Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/1-KjwaF4YtQaIKNgiTevT7PW6u_w.roa
File: 1-KjwaF4YtQaIKNgiTevT7PW6u_w.roa (raw, json)
Hash identifier: s0tWMKIvQaGGIPhvYH0JUmzwjgfYTD1nd7gpy22V/Ig=
Subject key identifier: F8:A8:F0:68:5E:18:B5:06:88:28:D8:22:4D:EB:D3:EC:F5:BA:BB:FC
Certificate issuer: /CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Certificate serial: 0186DF73CEC9F28F5DCD63C07D69ED4E0673
Authority key identifier: EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/1-KjwaF4YtQaIKNgiTevT7PW6u_w.roa
Signing time: Tue 14 Mar 2023 09:29:14 +0000
ROA not before: Tue 14 Mar 2023 09:29:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12325
IP address blocks: 31.14.27.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:df:73:ce:c9:f2:8f:5d:cd:63:c0:7d:69:ed:4e:06:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ebf42e80602aedf58a3c7a81883c1a34f69d2fb4
Validity
Not Before: Mar 14 09:29:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f8a8f0685e18b5068828d8224debd3ecf5babbfc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e1:5b:ac:92:4b:ef:67:48:f6:f6:10:9d:ce:
36:82:a2:b9:7d:3a:91:6b:d9:f5:44:79:3c:cc:e7:
2f:e3:af:f9:ee:8c:49:1b:03:1e:69:eb:83:6a:e5:
fa:d7:af:1b:2d:34:ba:15:f8:1b:98:85:64:76:45:
26:68:1e:0c:ef:67:5e:86:f3:10:70:6c:d0:4f:01:
db:59:7a:3b:21:31:aa:1c:92:53:e5:73:bb:6a:75:
e6:4d:02:ae:66:c4:d6:f1:9c:da:df:42:61:8e:6b:
77:e0:7b:44:2a:24:03:b9:55:b4:ac:79:d0:00:5b:
19:94:70:eb:3b:5e:d8:f0:aa:a9:8b:76:94:60:c3:
f8:2a:c7:85:1c:9e:95:7d:9f:05:b7:a0:62:d4:1d:
fa:7d:8f:ef:31:45:ed:61:3f:0c:e3:79:48:cc:b6:
aa:79:b3:56:13:8d:36:55:e9:20:70:91:52:f1:b1:
02:ef:d7:c9:d3:39:c3:ea:83:84:fc:d3:41:d7:9c:
a0:cf:c9:42:92:d3:f6:71:76:47:5e:77:c3:ab:66:
f0:c7:4d:0d:0e:94:89:f0:64:d7:a5:c2:75:59:09:
75:39:77:b2:b3:ab:a4:d9:e5:dd:20:85:f0:e6:26:
ab:fa:9b:53:84:12:a7:82:1d:80:85:4e:b5:4a:a0:
6a:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:A8:F0:68:5E:18:B5:06:88:28:D8:22:4D:EB:D3:EC:F5:BA:BB:FC
X509v3 Authority Key Identifier:
keyid:EB:F4:2E:80:60:2A:ED:F5:8A:3C:7A:81:88:3C:1A:34:F6:9D:2F:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_QugGAq7fWKPHqBiDwaNPadL7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/1-KjwaF4YtQaIKNgiTevT7PW6u_w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0952d4-4a49-447d-ad3c-1903edafa8bf/1/6_QugGAq7fWKPHqBiDwaNPadL7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.27.0/24
Signature Algorithm: sha256WithRSAEncryption
