Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OZtKhE5MQ-k6ahatVUuQSQW5kVo.roa
File: OZtKhE5MQ-k6ahatVUuQSQW5kVo.roa (raw, json)
Hash identifier: RaE2hWO+jipSGa25wbj/5f3xKagjViBxfUZEMEhlsds=
Subject key identifier: 39:9B:4A:84:4E:4C:43:E9:3A:6A:16:AD:55:4B:90:49:05:B9:91:5A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01942824D0BA87F69F5D5AB60FDC2D0C671F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OZtKhE5MQ-k6ahatVUuQSQW5kVo.roa
Signing time: Thu 02 Jan 2025 17:51:28 +0000
ROA not before: Thu 02 Jan 2025 17:51:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215691
IP address blocks: 171.22.18.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:d0:ba:87:f6:9f:5d:5a:b6:0f:dc:2d:0c:67:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 2 17:51:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=399b4a844e4c43e93a6a16ad554b904905b9915a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:36:ec:d6:bf:4b:95:6c:25:67:5f:03:f1:a3:
09:52:f8:15:76:d5:a4:23:9d:5e:d6:82:0c:da:a3:
3f:4c:08:79:32:ec:31:98:11:a7:cf:9b:4e:37:2d:
6f:b9:88:9d:75:3c:4d:5c:37:e4:8f:26:aa:57:3a:
2e:9e:8b:92:0a:08:2f:85:f3:d3:59:b0:f0:54:e4:
7a:19:1c:27:be:31:57:9a:d0:6a:51:24:92:cc:b0:
b4:75:1b:c3:26:32:a2:cb:85:8e:75:1f:b6:dc:67:
be:43:4d:f0:04:a5:d2:5d:54:5c:7d:b0:82:7c:ef:
c8:ef:24:2b:59:45:87:b9:fc:87:bf:15:39:12:f5:
ba:3b:6b:30:fe:3e:90:64:f1:e0:e2:fd:06:55:a4:
98:27:12:e9:f3:0e:6f:65:97:b0:60:5e:ec:12:74:
c6:8f:ce:5d:14:b4:10:68:63:11:9f:c1:96:9a:dc:
ce:2b:ed:15:c3:4a:dd:d2:d4:5f:a0:b1:31:9b:d1:
78:b6:f4:65:d5:23:9b:92:23:d1:7b:bf:e8:3f:3b:
a9:9d:93:13:10:dd:08:33:96:29:34:33:2d:2d:ba:
81:97:fb:55:84:da:a1:69:b3:59:cb:66:cb:9c:ca:
72:f1:d6:eb:14:33:ed:05:ae:53:fe:cf:c0:8f:08:
f5:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:9B:4A:84:4E:4C:43:E9:3A:6A:16:AD:55:4B:90:49:05:B9:91:5A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OZtKhE5MQ-k6ahatVUuQSQW5kVo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.22.18.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:0e:33:be:f8:97:20:de:11:ef:ab:9d:62:07:aa:ce:f8:f5:
b3:6b:99:bf:fb:2b:7f:be:f2:49:56:2c:c6:e1:94:4e:b9:02:
27:56:25:13:16:a5:27:a0:3b:1d:eb:6b:bb:61:9e:54:81:7c:
3f:45:93:b7:56:87:67:fd:be:ff:a2:ff:43:e1:1b:e6:7e:87:
e8:be:e3:52:a1:49:06:1c:0c:8c:91:1b:de:df:d5:3e:25:8f:
43:4c:7c:d2:bd:9d:fe:e8:db:d0:0d:d7:bf:08:11:f3:54:28:
b1:bc:ba:ad:a2:38:6c:d2:54:5f:37:fa:2a:0d:f3:a3:53:6b:
9f:b8:8b:e4:46:6a:9a:fa:84:c9:04:7d:7a:d8:2d:fb:e5:8e:
04:ec:6c:66:db:bb:f4:58:10:5b:46:46:ee:7d:ad:4e:ab:59:
32:f7:b8:1c:9e:86:63:47:09:bb:91:44:d3:a0:a7:b1:0a:72:
1f:6f:7a:a7:0b:cb:10:02:45:9a:e8:7b:8e:df:66:5e:67:65:
8f:cd:52:54:1a:ee:59:b4:66:b5:06:fa:93:e6:98:4d:13:6c:
ce:b9:c8:f1:7f:78:c4:c9:d6:5a:4a:e9:d3:e4:35:84:77:ae:
0d:18:aa:57:f6:09:52:05:58:3c:7e:ea:86:09:01:10:95:56:
43:05:b7:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJNC6h/afXVq2D9wtDGcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTliNGE4NDRlNGM0M2U5M2E2YTE2YWQ1NTRiOTA0OTA1Yjk5MTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTbs1r9LlWwlZ18D8aMJUvgVdtWk
I51e1oIM2qM/TAh5MuwxmBGnz5tONy1vuYiddTxNXDfkjyaqVzounouSCggvhfPT
WbDwVOR6GRwnvjFXmtBqUSSSzLC0dRvDJjKiy4WOdR+23Ge+Q03wBKXSXVRcfbCC
fO/I7yQrWUWHufyHvxU5EvW6O2sw/j6QZPHg4v0GVaSYJxLp8w5vZZewYF7sEnTG
j85dFLQQaGMRn8GWmtzOK+0Vw0rd0tRfoLExm9F4tvRl1SObkiPRe7/oPzupnZMT
EN0IM5YpNDMtLbqBl/tVhNqhabNZy2bLnMpy8dbrFDPtBa5T/s/Ajwj12QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmbSoROTEPpOmoWrVVLkEkFuZFaMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT1p0S2hFNU1RLWs2YWhhdFZVdVFTUVc1a1ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxYSMA0G
CSqGSIb3DQEBCwUAA4IBAQCqDjO++Jcg3hHvq51iB6rO+PWza5m/+yt/vvJJVizG
4ZROuQInViUTFqUnoDsd62u7YZ5UgXw/RZO3Vodn/b7/ov9D4RvmfofovuNSoUkG
HAyMkRve39U+JY9DTHzSvZ3+6NvQDde/CBHzVCixvLqtojhs0lRfN/oqDfOjU2uf
uIvkRmqa+oTJBH162C375Y4E7Gxm27v0WBBbRkbufa1Oq1ky97gcnoZjRwm7kUTT
oKexCnIfb3qnC8sQAkWa6HuO32ZeZ2WPzVJUGu5ZtGa1BvqT5phNE2zOucjxf3jE
ydZaSunT5DWEd64NGKpX9glSBVg8fuqGCQEQlVZDBbcO
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:32:05 2025 by rpki-client