Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/dkvgOgoQ2GUVgoZFUWghADPPkko.roa
File: dkvgOgoQ2GUVgoZFUWghADPPkko.roa (raw, json)
Hash identifier: l/vuhOkPy48lsJXFdXQ6YuzbdGg0BSyp1FOUeArGbzo=
Subject key identifier: 76:4B:E0:3A:0A:10:D8:65:15:82:86:45:51:68:21:00:33:CF:92:4A
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 018489948C33ED00F1865D984628F0E7F6C9
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/dkvgOgoQ2GUVgoZFUWghADPPkko.roa
Signing time: Fri 18 Nov 2022 07:12:04 +0000
ROA not before: Fri 18 Nov 2022 07:12:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212953
IP address blocks: 176.98.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:89:94:8c:33:ed:00:f1:86:5d:98:46:28:f0:e7:f6:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Nov 18 07:12:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=764be03a0a10d865158286455168210033cf924a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:84:6b:02:ec:47:93:31:be:6b:02:de:10:20:
ba:60:61:78:83:1d:a9:e9:32:4f:d6:23:89:b0:60:
1d:b4:7a:b7:92:4c:11:a1:6c:a8:ca:ee:5b:4b:fa:
53:9a:90:7d:4f:22:3b:b5:3c:5f:4f:f6:c9:8f:0e:
ca:87:16:5d:c8:96:73:40:3d:02:05:e4:cf:6a:8f:
e5:18:6e:40:ed:af:26:78:7f:9c:e6:ac:b0:86:f9:
7c:8d:21:15:b2:0e:61:ae:af:b3:ad:fb:bb:dc:ce:
d3:b8:37:9d:a3:96:9d:ed:0d:a0:52:c9:30:4a:f2:
6c:b6:eb:aa:98:af:c7:80:5b:d4:86:66:f4:43:19:
cd:aa:0b:1c:14:93:91:58:32:9d:3f:28:27:e2:da:
2b:23:59:54:bf:b2:da:96:26:f1:df:8e:55:24:34:
9d:29:7f:cd:fe:05:bc:26:97:da:45:2d:d1:f0:d1:
69:52:05:dc:14:74:6d:13:df:37:60:df:20:e4:4c:
fb:9d:48:28:f0:9d:54:58:04:49:c8:22:cb:33:3c:
8c:68:5c:6c:21:0b:f8:0a:b3:b4:42:3a:a4:ce:1d:
87:ed:9d:ef:70:17:05:cb:e2:d9:ab:03:88:cc:4d:
a4:d5:57:6d:49:90:c2:71:d5:2d:67:95:be:d0:a0:
28:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:4B:E0:3A:0A:10:D8:65:15:82:86:45:51:68:21:00:33:CF:92:4A
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/dkvgOgoQ2GUVgoZFUWghADPPkko.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.98.41.0/24
Signature Algorithm: sha256WithRSAEncryption
45:9f:21:db:cc:f2:d9:b0:cf:20:bf:b5:f0:14:ce:62:c5:31:
ae:9e:80:3c:e8:4d:d1:11:91:7a:b2:37:2b:39:9e:d8:66:e4:
1d:8e:f9:17:31:26:b3:3c:bf:37:07:58:8a:f7:0a:62:fc:b0:
ea:7b:7f:26:ea:8a:e1:ad:d0:9f:03:01:95:a1:c9:b2:9d:df:
61:6f:94:b9:f6:a0:1e:80:99:ec:55:8f:85:1b:8d:fc:db:a4:
24:4e:68:f6:ac:ec:4e:20:74:1a:2d:bc:0f:d1:48:ff:fd:0b:
88:4c:bb:57:22:79:ce:90:07:a0:2a:42:99:68:1c:81:12:eb:
ab:5f:8b:c2:36:5e:3f:c4:aa:f9:e1:98:91:a8:ff:50:78:69:
01:0f:6f:46:87:73:83:62:95:63:33:2c:98:75:4c:56:fa:0b:
d1:1e:05:f3:b7:ec:c4:a1:b7:0c:b5:75:2c:96:aa:32:cd:79:
11:68:41:33:fa:54:d2:fd:06:e9:52:d1:1d:f6:b4:58:c3:eb:
22:db:0f:7d:a4:18:18:70:0b:3c:17:8f:d9:9c:09:1f:4d:81:
71:80:06:98:4c:5f:a4:6b:20:3f:a2:36:20:6a:cd:d9:7c:bf:
45:19:ae:eb:24:14:14:ca:f3:17:8a:a4:29:de:9e:6e:f6:6f:
94:99:f0:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYSJlIwz7QDxhl2YRijw5/bJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjIxMTE4MDcxMjA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjRiZTAzYTBhMTBkODY1MTU4Mjg2NDU1MTY4MjEwMDMzY2Y5MjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoRrAuxHkzG+awLeECC6YGF4gx2p
6TJP1iOJsGAdtHq3kkwRoWyoyu5bS/pTmpB9TyI7tTxfT/bJjw7KhxZdyJZzQD0C
BeTPao/lGG5A7a8meH+c5qywhvl8jSEVsg5hrq+zrfu73M7TuDedo5ad7Q2gUskw
SvJstuuqmK/HgFvUhmb0QxnNqgscFJORWDKdPygn4torI1lUv7Lalibx345VJDSd
KX/N/gW8JpfaRS3R8NFpUgXcFHRtE983YN8g5Ez7nUgo8J1UWARJyCLLMzyMaFxs
IQv4CrO0Qjqkzh2H7Z3vcBcFy+LZqwOIzE2k1VdtSZDCcdUtZ5W+0KAoXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZL4DoKENhlFYKGRVFoIQAzz5JKMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvZGt2Z09nb1EyR1VWZ29aRlVXZ2hBRFBQa2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGIpMA0G
CSqGSIb3DQEBCwUAA4IBAQBFnyHbzPLZsM8gv7XwFM5ixTGunoA86E3REZF6sjcr
OZ7YZuQdjvkXMSazPL83B1iK9wpi/LDqe38m6orhrdCfAwGVocmynd9hb5S59qAe
gJnsVY+FG43826QkTmj2rOxOIHQaLbwP0Uj//QuITLtXInnOkAegKkKZaByBEuur
X4vCNl4/xKr54ZiRqP9QeGkBD29Gh3ODYpVjMyyYdUxW+gvRHgXzt+zEobcMtXUs
lqoyzXkRaEEz+lTS/QbpUtEd9rRYw+si2w99pBgYcAs8F4/ZnAkfTYFxgAaYTF+k
ayA/ojYgas3ZfL9FGa7rJBQUyvMXiqQp3p5u9m+UmfBP
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:52:14 2025 by rpki-client