38:4a:b8:61:8f:7a:17:03:bb:cd:7a:be:e0:bc:15:ff:b1:b7:
b1:65:5d:37:cd:1d:f7:3c:28:dc:37:e9:67:f2:92:75:54:6d:
0a:f3:00:10:a0:b8:2b:10:dc:b5:1e:4f:aa:92:4a:c7:8e:c8:
a2:d1:6c:39:2d:95:d7:85:75:18:68:86:66:58:b4:49:7d:3e:
94:37:33:e3:10:19:d0:47:1c:17:86:9b:61:86:01:0e:e4:8b:
a0:f8:ad:ba:1c:8c:d9:38:76:e9:da:51:d3:85:c6:00:5e:25:
8c:37:04:e4:97:6e:f4:b7:39:6d:e0:04:b2:80:e8:61:16:18:
76:48:59:1f:22:d4:ac:1d:26:0f:02:7b:d2:76:72:17:54:74:
28:e7:d8:ad:b6:ef:c8:6c:13:2f:8f:a8:1a:86:3f:9c:48:5d:
3e:cd:94:e3:bc:6c:9b:b5:e1:ef:c3:e3:b8:38:2c:d7:85:3a:
1c:f5:a0:18:91:09:27:d2:9c:35:0d:b8:00:80:3d:a2:56:c4:
39:d9:ff:4f:78:77:70:ff:83:37:56:4f:b0:30:c3:7d:c6:0e:
53:b3:24:e1:45:ef:3f:e0:a1:5f:ff:da:84:fa:c7:42:d4:db:
21:1f:c1:91:db:ba:99:74:09:9c:38:07:a1:0b:ce:de:c2:f1:
f8:a6:b0:4f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYbfc87J8o9dzWPAfWntTgZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjQyZTgwNjAyYWVkZjU4YTNjN2E4MTg4M2MxYTM0ZjY5
ZDJmYjQwHhcNMjMwMzE0MDkyOTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGE4ZjA2ODVlMThiNTA2ODgyOGQ4MjI0ZGViZDNlY2Y1YmFiYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOFbrJJL72dI9vYQnc42gqK5fTqR
a9n1RHk8zOcv46/57oxJGwMeaeuDauX6168bLTS6FfgbmIVkdkUmaB4M72dehvMQ
cGzQTwHbWXo7ITGqHJJT5XO7anXmTQKuZsTW8Zza30Jhjmt34HtEKiQDuVW0rHnQ
AFsZlHDrO17Y8Kqpi3aUYMP4KseFHJ6VfZ8Ft6Bi1B36fY/vMUXtYT8M43lIzLaq
ebNWE402VekgcJFS8bEC79fJ0znD6oOE/NNB15ygz8lCktP2cXZHXnfDq2bwx00N
DpSJ8GTXpcJ1WQl1OXeys6uk2eXdIIXw5iar+ptThBKngh2AhU61SqBqNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPio8GheGLUGiCjYIk3r0+z1urv8MB8GA1UdIwQY
MBaAFOv0LoBgKu31ijx6gYg8GjT2nS+0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9RdWdHQXE3ZldLUEhxQmlEd2FOUGFkTDdRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wOTUyZDQtNGE0OS00NDdkLWFkM2Mt
MTkwM2VkYWZhOGJmLzEvMS1LandhRjRZdFFhSUtOZ2lUZXZUN1BXNnVfdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDEvMDk1MmQ0LTRhNDktNDQ3ZC1hZDNjLTE5MDNlZGFmYThi
Zi8xLzZfUXVnR0FxN2ZXS1BIcUJpRHdhTlBhZEw3US5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAB8OGzAN
BgkqhkiG9w0BAQsFAAOCAQEAOEq4YY96FwO7zXq+4LwV/7G3sWVdN80d9zwo3Dfp
Z/KSdVRtCvMAEKC4KxDctR5PqpJKx47IotFsOS2V14V1GGiGZli0SX0+lDcz4xAZ
0EccF4abYYYBDuSLoPituhyM2Th26dpR04XGAF4ljDcE5Jdu9Lc5beAEsoDoYRYY
dkhZHyLUrB0mDwJ70nZyF1R0KOfYrbbvyGwTL4+oGoY/nEhdPs2U47xsm7Xh78Pj
uDgs14U6HPWgGJEJJ9KcNQ24AIA9olbEOdn/T3h3cP+DN1ZPsDDDfcYOU7Mk4UXv
P+ChX//ahPrHQtTbIR/Bkdu6mXQJnDgHoQvO3sLx+KawTw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:46:53 2025 by rpki-client