Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/ss7pfv0kkFeqOPmSZ5yawJtaNdA.roa
File: ss7pfv0kkFeqOPmSZ5yawJtaNdA.roa (raw, json)
Hash identifier: xk7nXY7yzKQr3fB09j1dxWasKU4bDfsMhbZtofLkIp8=
Subject key identifier: B2:CE:E9:7E:FD:24:90:57:AA:38:F9:92:67:9C:9A:C0:9B:5A:35:D0
Certificate issuer: /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial: 018DDB0EAC4319FDF206FDFF10EDB1F6C311
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/ss7pfv0kkFeqOPmSZ5yawJtaNdA.roa
Signing time: Sat 24 Feb 2024 12:19:48 +0000
ROA not before: Sat 24 Feb 2024 12:19:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212150
IP address blocks: 176.117.88.0/24 maxlen: 24
176.117.95.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:db:0e:ac:43:19:fd:f2:06:fd:ff:10:ed:b1:f6:c3:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Validity
Not Before: Feb 24 12:19:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b2cee97efd249057aa38f992679c9ac09b5a35d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:13:b8:5c:15:59:a6:56:3b:9b:4d:f0:41:17:
7f:fb:28:81:28:6f:1a:7c:39:e5:82:d6:27:0b:75:
a4:da:53:62:5b:49:ae:4b:17:96:74:6b:bf:b8:ea:
4b:f1:11:b9:c3:33:6c:36:b6:c3:b7:91:f5:a1:ff:
c1:f6:ff:53:fd:bb:07:2d:d6:53:60:d3:ea:43:8a:
dd:bd:20:c5:16:4c:0e:dd:e1:06:be:53:1a:66:a2:
c7:50:1c:56:f8:03:fb:e7:c1:0b:73:7e:23:a9:85:
9b:04:7f:0d:fe:cc:11:7a:70:cf:68:cc:a5:3d:63:
eb:0c:1c:93:e1:c2:77:f2:7f:d5:ac:a7:f4:97:54:
93:af:3b:09:4a:3c:c5:08:dd:de:00:d7:55:16:e9:
fc:e4:4f:20:de:84:df:88:ea:a1:59:47:fb:27:d1:
a6:48:68:0e:b5:04:d0:e3:e2:7f:cb:51:7f:3b:a0:
18:5e:45:86:43:40:52:4f:80:89:94:28:71:ce:af:
74:28:36:5c:fb:7d:b8:91:06:80:fe:81:8f:6a:a2:
85:2e:05:f6:dc:2d:79:f2:aa:00:ed:9f:ec:cf:e7:
2e:01:80:f5:00:47:ed:31:85:bd:47:23:84:91:df:
19:9f:6c:f2:a8:9a:80:ba:99:9e:5e:bb:e4:88:81:
a9:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:CE:E9:7E:FD:24:90:57:AA:38:F9:92:67:9C:9A:C0:9B:5A:35:D0
X509v3 Authority Key Identifier:
keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/ss7pfv0kkFeqOPmSZ5yawJtaNdA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.117.88.0/24
176.117.95.0/24
Signature Algorithm: sha256WithRSAEncryption
73:0b:68:95:18:6b:05:b4:c6:b9:b7:14:20:6a:36:86:36:3e:
1e:f3:b5:82:af:ea:d6:af:c4:2b:f2:06:22:1b:e1:e6:cb:e5:
27:52:b2:4e:72:57:d1:d7:c8:59:6f:52:96:b8:6c:68:51:78:
45:09:ec:66:bd:bb:78:25:33:43:6c:dd:df:76:12:9f:6b:29:
25:c1:70:d4:9a:ca:06:63:2b:45:e7:2c:55:78:f8:56:e8:45:
c4:97:47:f2:10:18:6c:cb:41:aa:68:ca:ab:79:d8:6b:66:32:
f9:58:e8:d9:72:5e:98:13:fe:65:81:56:95:d6:06:85:2b:9e:
5d:45:3c:c6:fb:7e:2c:9b:58:53:28:54:d5:18:6c:39:a5:43:
c4:39:9e:27:c0:01:78:01:d5:a1:55:41:f9:1d:f8:46:37:57:
11:cb:f7:50:a5:7f:54:65:97:71:83:5f:ff:dd:db:79:51:18:
0c:00:16:56:69:0c:3e:ce:e8:0a:07:f4:43:fd:7c:e9:6f:01:
6b:df:47:86:e8:eb:b7:9e:89:fe:84:fa:9e:23:30:6a:7a:ae:
ca:ce:ad:15:f9:26:0c:25:5a:d3:6e:b3:4c:ff:5c:02:dd:3b:
61:f4:86:7c:58:88:85:41:18:48:80:f0:fe:cb:71:23:8c:8f:
9d:fd:1e:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3bDqxDGf3yBv3/EO2x9sMRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjQwMjI0MTIxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmNlZTk3ZWZkMjQ5MDU3YWEzOGY5OTI2NzljOWFjMDliNWEzNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hO4XBVZplY7m03wQRd/+yiBKG8a
fDnlgtYnC3Wk2lNiW0muSxeWdGu/uOpL8RG5wzNsNrbDt5H1of/B9v9T/bsHLdZT
YNPqQ4rdvSDFFkwO3eEGvlMaZqLHUBxW+AP758ELc34jqYWbBH8N/swRenDPaMyl
PWPrDByT4cJ38n/VrKf0l1STrzsJSjzFCN3eANdVFun85E8g3oTfiOqhWUf7J9Gm
SGgOtQTQ4+J/y1F/O6AYXkWGQ0BST4CJlChxzq90KDZc+324kQaA/oGPaqKFLgX2
3C158qoA7Z/sz+cuAYD1AEftMYW9RyOEkd8Zn2zyqJqAupmeXrvkiIGpQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLLO6X79JJBXqjj5kmecmsCbWjXQMB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvc3M3cGZ2MGtrRmVxT1BtU1o1eWF3SnRhTmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHVYAwQA
sHVfMA0GCSqGSIb3DQEBCwUAA4IBAQBzC2iVGGsFtMa5txQgajaGNj4e87WCr+rW
r8Qr8gYiG+Hmy+UnUrJOclfR18hZb1KWuGxoUXhFCexmvbt4JTNDbN3fdhKfaykl
wXDUmsoGYytF5yxVePhW6EXEl0fyEBhsy0GqaMqredhrZjL5WOjZcl6YE/5lgVaV
1gaFK55dRTzG+34sm1hTKFTVGGw5pUPEOZ4nwAF4AdWhVUH5HfhGN1cRy/dQpX9U
ZZdxg1//3dt5URgMABZWaQw+zugKB/RD/XzpbwFr30eG6Ou3non+hPqeIzBqeq7K
zq0V+SYMJVrTbrNM/1wC3Tth9IZ8WIiFQRhIgPD+y3EjjI+d/R50
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:13:37 2025 by rpki-client