Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Sag71X9CjBXttNETcBl8I-L4L-4.roa
File: Sag71X9CjBXttNETcBl8I-L4L-4.roa (raw, json)
Hash identifier: AUDQd+v6tfPx7ssNgBh/8aQtcib7c1nznEr8qL7Xsek=
Subject key identifier: 49:A8:3B:D5:7F:42:8C:15:ED:B4:D1:13:70:19:7C:23:E2:F8:2F:EE
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 018CC8DF63DE749375DF50F47CE5174762B5
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Sag71X9CjBXttNETcBl8I-L4L-4.roa
Signing time: Tue 02 Jan 2024 06:32:12 +0000
ROA not before: Tue 02 Jan 2024 06:32:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211327
IP address blocks: 176.98.40.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:63:de:74:93:75:df:50:f4:7c:e5:17:47:62:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 2 06:32:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=49a83bd57f428c15edb4d11370197c23e2f82fee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:d8:4d:8c:d3:d8:99:ec:c1:e9:1c:b9:24:1e:
57:9c:ed:9b:e2:7b:ad:c9:fe:d6:22:28:a1:d6:07:
04:07:6c:0d:b4:2b:5f:76:cc:f7:4b:ef:80:4e:cf:
65:a0:e5:f7:fb:bf:d8:d3:ab:28:7e:81:82:13:d0:
10:89:b7:2e:2a:7e:57:6a:31:f7:04:e6:4e:56:67:
a2:31:89:6a:af:1a:1b:69:38:24:db:9f:14:5d:26:
2c:e6:29:64:c7:5a:26:d8:cb:8b:85:81:60:43:95:
06:b7:29:4f:74:2c:96:81:2a:13:31:d3:ff:60:44:
28:8d:1a:54:d9:76:e3:ef:cd:7e:d7:4f:ea:ce:1f:
0e:7d:e2:fc:30:a6:5f:54:96:96:b8:ff:b6:37:67:
51:08:d2:e4:b7:b5:eb:89:89:79:9f:ac:3d:c4:01:
7b:ad:c7:71:80:80:a8:c8:9d:8c:d8:e9:b0:1f:bb:
8e:ed:3e:e4:c9:0e:00:84:3d:c2:ab:0e:76:da:09:
3c:cd:53:a3:ce:2e:fb:10:a7:60:38:ed:a3:d2:38:
8c:51:cd:35:7d:91:3b:ce:6a:9e:a6:3c:a7:b0:2a:
97:fd:46:a7:48:64:10:7c:9a:da:c2:37:df:52:7a:
79:76:ee:07:0b:33:60:17:28:32:04:c4:d6:c0:d4:
9e:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:A8:3B:D5:7F:42:8C:15:ED:B4:D1:13:70:19:7C:23:E2:F8:2F:EE
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/Sag71X9CjBXttNETcBl8I-L4L-4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.98.40.0/24
Signature Algorithm: sha256WithRSAEncryption
92:6b:ef:f7:5d:26:26:3f:55:29:71:b7:7a:04:a8:b8:d5:75:
d5:e6:57:ca:0b:7e:5d:db:bf:1f:f8:45:0b:5a:47:32:c2:07:
2f:e0:e2:e5:bb:85:17:d8:81:19:46:39:c6:b1:a8:4b:6a:b0:
4a:1c:12:4e:2b:56:9a:9d:7a:33:d7:71:b1:49:11:0e:ea:8e:
6d:26:3f:4c:74:ce:d7:b3:4e:ab:89:13:19:72:a7:b9:85:03:
6d:a6:1e:d4:57:5c:af:8b:a6:a2:43:5f:29:79:5c:b9:53:82:
63:84:ee:c4:e4:89:ff:2d:a5:4f:62:93:b7:e1:4e:cb:e7:24:
77:1a:57:c4:86:6e:87:dd:45:50:da:3f:61:77:82:fd:f8:4e:
bf:f9:1a:38:f7:78:18:97:ee:82:cc:87:c1:9d:1a:62:7d:6e:
c7:c4:10:0a:bd:0c:0e:7a:b6:47:75:f0:8a:5c:c9:8c:7d:61:
d2:5e:45:86:27:76:f9:dd:8f:75:6f:c4:51:19:88:2a:98:4c:
a4:b5:ed:d6:40:9b:32:39:29:2b:c0:31:72:0a:c5:61:ba:34:
9c:8f:e0:eb:41:c2:9e:9a:35:3c:d9:e0:c3:28:c4:ae:11:3d:
b8:7f:2c:e9:ee:80:45:b3:6e:98:de:f0:01:6b:47:1f:e6:b8:
a5:f9:d8:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI32PedJN131D0fOUXR2K1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjQwMTAyMDYzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWE4M2JkNTdmNDI4YzE1ZWRiNGQxMTM3MDE5N2MyM2UyZjgyZmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdhNjNPYmezB6Ry5JB5XnO2b4nut
yf7WIiih1gcEB2wNtCtfdsz3S++ATs9loOX3+7/Y06sofoGCE9AQibcuKn5XajH3
BOZOVmeiMYlqrxobaTgk258UXSYs5ilkx1om2MuLhYFgQ5UGtylPdCyWgSoTMdP/
YEQojRpU2Xbj781+10/qzh8OfeL8MKZfVJaWuP+2N2dRCNLkt7XriYl5n6w9xAF7
rcdxgICoyJ2M2OmwH7uO7T7kyQ4AhD3Cqw522gk8zVOjzi77EKdgOO2j0jiMUc01
fZE7zmqepjynsCqX/UanSGQQfJrawjffUnp5du4HCzNgFygyBMTWwNSe/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmoO9V/QowV7bTRE3AZfCPi+C/uMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvU2FnNzFYOUNqQlh0dE5FVGNCbDhJLUw0TC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGIoMA0G
CSqGSIb3DQEBCwUAA4IBAQCSa+/3XSYmP1Upcbd6BKi41XXV5lfKC35d278f+EUL
Wkcywgcv4OLlu4UX2IEZRjnGsahLarBKHBJOK1aanXoz13GxSREO6o5tJj9MdM7X
s06riRMZcqe5hQNtph7UV1yvi6aiQ18peVy5U4JjhO7E5In/LaVPYpO34U7L5yR3
GlfEhm6H3UVQ2j9hd4L9+E6/+Ro493gYl+6CzIfBnRpifW7HxBAKvQwOerZHdfCK
XMmMfWHSXkWGJ3b53Y91b8RRGYgqmEykte3WQJsyOSkrwDFyCsVhujScj+DrQcKe
mjU82eDDKMSuET24fyzp7oBFs26Y3vABa0cf5ril+dix
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:25:26 2025 by rpki-client