Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/axbmpxRHhzGnps5AYfWhG2gqonI.roa
File: axbmpxRHhzGnps5AYfWhG2gqonI.roa (raw, json)
Hash identifier: bEwS3i5Z8vGz/7CKSHdBUaOoDAnZAd5EInAVK6KIG/I=
Subject key identifier: 6B:16:E6:A7:14:47:87:31:A7:A6:CE:40:61:F5:A1:1B:68:2A:A2:72
Certificate issuer: /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial: 01907242716D7F47BA2D815BE22BC7E2AE6E
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/axbmpxRHhzGnps5AYfWhG2gqonI.roa
Signing time: Tue 02 Jul 2024 07:04:35 +0000
ROA not before: Tue 02 Jul 2024 07:04:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 397373
IP address blocks: 176.117.84.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:72:42:71:6d:7f:47:ba:2d:81:5b:e2:2b:c7:e2:ae:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Validity
Not Before: Jul 2 07:04:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6b16e6a714478731a7a6ce4061f5a11b682aa272
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:9f:5f:3e:0d:2b:17:45:3c:fe:9a:2d:48:7f:
e9:4c:26:fe:69:a2:0a:9d:42:6d:bd:14:71:2d:a0:
9d:e5:40:ec:c3:80:94:75:36:f0:b3:30:27:f6:a7:
29:7d:61:42:c1:8d:81:6c:1a:c0:0a:37:5e:3b:c1:
06:a1:f0:29:63:49:ea:e1:53:77:5c:ab:e5:65:2c:
03:7c:dd:94:84:25:89:96:38:4d:3d:41:20:08:05:
6f:9a:ca:99:e9:2d:d9:62:b5:3f:f4:a9:7a:a3:6d:
86:42:b8:9f:21:2f:25:6c:20:05:e5:5e:1d:2e:a6:
a3:fa:bf:a8:0b:ec:04:8b:da:2a:65:74:1a:5a:e6:
39:88:ba:91:0b:a3:bb:2f:e0:37:5c:54:77:4a:7d:
ca:1d:cd:c6:b7:0c:bd:70:e6:e4:9c:b4:9a:8b:14:
56:a4:eb:8e:6c:b0:c8:72:b7:7c:e4:aa:ae:29:d8:
8a:22:f6:a9:6c:9c:a0:0e:1f:82:7f:33:1a:1a:a1:
fa:ce:96:41:5f:30:79:94:f9:2b:ac:25:18:7b:c3:
fe:ca:95:df:9d:ba:5d:9c:b4:6c:3d:12:b4:65:6b:
ba:bf:4f:e5:a7:48:2a:77:4b:c7:60:cb:ad:84:95:
54:f5:6c:3e:cf:14:63:1c:2e:70:99:23:e1:be:c2:
e6:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:16:E6:A7:14:47:87:31:A7:A6:CE:40:61:F5:A1:1B:68:2A:A2:72
X509v3 Authority Key Identifier:
keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/axbmpxRHhzGnps5AYfWhG2gqonI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.117.84.0/22
Signature Algorithm: sha256WithRSAEncryption
83:b1:15:b3:88:fd:b7:19:78:d2:bc:20:8e:7d:3e:2d:b4:e5:
2a:82:76:e8:ef:b2:e6:ed:76:ac:58:1e:a9:e4:3b:0f:cb:a4:
9e:8d:1f:62:d8:f4:c5:55:ad:29:db:54:2b:bf:a5:7b:b9:e5:
b7:04:cf:4c:0b:d0:e5:2d:9c:a2:46:f8:12:06:52:a3:e3:47:
7d:0f:81:f5:08:1b:66:b2:f9:33:44:4a:27:4a:b2:8a:c1:38:
f6:04:ec:51:53:b2:45:64:c0:5b:aa:0d:e1:c7:52:eb:09:24:
62:a7:09:f7:ee:16:8b:e7:ff:7f:b2:f5:a3:83:14:43:5f:fa:
48:f5:2e:3f:9d:47:9e:2e:21:ec:de:ce:7c:40:31:d3:a4:f6:
cc:e3:e8:e8:56:fd:51:e6:11:15:83:f4:cd:b8:3f:39:b4:81:
4e:06:87:e9:c1:15:8a:72:f6:5f:7b:d1:00:c3:29:84:20:1c:
e0:cf:06:d8:55:30:9e:75:93:a5:f1:c6:ce:73:dd:dc:31:c0:
27:8f:e7:0f:61:bf:4a:22:10:91:5a:4d:e6:99:09:ae:5b:1f:
d3:34:3b:a9:3d:a1:9b:8f:10:47:56:05:58:87:13:71:eb:a5:
67:33:12:ed:7b:cb:35:86:4f:db:4d:7b:71:a1:71:20:16:a3:
65:b4:d0:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZByQnFtf0e6LYFb4ivH4q5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjQwNzAyMDcwNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjE2ZTZhNzE0NDc4NzMxYTdhNmNlNDA2MWY1YTExYjY4MmFhMjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp9fPg0rF0U8/potSH/pTCb+aaIK
nUJtvRRxLaCd5UDsw4CUdTbwszAn9qcpfWFCwY2BbBrACjdeO8EGofApY0nq4VN3
XKvlZSwDfN2UhCWJljhNPUEgCAVvmsqZ6S3ZYrU/9Kl6o22GQrifIS8lbCAF5V4d
Lqaj+r+oC+wEi9oqZXQaWuY5iLqRC6O7L+A3XFR3Sn3KHc3Gtwy9cObknLSaixRW
pOuObLDIcrd85KquKdiKIvapbJygDh+CfzMaGqH6zpZBXzB5lPkrrCUYe8P+ypXf
nbpdnLRsPRK0ZWu6v0/lp0gqd0vHYMuthJVU9Ww+zxRjHC5wmSPhvsLmVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsW5qcUR4cxp6bOQGH1oRtoKqJyMB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvYXhibXB4UkhoekducHM1QVlmV2hHMmdxb25JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHVUMA0G
CSqGSIb3DQEBCwUAA4IBAQCDsRWziP23GXjSvCCOfT4ttOUqgnbo77Lm7XasWB6p
5DsPy6SejR9i2PTFVa0p21Qrv6V7ueW3BM9MC9DlLZyiRvgSBlKj40d9D4H1CBtm
svkzREonSrKKwTj2BOxRU7JFZMBbqg3hx1LrCSRipwn37haL5/9/svWjgxRDX/pI
9S4/nUeeLiHs3s58QDHTpPbM4+joVv1R5hEVg/TNuD85tIFOBofpwRWKcvZfe9EA
wymEIBzgzwbYVTCedZOl8cbOc93cMcAnj+cPYb9KIhCRWk3mmQmuWx/TNDupPaGb
jxBHVgVYhxNx66VnMxLte8s1hk/bTXtxoXEgFqNltNC8
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:51:01 2025 by rpki-client