Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/vbhtOl1j7Dmw_nLzEKgbRnTc0aE.roa
File: vbhtOl1j7Dmw_nLzEKgbRnTc0aE.roa (raw, json)
Hash identifier: ZbmYRgBVTXksptD8Aj8+ismAgo53kShJqAiwXsdunUg=
Subject key identifier: BD:B8:6D:3A:5D:63:EC:39:B0:FE:72:F3:10:A8:1B:46:74:DC:D1:A1
Certificate issuer: /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial: 0190515B93BCD09AE52A3C89ADA119A77948
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/vbhtOl1j7Dmw_nLzEKgbRnTc0aE.roa
Signing time: Tue 25 Jun 2024 21:44:34 +0000
ROA not before: Tue 25 Jun 2024 21:44:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59956
IP address blocks: 176.117.92.0/24 maxlen: 24
176.117.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:51:5b:93:bc:d0:9a:e5:2a:3c:89:ad:a1:19:a7:79:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Validity
Not Before: Jun 25 21:44:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bdb86d3a5d63ec39b0fe72f310a81b4674dcd1a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:b1:bc:8f:cb:2a:be:cc:03:9e:69:40:0e:b8:
0a:ef:be:92:7a:59:15:fd:a3:b2:8b:4e:18:3f:f9:
96:4a:a5:52:07:66:d7:9a:b8:0e:fb:67:22:be:d2:
6f:d2:85:e1:09:ec:ff:4a:c1:48:11:78:8a:d7:fc:
d6:26:69:e4:89:a1:29:89:61:39:64:5d:f0:ac:bf:
be:9f:c4:b8:dd:8e:8e:1d:14:5b:2d:d9:40:d4:77:
6c:36:02:01:58:b6:15:00:20:69:4d:01:45:3b:66:
bd:9b:07:93:19:00:48:4d:be:87:b3:33:30:96:e3:
1b:9a:0c:76:25:10:88:4d:c9:17:eb:77:57:7a:8b:
c7:83:84:96:70:b7:88:f4:fd:d4:4d:95:64:d3:c3:
1a:88:06:60:70:6d:64:5d:c1:c9:9e:24:37:c0:43:
a7:d0:47:f2:fc:20:fd:3d:47:7b:21:76:80:27:98:
30:0c:22:fc:6a:4a:41:b5:dd:33:94:17:5c:be:61:
d2:4a:b1:ec:3d:ab:d5:cf:e6:6b:5d:06:d6:5c:78:
78:41:d4:c8:61:5c:c1:11:13:67:0a:f0:e4:aa:21:
90:3e:b1:b9:ed:df:69:7f:8e:9b:5b:90:a4:89:78:
a3:4e:ae:f7:53:ad:7f:c2:66:28:f9:35:4d:5d:c3:
40:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:B8:6D:3A:5D:63:EC:39:B0:FE:72:F3:10:A8:1B:46:74:DC:D1:A1
X509v3 Authority Key Identifier:
keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/vbhtOl1j7Dmw_nLzEKgbRnTc0aE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.117.92.0/24
176.117.94.0/24
Signature Algorithm: sha256WithRSAEncryption
91:90:8f:ad:62:69:b4:c3:b4:a4:16:4a:31:89:88:ca:a7:d5:
9c:51:db:9d:6d:5a:41:ba:f0:1e:f0:a7:7b:56:48:db:4e:cc:
4b:fe:92:70:9f:d2:33:1f:4c:d2:01:30:ea:7e:10:eb:18:29:
5c:5d:10:3b:6e:7a:34:9e:38:0e:1e:c1:0a:c4:ec:d2:94:a2:
e9:dd:c4:84:86:11:4a:2e:bc:47:72:5e:77:c1:33:c2:6b:4f:
f7:3c:f0:14:63:5b:a5:fe:c5:2f:32:4e:19:86:7a:cc:16:a4:
ac:9d:7a:c9:98:11:51:d6:f8:b3:c0:be:a2:03:5e:9d:30:26:
98:bd:6d:a7:3f:f5:fa:9c:0f:9b:71:38:26:62:09:ba:7b:74:
e8:6d:ea:5b:07:c9:18:fe:fb:af:1c:75:1a:f5:62:29:ea:17:
0a:a1:56:8b:10:94:48:c0:fe:97:84:53:98:55:c6:70:4e:ca:
d6:bf:4e:a0:5f:38:82:98:16:32:c9:83:14:12:18:aa:eb:bb:
51:bc:0b:b9:6e:69:19:89:c8:39:ee:b5:19:11:88:38:48:ca:
64:1f:45:df:39:0a:b9:73:19:61:65:cd:0c:7a:b1:36:09:ed:
e9:cb:26:07:52:6d:f1:12:c6:b8:8b:22:8b:f2:1a:3f:bc:51:
ac:97:b1:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBRW5O80JrlKjyJraEZp3lIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjQwNjI1MjE0NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGI4NmQzYTVkNjNlYzM5YjBmZTcyZjMxMGE4MWI0Njc0ZGNkMWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7G8j8sqvswDnmlADrgK776SelkV
/aOyi04YP/mWSqVSB2bXmrgO+2civtJv0oXhCez/SsFIEXiK1/zWJmnkiaEpiWE5
ZF3wrL++n8S43Y6OHRRbLdlA1HdsNgIBWLYVACBpTQFFO2a9mweTGQBITb6HszMw
luMbmgx2JRCITckX63dXeovHg4SWcLeI9P3UTZVk08MaiAZgcG1kXcHJniQ3wEOn
0Efy/CD9PUd7IXaAJ5gwDCL8akpBtd0zlBdcvmHSSrHsPavVz+ZrXQbWXHh4QdTI
YVzBERNnCvDkqiGQPrG57d9pf46bW5CkiXijTq73U61/wmYo+TVNXcNA6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL24bTpdY+w5sP5y8xCoG0Z03NGhMB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvdmJodE9sMWo3RG13X25MekVLZ2JSblRjMGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsHVcAwQA
sHVeMA0GCSqGSIb3DQEBCwUAA4IBAQCRkI+tYmm0w7SkFkoxiYjKp9WcUdudbVpB
uvAe8Kd7VkjbTsxL/pJwn9IzH0zSATDqfhDrGClcXRA7bno0njgOHsEKxOzSlKLp
3cSEhhFKLrxHcl53wTPCa0/3PPAUY1ul/sUvMk4ZhnrMFqSsnXrJmBFR1vizwL6i
A16dMCaYvW2nP/X6nA+bcTgmYgm6e3TobepbB8kY/vuvHHUa9WIp6hcKoVaLEJRI
wP6XhFOYVcZwTsrWv06gXziCmBYyyYMUEhiq67tRvAu5bmkZicg57rUZEYg4SMpk
H0XfOQq5cxlhZc0MerE2Ce3pyyYHUm3xEsa4iyKL8ho/vFGsl7GF
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:13:27 2025 by rpki-client