Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/RAL-rudqeK8r9mggRKBMmwMKGow.roa
File: RAL-rudqeK8r9mggRKBMmwMKGow.roa (raw, json)
Hash identifier: cwHjUcQok5DQaW+P7ldBkPHvuojcdDwHycEuO8OD2xM=
Subject key identifier: 44:02:FE:AE:E7:6A:78:AF:2B:F6:68:20:44:A0:4C:9B:03:0A:1A:8C
Certificate issuer: /CN=2858d2f131715cbaf3cdd920645924f53508e067
Certificate serial: 0185AA1FBCD0BEEA7536921D58C9EF326EBC
Authority key identifier: 28:58:D2:F1:31:71:5C:BA:F3:CD:D9:20:64:59:24:F5:35:08:E0:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/RAL-rudqeK8r9mggRKBMmwMKGow.roa
Signing time: Fri 13 Jan 2023 07:54:44 +0000
ROA not before: Fri 13 Jan 2023 07:54:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52221
IP address blocks: 194.117.224.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:aa:1f:bc:d0:be:ea:75:36:92:1d:58:c9:ef:32:6e:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2858d2f131715cbaf3cdd920645924f53508e067
Validity
Not Before: Jan 13 07:54:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4402feaee76a78af2bf6682044a04c9b030a1a8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:21:59:f4:e5:8f:cc:57:0a:b7:6a:1d:bd:91:
db:70:a3:11:58:ed:3d:ae:f1:ac:4d:60:bf:d5:d2:
a0:80:34:60:1c:45:1b:12:12:e5:ab:3b:9a:c4:46:
f4:ea:a1:13:75:a6:14:62:2e:78:b5:20:c9:45:69:
12:50:1a:ce:10:06:f9:f1:bd:a6:9f:01:ca:90:6e:
c8:e1:35:14:ea:a7:b5:2a:83:34:fa:9c:02:b8:79:
c5:21:7b:40:b4:0b:db:39:f5:4e:61:b7:c4:8a:e9:
8a:ec:03:86:52:f5:a3:68:ee:7b:44:b5:88:65:1f:
95:53:eb:08:4d:75:64:e6:14:73:b3:90:fb:d2:ef:
86:5a:bc:d2:66:c9:54:be:46:3d:89:cc:b1:f8:b1:
ae:a1:2f:57:7e:c3:68:eb:40:60:6b:42:60:57:5d:
9b:b9:a5:bf:17:ab:0a:43:a1:2c:22:b0:e5:32:90:
80:d3:88:72:be:70:b5:2f:bb:8f:56:72:af:a0:ba:
5d:5b:3e:76:01:db:4e:20:df:79:40:1a:4d:20:a2:
b0:b0:54:73:30:8f:83:c4:82:ba:6e:fa:59:6d:52:
8e:9d:e4:74:3b:be:ea:37:62:47:79:2c:b2:8a:e8:
24:41:63:11:2a:19:a9:b1:ba:29:f7:41:5d:d1:6e:
95:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:02:FE:AE:E7:6A:78:AF:2B:F6:68:20:44:A0:4C:9B:03:0A:1A:8C
X509v3 Authority Key Identifier:
keyid:28:58:D2:F1:31:71:5C:BA:F3:CD:D9:20:64:59:24:F5:35:08:E0:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/RAL-rudqeK8r9mggRKBMmwMKGow.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/75dbc4-ae22-4971-9ef5-a3f355beeedd/1/KFjS8TFxXLrzzdkgZFkk9TUI4Gc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.117.224.0/23
Signature Algorithm: sha256WithRSAEncryption
3e:2a:68:48:18:07:59:d3:d8:c3:94:cc:af:db:04:91:e1:65:
