Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/8BcDvXHtVNzsRgmr1iezc3L-9Sk.roa
File: 8BcDvXHtVNzsRgmr1iezc3L-9Sk.roa (raw, json)
Hash identifier: dqlBd5FuSW+kGgloj8BsdOOaWXxJm8bypKkhf1SNSZo=
Subject key identifier: F0:17:03:BD:71:ED:54:DC:EC:46:09:AB:D6:27:B3:73:72:FE:F5:29
Certificate issuer: /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial: 018CC72625EEE6F4F0378C60A7969BD0399A
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/8BcDvXHtVNzsRgmr1iezc3L-9Sk.roa
Signing time: Mon 01 Jan 2024 22:30:15 +0000
ROA not before: Mon 01 Jan 2024 22:30:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59729
IP address blocks: 193.200.199.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:26:25:ee:e6:f4:f0:37:8c:60:a7:96:9b:d0:39:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Validity
Not Before: Jan 1 22:30:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f01703bd71ed54dcec4609abd627b37372fef529
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:79:10:85:3a:25:bb:23:1e:0e:86:64:d7:50:
aa:44:1a:91:3d:f6:37:00:47:2f:de:41:00:86:a6:
5e:4e:5c:f3:18:bb:c2:9a:d4:af:5e:11:80:73:91:
4b:cc:f3:8c:c4:92:98:f2:2e:16:0f:3b:74:f8:a2:
5f:60:ac:64:22:c7:b1:87:cb:70:a8:05:95:09:e8:
94:79:5b:16:e4:78:eb:4b:9d:14:5b:ae:38:db:0c:
98:df:44:83:cd:dd:42:0b:c2:ef:8f:44:b0:b5:6f:
af:c1:14:94:a8:64:88:1c:ba:d2:be:a4:a9:9f:95:
ac:0a:13:bf:28:50:11:23:68:ae:99:85:d7:0b:af:
91:a7:1e:6c:b8:c4:a3:01:55:61:87:d7:d1:7b:c9:
0c:9f:25:5e:29:94:41:b0:b3:a3:06:e7:50:76:eb:
e4:65:9d:a5:1f:92:8e:8b:d1:ac:05:dd:49:80:32:
3c:2a:b1:ab:cf:48:36:9b:46:e3:15:c6:ea:7c:db:
95:94:8f:93:e3:cf:5b:8a:26:6e:4e:a0:0c:e2:0f:
85:86:d5:4f:53:bd:cd:18:9b:ee:0c:95:53:4e:bc:
e8:65:2a:c3:e5:cc:3a:e9:25:c0:0a:fe:c9:d2:0a:
07:d9:65:7f:f1:0b:5c:e1:86:94:83:57:d5:76:c3:
f4:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:17:03:BD:71:ED:54:DC:EC:46:09:AB:D6:27:B3:73:72:FE:F5:29
X509v3 Authority Key Identifier:
keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/8BcDvXHtVNzsRgmr1iezc3L-9Sk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.200.199.0/24
Signature Algorithm: sha256WithRSAEncryption
93:9c:e2:d9:c2:d3:52:b0:92:38:3e:52:ee:af:2c:0b:b6:48:
e3:44:51:7f:a9:fd:cd:2a:3f:c7:94:73:e5:28:86:65:31:b3:
60:10:fc:99:d9:0a:97:c4:8d:7b:08:42:f4:54:d1:32:31:b5:
2a:29:d8:bb:cc:a6:6f:ac:f6:5b:95:c7:2c:2a:b5:a8:96:36:
83:f5:3c:ca:10:9c:be:f7:9b:47:08:0f:77:1b:ed:fb:b0:7b:
f4:32:69:71:8a:82:ab:ae:8f:05:a3:cd:18:fa:e7:a4:bf:e9:
ee:85:c6:74:8d:75:3f:f3:ac:42:31:61:c3:67:e8:08:df:e0:
2a:51:cc:6d:87:06:c5:dc:30:a1:97:8c:07:f4:f2:66:18:63:
b7:89:9a:27:e9:63:6f:ba:47:c0:69:c6:8c:09:60:07:f7:93:
47:9f:42:3c:52:f9:52:2f:d7:5c:34:43:69:6b:dc:4a:05:1b:
2d:14:e9:b9:d3:19:f6:e5:1e:1a:8c:c7:46:7b:b8:28:68:1a:
d1:51:c3:2e:d0:a6:86:39:3a:a1:65:8a:04:59:b2:f9:01:77:
08:95:55:c4:57:77:63:b7:f2:6e:4c:cd:69:62:60:98:c8:53:
4e:42:d7:90:5d:3c:08:cb:52:bf:1b:f8:22:96:ee:a8:8f:b4:
43:b8:ca:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJiXu5vTwN4xgp5ab0DmaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwMTAxMjIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDE3MDNiZDcxZWQ1NGRjZWM0NjA5YWJkNjI3YjM3MzcyZmVmNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHkQhToluyMeDoZk11CqRBqRPfY3
AEcv3kEAhqZeTlzzGLvCmtSvXhGAc5FLzPOMxJKY8i4WDzt0+KJfYKxkIsexh8tw
qAWVCeiUeVsW5HjrS50UW6442wyY30SDzd1CC8Lvj0SwtW+vwRSUqGSIHLrSvqSp
n5WsChO/KFARI2iumYXXC6+Rpx5suMSjAVVhh9fRe8kMnyVeKZRBsLOjBudQduvk
ZZ2lH5KOi9GsBd1JgDI8KrGrz0g2m0bjFcbqfNuVlI+T489biiZuTqAM4g+FhtVP
U73NGJvuDJVTTrzoZSrD5cw66SXACv7J0goH2WV/8Qtc4YaUg1fVdsP00QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAXA71x7VTc7EYJq9Yns3Ny/vUpMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvOEJjRHZYSHRWTnpzUmdtcjFpZXpjM0wtOVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjHMA0G
CSqGSIb3DQEBCwUAA4IBAQCTnOLZwtNSsJI4PlLurywLtkjjRFF/qf3NKj/HlHPl
KIZlMbNgEPyZ2QqXxI17CEL0VNEyMbUqKdi7zKZvrPZblccsKrWoljaD9TzKEJy+
95tHCA93G+37sHv0MmlxioKrro8Fo80Y+uekv+nuhcZ0jXU/86xCMWHDZ+gI3+Aq
UcxthwbF3DChl4wH9PJmGGO3iZon6WNvukfAacaMCWAH95NHn0I8UvlSL9dcNENp
a9xKBRstFOm50xn25R4ajMdGe7goaBrRUcMu0KaGOTqhZYoEWbL5AXcIlVXEV3dj
t/JuTM1pYmCYyFNOQteQXTwIy1K/G/gilu6oj7RDuMqi
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:06:43 2025 by rpki-client