Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/xfrdkgkiKXUyiqBDp8WtIz7OXoA.roa
File: xfrdkgkiKXUyiqBDp8WtIz7OXoA.roa (raw, json)
Hash identifier: u5q8zVD02wQtfwCwIrIo380maJ//0XsNQGo8bB+1mGc=
Subject key identifier: C5:FA:DD:92:09:22:29:75:32:8A:A0:43:A7:C5:AD:23:3E:CE:5E:80
Certificate issuer: /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial: 018EE7C190532A3F1B6ACA5E049485978F37
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/xfrdkgkiKXUyiqBDp8WtIz7OXoA.roa
Signing time: Tue 16 Apr 2024 16:33:26 +0000
ROA not before: Tue 16 Apr 2024 16:33:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 196695
IP address blocks: 217.28.141.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:e7:c1:90:53:2a:3f:1b:6a:ca:5e:04:94:85:97:8f:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Validity
Not Before: Apr 16 16:33:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c5fadd9209222975328aa043a7c5ad233ece5e80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:23:b9:89:33:06:cd:2c:2b:b3:5e:c3:e5:4e:
74:ba:92:72:38:47:c1:39:7b:38:c6:20:14:d2:8a:
7b:6d:df:72:8e:c2:86:5c:fe:e2:43:ac:0e:9e:4b:
74:97:32:1c:1a:13:fd:eb:5a:f6:f7:3f:79:6f:6a:
f3:42:a6:f6:20:0b:55:e4:01:97:ad:d2:07:bf:0e:
8a:38:dd:d0:55:c1:56:93:17:9f:4e:bc:f4:b3:33:
d6:55:6f:43:5b:cf:0e:f0:15:99:f8:10:ab:7c:75:
34:a6:6a:b5:0d:2e:12:80:4e:30:21:20:c4:89:3f:
30:1c:82:44:e6:a1:fb:e6:4e:77:c2:1c:db:80:d1:
b6:d4:92:70:1d:b7:19:0e:6d:6a:c8:44:43:3a:4e:
73:46:99:98:22:7c:00:e4:3a:f8:60:10:6f:08:eb:
bc:5c:3c:fe:b4:ce:e7:39:e5:06:b0:1b:4a:79:3d:
7a:40:2b:e5:fb:8e:48:a8:14:94:aa:c8:33:0d:a1:
5c:8d:74:d2:c9:84:54:ca:b5:ac:8c:61:a6:33:e2:
0f:17:d0:da:b9:b4:64:3a:84:5f:b8:5a:85:6c:a1:
7b:fc:57:12:6a:61:1c:19:ff:43:6e:10:e3:72:a8:
4c:80:65:d8:58:7d:a2:ce:94:98:82:43:93:31:4d:
be:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:FA:DD:92:09:22:29:75:32:8A:A0:43:A7:C5:AD:23:3E:CE:5E:80
X509v3 Authority Key Identifier:
keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/xfrdkgkiKXUyiqBDp8WtIz7OXoA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.28.141.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:5a:c0:b6:eb:cd:55:eb:2a:0d:8e:80:c6:b5:ce:ed:34:ad:
49:b3:56:6e:9d:65:0f:7e:a0:f0:22:b3:12:72:bd:7d:3a:12:
08:13:4f:20:b7:78:b9:61:8e:1b:58:e3:46:66:aa:8a:11:e7:
ce:b2:96:37:2a:c2:df:df:5d:70:1e:e7:3d:a5:de:f9:9e:a8:
0c:59:6f:52:46:d9:d0:24:ec:26:19:2e:e1:69:5f:1d:0b:4f:
43:e5:9a:00:d5:43:1d:fa:f5:c6:64:ad:b7:4b:80:93:44:9c:
61:3e:c5:76:a7:a2:90:2e:f8:df:5e:90:b8:1a:09:bd:8a:85:
85:00:64:43:5d:26:f0:73:e9:2e:83:36:a6:79:10:ca:69:99:
d6:7d:c2:42:33:ff:9f:a3:bf:01:94:7e:68:e3:ac:2b:29:0a:
f5:bb:4f:e0:34:1a:b5:d0:35:99:2d:bb:a3:04:1b:da:71:6b:
49:0f:f4:32:d0:e8:c8:dc:4c:32:a9:85:d8:d9:49:ff:7e:33:
f6:fb:95:65:28:c4:6b:5d:bc:7c:a3:cc:5d:3a:3e:df:28:e9:
66:69:76:c1:89:c6:13:e4:16:55:c7:ae:d7:f2:41:33:0e:e1:
39:f6:a0:32:c6:6c:9f:9c:df:60:a3:5f:7e:39:cc:bb:fc:5f:
ab:72:2c:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7nwZBTKj8baspeBJSFl483MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwNDE2MTYzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWZhZGQ5MjA5MjIyOTc1MzI4YWEwNDNhN2M1YWQyMzNlY2U1ZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCO5iTMGzSwrs17D5U50upJyOEfB
OXs4xiAU0op7bd9yjsKGXP7iQ6wOnkt0lzIcGhP961r29z95b2rzQqb2IAtV5AGX
rdIHvw6KON3QVcFWkxefTrz0szPWVW9DW88O8BWZ+BCrfHU0pmq1DS4SgE4wISDE
iT8wHIJE5qH75k53whzbgNG21JJwHbcZDm1qyERDOk5zRpmYInwA5Dr4YBBvCOu8
XDz+tM7nOeUGsBtKeT16QCvl+45IqBSUqsgzDaFcjXTSyYRUyrWsjGGmM+IPF9Da
ubRkOoRfuFqFbKF7/FcSamEcGf9DbhDjcqhMgGXYWH2izpSYgkOTMU2+FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMX63ZIJIil1MoqgQ6fFrSM+zl6AMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEveGZyZGtna2lLWFV5aXFCRHA4V3RJejdPWG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RyNMA0G
CSqGSIb3DQEBCwUAA4IBAQB9WsC2681V6yoNjoDGtc7tNK1Js1ZunWUPfqDwIrMS
cr19OhIIE08gt3i5YY4bWONGZqqKEefOspY3KsLf311wHuc9pd75nqgMWW9SRtnQ
JOwmGS7haV8dC09D5ZoA1UMd+vXGZK23S4CTRJxhPsV2p6KQLvjfXpC4Ggm9ioWF
AGRDXSbwc+kugzameRDKaZnWfcJCM/+fo78BlH5o46wrKQr1u0/gNBq10DWZLbuj
BBvacWtJD/Qy0OjI3EwyqYXY2Un/fjP2+5VlKMRrXbx8o8xdOj7fKOlmaXbBicYT
5BZVx67X8kEzDuE59qAyxmyfnN9go19+Ocy7/F+rcixL
-----END CERTIFICATE-----
Generated at Wed Aug 21 13:10:08 2024 by rpki-client on console-ams.rpki-client.org