Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/J5v78moWnL9vGZznmZhSi_kG9T4.roa
File: J5v78moWnL9vGZznmZhSi_kG9T4.roa (raw, json)
Hash identifier: +uxyXaBhZ7+JvQu9ME3tl6XBFU/fzEkZj0yIZeFNnPs=
Subject key identifier: 27:9B:FB:F2:6A:16:9C:BF:6F:19:9C:E7:99:98:52:8B:F9:06:F5:3E
Certificate issuer: /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial: 01856DCAF693FFB18E8A3220DB6DBE86E274
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/J5v78moWnL9vGZznmZhSi_kG9T4.roa
Signing time: Sun 01 Jan 2023 14:44:55 +0000
ROA not before: Sun 01 Jan 2023 14:44:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50673
IP address blocks: 176.117.72.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:ca:f6:93:ff:b1:8e:8a:32:20:db:6d:be:86:e2:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Validity
Not Before: Jan 1 14:44:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=279bfbf26a169cbf6f199ce79998528bf906f53e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:1c:28:26:2c:8e:40:37:39:15:2d:80:c1:6b:
36:b7:44:cb:76:0a:8d:86:96:cf:63:83:3a:cf:79:
83:fb:bb:ed:e6:56:f5:0b:37:45:08:f2:61:ce:45:
c7:8b:46:32:5e:b6:6b:ba:3d:4c:19:b9:a6:de:f7:
dd:75:1d:fb:c1:81:1a:a7:75:19:bd:71:4c:61:04:
42:a1:bc:21:49:71:e6:7f:0c:6a:ba:15:02:42:bf:
7c:ea:49:9c:db:ee:fa:47:d0:bf:07:bc:90:cd:c7:
9f:d0:f9:9f:7c:33:f7:8c:45:86:7e:83:a7:12:fd:
e9:e0:3f:e6:5b:bc:fb:61:72:9b:3d:79:d0:3c:db:
5b:07:21:24:b4:8f:29:50:3a:20:2d:0a:76:2a:21:
b1:06:78:ed:97:96:6a:84:e0:59:63:53:5f:56:90:
cd:4e:42:d3:03:5f:92:3e:0c:1f:ad:6b:c3:a8:7e:
dc:8a:4e:fb:c0:04:aa:67:e4:f7:08:17:5f:01:05:
69:84:af:e9:18:26:bb:94:f4:3d:be:72:d5:73:e0:
31:5d:b9:b3:f1:7c:c9:49:f9:59:a9:c1:18:a6:af:
80:ed:95:6d:d5:59:c4:40:08:08:ef:51:cb:2b:ff:
df:60:85:6b:ba:b7:33:e1:46:2c:d4:56:90:49:19:
f9:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:9B:FB:F2:6A:16:9C:BF:6F:19:9C:E7:99:98:52:8B:F9:06:F5:3E
X509v3 Authority Key Identifier:
keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/J5v78moWnL9vGZznmZhSi_kG9T4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.117.72.0/22
Signature Algorithm: sha256WithRSAEncryption
57:92:4c:7b:61:ec:2c:25:a1:9f:c0:45:19:ab:f9:cb:c9:6c:
47:d5:f1:c1:c8:13:6f:79:db:62:a6:56:3c:3a:4d:01:77:98:
34:8c:bf:eb:86:c0:c9:04:3a:17:74:1b:e6:ae:cc:44:3d:9d:
de:63:9c:73:de:19:b8:1b:24:c9:8b:69:d3:45:57:86:d8:ab:
b7:9d:e2:ad:a3:bf:d5:f4:9a:5f:7a:e3:97:45:b8:d0:69:5f:
85:52:2c:81:19:6a:a7:09:c5:a2:e1:06:c5:b4:2b:ae:f9:0c:
89:80:18:c4:5b:eb:5c:95:93:cb:54:24:2a:50:55:12:6c:a6:
db:f3:e8:c9:27:3c:e4:c7:07:a8:4e:e2:3d:25:ac:a3:24:1e:
47:74:39:e2:2f:44:c1:ad:96:6d:bc:ae:78:b5:c7:f4:a2:77:
1a:42:66:99:7c:78:ed:25:54:58:3d:3d:e6:97:e6:30:e1:84:
0f:8f:04:4b:0b:7a:e0:7d:4e:28:24:96:10:7f:f9:a6:0f:32:
bb:5e:57:44:68:99:52:5d:b8:ff:f0:3f:da:80:5b:24:95:89:
32:9d:bf:30:2e:f5:12:65:85:43:7d:ef:6a:b0:61:f4:8c:7e:
b0:08:29:ba:71:f9:df:f6:68:c0:cd:a9:27:11:77:14:ec:27:
83:78:5e:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtyvaT/7GOijIg222+huJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjMwMTAxMTQ0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzliZmJmMjZhMTY5Y2JmNmYxOTljZTc5OTk4NTI4YmY5MDZmNTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRwoJiyOQDc5FS2AwWs2t0TLdgqN
hpbPY4M6z3mD+7vt5lb1CzdFCPJhzkXHi0YyXrZruj1MGbmm3vfddR37wYEap3UZ
vXFMYQRCobwhSXHmfwxquhUCQr986kmc2+76R9C/B7yQzcef0PmffDP3jEWGfoOn
Ev3p4D/mW7z7YXKbPXnQPNtbByEktI8pUDogLQp2KiGxBnjtl5ZqhOBZY1NfVpDN
TkLTA1+SPgwfrWvDqH7cik77wASqZ+T3CBdfAQVphK/pGCa7lPQ9vnLVc+AxXbmz
8XzJSflZqcEYpq+A7ZVt1VnEQAgI71HLK//fYIVrurcz4UYs1FaQSRn5RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeb+/JqFpy/bxmc55mYUov5BvU+MB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvSjV2Nzhtb1duTDl2R1p6bm1aaFNpX2tHOVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHVIMA0G
CSqGSIb3DQEBCwUAA4IBAQBXkkx7YewsJaGfwEUZq/nLyWxH1fHByBNvedtiplY8
Ok0Bd5g0jL/rhsDJBDoXdBvmrsxEPZ3eY5xz3hm4GyTJi2nTRVeG2Ku3neKto7/V
9JpfeuOXRbjQaV+FUiyBGWqnCcWi4QbFtCuu+QyJgBjEW+tclZPLVCQqUFUSbKbb
8+jJJzzkxweoTuI9JayjJB5HdDniL0TBrZZtvK54tcf0oncaQmaZfHjtJVRYPT3m
l+Yw4YQPjwRLC3rgfU4oJJYQf/mmDzK7XldEaJlSXbj/8D/agFsklYkynb8wLvUS
ZYVDfe9qsGH0jH6wCCm6cfnf9mjAzaknEXcU7CeDeF5h
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:32:49 2025 by rpki-client