5d:72:0a:8e:42:db:c6:46:4c:55:ff:84:40:a0:ec:c7:d5:5d:
fc:97:be:1a:0f:9c:18:f3:f5:6e:5d:3f:89:a4:1a:b2:f7:cc:
c4:12:08:86:65:32:3b:8b:47:69:7c:46:15:c1:28:8b:f7:58:
d1:3f:77:55:c2:6c:95:fc:a9:60:16:9c:2a:33:ea:a9:f6:42:
79:5a:b7:7e:46:56:78:48:27:c4:99:27:17:3d:13:45:79:c2:
c0:53:61:4f:fb:26:81:a3:d4:71:f9:82:ea:b1:45:57:f7:24:
03:77:4e:51:78:8d:37:70:d1:f6:3e:cd:b7:27:aa:9f:91:75:
20:a0:65:b9:5a:97:b2:3e:94:1e:26:b9:ee:58:c7:02:95:7c:
6c:96:f7:9b:6d:a5:a8:e7:7b:ea:36:ff:f8:df:11:13:98:11:
e0:f2:38:4b:cb:ec:14:f8:6c:a2:9a:7a:e5:75:31:65:8c:72:
ea:a7:af:bb:ae:47:b3:75:d9:d4:9e:cb:5b:52:c3:6a:95:b0:
2c:7c:a9:41:fd:5b:80:19:4d:2e:4e:92:e0:75:e8:73:72:d6:
14:78:09:82:55:1a:50:16:68:de:aa:98:fa:ac:49:5d:14:88:
de:c3:ba:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWqH7zQvup1NpIdWMnvMm68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NThkMmYxMzE3MTVjYmFmM2NkZDkyMDY0NTkyNGY1MzUw
OGUwNjcwHhcNMjMwMTEzMDc1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDAyZmVhZWU3NmE3OGFmMmJmNjY4MjA0NGEwNGM5YjAzMGExYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5CFZ9OWPzFcKt2odvZHbcKMRWO09
rvGsTWC/1dKggDRgHEUbEhLlqzuaxEb06qETdaYUYi54tSDJRWkSUBrOEAb58b2m
nwHKkG7I4TUU6qe1KoM0+pwCuHnFIXtAtAvbOfVOYbfEiumK7AOGUvWjaO57RLWI
ZR+VU+sITXVk5hRzs5D70u+GWrzSZslUvkY9icyx+LGuoS9XfsNo60Bga0JgV12b
uaW/F6sKQ6EsIrDlMpCA04hyvnC1L7uPVnKvoLpdWz52AdtOIN95QBpNIKKwsFRz
MI+DxIK6bvpZbVKOneR0O77qN2JHeSyyiugkQWMRKhmpsbop90Fd0W6V/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQC/q7nanivK/ZoIESgTJsDChqMMB8GA1UdIwQY
MBaAFChY0vExcVy6883ZIGRZJPU1COBnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0ZqUzhURnhYTHJ6emRrZ1pGa2s5VFVJNEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi83NWRiYzQtYWUyMi00OTcxLTllZjUt
YTNmMzU1YmVlZWRkLzEvUkFMLXJ1ZHFlSzhyOW1nZ1JLQk1td01LR293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi83NWRiYzQtYWUyMi00OTcxLTllZjUtYTNmMzU1YmVlZWRk
LzEvS0ZqUzhURnhYTHJ6emRrZ1pGa2s5VFVJNEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnXgMA0G
CSqGSIb3DQEBCwUAA4IBAQA+KmhIGAdZ09jDlMyv2wSR4WVdcgqOQtvGRkxV/4RA
oOzH1V38l74aD5wY8/VuXT+JpBqy98zEEgiGZTI7i0dpfEYVwSiL91jRP3dVwmyV
/KlgFpwqM+qp9kJ5Wrd+RlZ4SCfEmScXPRNFecLAU2FP+yaBo9Rx+YLqsUVX9yQD
d05ReI03cNH2Ps23J6qfkXUgoGW5WpeyPpQeJrnuWMcClXxslvebbaWo53vqNv/4
3xETmBHg8jhLy+wU+GyimnrldTFljHLqp6+7rkezddnUnstbUsNqlbAsfKlB/VuA
GU0uTpLgdehzctYUeAmCVRpQFmjeqpj6rEldFIjew7o9
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:57:50 2025 by rpki-client