Bj4rg6em
IqRuIF5XD+5bbgFnXzm+/ki68DdURr/se2zNIFkAhGFIH62s2YV1t1xcxWEh8TPy
jMprh7F/TGBwcSWRpWLvIKuW1+9EE5DU0XfXZORdp+5OBWrNjFON2+tjG4Ny6LlF
x/nV3XqE8Ez4bWpEBkfAK4ql719HL1CY8mE8DIVYgGOz86RZ1zF8CL6l9joFDmW1
ejrT2lLJzuRfKlMbEa4nPon3kk/NSermuVDr0bRtvTfnW4YKelANnp7N3whbKC0i
Re53cgdyDddLwwnDVsgNTTI4YDOok8x5gA==
-----END CERTIFICATE-----
Generated at Wed May 7 02:44:32 2025 by rpki-client