Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/2Uhzb6uT4-ZD2vrbcb2Y6qLzMnA.roa
File: 2Uhzb6uT4-ZD2vrbcb2Y6qLzMnA.roa (raw, json)
Hash identifier: d3+JKpTgge45UkMHcYErOqzJELn1wN/ydVrlLc1sp40=
Subject key identifier: D9:48:73:6F:AB:93:E3:E6:43:DA:FA:DB:71:BD:98:EA:A2:F3:32:70
Certificate issuer: /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial: 0190A383117C2BFCE7CC82EB1FE76BB76564
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/2Uhzb6uT4-ZD2vrbcb2Y6qLzMnA.roa
Signing time: Thu 11 Jul 2024 20:36:34 +0000
ROA not before: Thu 11 Jul 2024 20:36:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59956
IP address blocks: 176.117.84.0/22 maxlen: 22
176.117.88.0/22 maxlen: 22
176.117.92.0/24 maxlen: 24
176.117.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:a3:83:11:7c:2b:fc:e7:cc:82:eb:1f:e7:6b:b7:65:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Validity
Not Before: Jul 11 20:36:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d948736fab93e3e643dafadb71bd98eaa2f33270
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:20:5f:49:7b:17:e5:f4:d5:08:47:03:77:4c:
36:9b:53:8d:83:02:6a:dc:46:e1:5a:2c:f2:09:92:
2c:a2:ae:16:7c:d0:aa:32:6c:a8:67:29:63:26:1f:
32:20:85:78:d2:f7:88:08:68:b5:25:6a:10:e2:e4:
67:5e:36:e5:c8:a7:cc:86:ae:38:79:87:98:68:f3:
a6:3c:f7:2e:a9:da:d8:69:a8:e2:16:1c:74:be:ca:
f1:74:be:d1:5d:7a:c8:61:37:27:27:e4:58:a8:71:
26:a1:07:63:d8:b8:db:b5:c1:cc:5d:cd:04:ed:60:
df:22:cc:b2:ce:9b:1e:91:60:98:5d:1c:65:64:2e:
fe:08:91:3e:89:47:4a:5a:8e:13:db:a1:1d:94:44:
43:c0:e5:09:41:4f:9d:cb:ab:68:96:03:d2:d0:e4:
b8:1f:29:c6:bd:de:78:85:71:57:1d:61:c9:f2:37:
5c:73:d9:04:14:d4:ef:ce:f9:46:5c:86:f0:c2:d1:
7a:66:4e:8f:3b:62:91:ea:fa:ea:9a:53:6d:56:8f:
32:d5:94:9e:dc:c8:f4:50:04:a8:ce:ae:ef:b7:8c:
85:e7:6a:f2:f6:97:1c:b0:1f:5a:99:26:05:14:5a:
3b:4b:ad:c0:00:9c:40:c6:ad:dc:0d:47:36:69:f7:
2d:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:48:73:6F:AB:93:E3:E6:43:DA:FA:DB:71:BD:98:EA:A2:F3:32:70
X509v3 Authority Key Identifier:
keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/2Uhzb6uT4-ZD2vrbcb2Y6qLzMnA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.117.84.0-176.117.92.255
176.117.94.0/24
Signature Algorithm: sha256WithRSAEncryption
60:0e:4b:c7:75:9d:f3:64:84:30:ba:99:b2:6e:b8:cf:d2:e2:
dd:ba:f6:0b:9c:bf:04:02:f8:3a:61:c7:65:3a:d9:21:29:29:
fe:2d:a0:7a:8a:d5:a1:21:33:da:14:8d:6d:8b:d9:90:91:14:
5f:5d:03:b3:48:12:6a:62:4f:96:fa:a6:11:35:31:fd:09:6e:
1b:6d:fc:99:09:76:ef:bf:ed:e9:9c:c2:cd:06:6a:38:72:49:
7e:2b:a8:f1:d2:46:14:2d:10:24:d7:5e:0d:48:b0:c5:28:78:
3b:ed:0e:e6:c0:74:00:3f:ad:8a:fe:b6:f8:ea:cb:cb:c6:0f:
2e:d8:90:80:ce:2f:0b:5d:f7:0c:81:be:c5:d3:ad:04:f5:28:
06:72:f6:ca:2b:09:7c:ca:38:e5:66:c7:08:99:fc:52:5c:00:
5d:f8:f7:9f:ca:66:8e:e3:f2:f5:6f:26:e3:4c:31:4c:40:56:
de:9c:eb:b0:fb:74:43:c8:23:b7:37:59:d8:fd:64:6b:0b:27:
4b:a6:91:6a:0a:71:ff:9b:6c:3f:2e:9a:7d:42:3a:ae:4d:16:
d1:97:86:6c:d1:95:88:a1:b0:68:db:62:73:f4:ec:7a:94:26:
a6:2e:21:ed:b1:bb:d2:a1:ed:5c:99:9c:ac:f8:e1:5f:a1:d5:
0f:9b:a3:ca
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZCjgxF8K/znzILrH+drt2VkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjQwNzExMjAzNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQ4NzM2ZmFiOTNlM2U2NDNkYWZhZGI3MWJkOThlYWEyZjMzMjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCBfSXsX5fTVCEcDd0w2m1ONgwJq
3EbhWizyCZIsoq4WfNCqMmyoZyljJh8yIIV40veICGi1JWoQ4uRnXjblyKfMhq44
eYeYaPOmPPcuqdrYaajiFhx0vsrxdL7RXXrIYTcnJ+RYqHEmoQdj2LjbtcHMXc0E
7WDfIsyyzpsekWCYXRxlZC7+CJE+iUdKWo4T26EdlERDwOUJQU+dy6tolgPS0OS4
HynGvd54hXFXHWHJ8jdcc9kEFNTvzvlGXIbwwtF6Zk6PO2KR6vrqmlNtVo8y1ZSe
3Mj0UASozq7vt4yF52ry9pccsB9amSYFFFo7S63AAJxAxq3cDUc2afctPwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNlIc2+rk+PmQ9r623G9mOqi8zJwMB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvMlVoemI2dVQ0LVpEMnZyYmNiMlk2cUx6TW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAKwdVQD
BACwdVwDBACwdV4wDQYJKoZIhvcNAQELBQADggEBAGAOS8d1nfNkhDC6mbJuuM/S
4t269gucvwQC+Dphx2U62SEpKf4toHqK1aEhM9oUjW2L2ZCRFF9dA7NIEmpiT5b6
phE1Mf0Jbhtt/JkJdu+/7emcws0GajhySX4rqPHSRhQtECTXXg1IsMUoeDvtDubA
dAA/rYr+tvjqy8vGDy7YkIDOLwtd9wyBvsXTrQT1KAZy9sorCXzKOOVmxwiZ/FJc
AF3495/KZo7j8vVvJuNMMUxAVt6c67D7dEPII7c3Wdj9ZGsLJ0umkWoKcf+bbD8u
mn1COq5NFtGXhmzRlYihsGjbYnP07HqUJqYuIe2xu9Kh7VyZnKz44V+h1Q+bo8o=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:39:12 2025 by rpki-client