Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/khQ40FwIjzOyhfBEVjbg3yOcZAU.roa
File: khQ40FwIjzOyhfBEVjbg3yOcZAU.roa (raw, json)
Hash identifier: 9f9XBEnA5UB6JrqJl825a1VIXinFudfD2HNvXRXz620=
Subject key identifier: 92:14:38:D0:5C:08:8F:33:B2:85:F0:44:56:36:E0:DF:23:9C:64:05
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 01857169E498194A756E1F56FE7457941DFF
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/khQ40FwIjzOyhfBEVjbg3yOcZAU.roa
Signing time: Mon 02 Jan 2023 07:37:23 +0000
ROA not before: Mon 02 Jan 2023 07:37:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60721
IP address blocks: 193.31.116.0/24 maxlen: 24
176.98.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:69:e4:98:19:4a:75:6e:1f:56:fe:74:57:94:1d:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 2 07:37:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=921438d05c088f33b285f0445636e0df239c6405
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:b8:3b:8e:17:d0:f1:31:b9:25:db:28:9f:51:
a7:fc:77:b1:45:45:f0:6b:16:ea:7d:ee:b6:0a:ca:
bf:6d:fc:e1:de:4c:b9:38:6d:03:9a:99:dc:30:77:
13:15:94:09:dc:85:3f:f8:c8:2b:8e:5e:22:9b:57:
9e:42:d8:52:e9:a6:23:4c:84:b4:34:4f:97:ae:30:
89:94:0a:a4:cf:31:8f:94:40:c5:6b:e0:21:94:85:
34:a4:86:34:bd:73:ce:9c:f9:a0:d2:b4:30:6d:2c:
37:5f:37:e1:af:dc:58:62:45:0f:77:b4:0e:7f:59:
8c:46:3e:2f:65:ef:d8:d3:69:d5:66:ae:5a:80:fc:
f0:c5:dc:01:67:16:d7:af:f3:38:c3:31:82:ac:be:
c2:28:95:34:7f:54:93:51:bc:31:ef:5d:15:ed:78:
03:1b:6b:5e:7e:b3:37:54:c5:6a:da:39:84:7e:02:
1b:1e:19:1b:24:80:9f:24:f9:d5:20:bf:2d:4c:2f:
c0:69:f1:2e:1e:cd:c6:5c:10:02:bc:8c:07:a4:03:
68:80:cf:d8:0d:26:00:be:ce:de:a7:53:45:18:9f:
a6:73:90:d4:95:96:85:38:02:a8:5e:dd:9b:e1:a8:
a7:8a:96:a2:8f:0b:ab:3e:fa:2c:c0:85:89:41:19:
81:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:14:38:D0:5C:08:8F:33:B2:85:F0:44:56:36:E0:DF:23:9C:64:05
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/khQ40FwIjzOyhfBEVjbg3yOcZAU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.98.41.0/24
193.31.116.0/24
Signature Algorithm: sha256WithRSAEncryption
d5:b5:fc:d0:75:12:e9:03:ab:82:1d:8b:f5:8b:ca:70:07:1e:
80:c0:e8:b9:aa:bb:24:3c:5e:b5:28:98:b1:5b:4c:20:d7:c2:
18:1f:10:76:80:2f:3b:49:8e:a2:32:f5:ef:da:b7:53:a6:b4:
d4:da:53:ac:58:c3:7d:2c:e2:be:74:3a:4a:a8:96:13:3d:6c:
3e:2c:2f:f8:d2:0f:c2:2f:c3:33:d4:34:1e:c7:07:0a:36:ad:
15:03:75:4e:c1:8c:0c:c3:42:66:c8:88:e0:4a:d2:a4:b7:da:
83:78:e8:6f:a4:bf:56:32:44:2c:af:8a:6e:88:b7:16:87:c3:
bb:aa:18:dc:de:95:df:32:8d:3c:7a:ac:4b:a6:d8:44:f2:6f:
10:71:0d:37:ad:ea:d6:1d:26:f7:5c:79:5e:3e:d0:c4:d5:3d:
72:03:85:5d:f5:f0:11:af:15:f0:c8:ad:f8:4a:fc:d2:b3:59:
95:35:3e:4f:27:ce:f5:4f:ac:1f:3e:ef:70:ab:f9:ac:05:c4:
cf:55:af:fc:8a:fb:57:03:9c:0d:e8:cb:a2:da:af:be:5f:7e:
b8:ba:86:43:14:3c:f5:61:c6:5a:9d:2c:1d:f0:de:36:38:cb:
33:b8:73:34:41:fa:b3:78:05:62:db:33:94:80:02:3b:7e:5b:
92:b0:0f:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxaeSYGUp1bh9W/nRXlB3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjMwMTAyMDczNzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjE0MzhkMDVjMDg4ZjMzYjI4NWYwNDQ1NjM2ZTBkZjIzOWM2NDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrg7jhfQ8TG5Jdson1Gn/HexRUXw
axbqfe62Csq/bfzh3ky5OG0DmpncMHcTFZQJ3IU/+Mgrjl4im1eeQthS6aYjTIS0
NE+XrjCJlAqkzzGPlEDFa+AhlIU0pIY0vXPOnPmg0rQwbSw3Xzfhr9xYYkUPd7QO
f1mMRj4vZe/Y02nVZq5agPzwxdwBZxbXr/M4wzGCrL7CKJU0f1STUbwx710V7XgD
G2tefrM3VMVq2jmEfgIbHhkbJICfJPnVIL8tTC/AafEuHs3GXBACvIwHpANogM/Y
DSYAvs7ep1NFGJ+mc5DUlZaFOAKoXt2b4ainipaijwurPvoswIWJQRmBuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJIUONBcCI8zsoXwRFY24N8jnGQFMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEva2hRNDBGd0lqek95aGZCRVZqYmczeU9jWkFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsGIpAwQA
wR90MA0GCSqGSIb3DQEBCwUAA4IBAQDVtfzQdRLpA6uCHYv1i8pwBx6AwOi5qrsk
PF61KJixW0wg18IYHxB2gC87SY6iMvXv2rdTprTU2lOsWMN9LOK+dDpKqJYTPWw+
LC/40g/CL8Mz1DQexwcKNq0VA3VOwYwMw0JmyIjgStKkt9qDeOhvpL9WMkQsr4pu
iLcWh8O7qhjc3pXfMo08eqxLpthE8m8QcQ03rerWHSb3XHlePtDE1T1yA4Vd9fAR
rxXwyK34SvzSs1mVNT5PJ871T6wfPu9wq/msBcTPVa/8ivtXA5wN6Mui2q++X364
uoZDFDz1YcZanSwd8N42OMszuHM0QfqzeAVi2zOUgAI7fluSsA+e
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:55:20 2025 by rpki-client