Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/df05e1-6862-4ed4-876d-150b5db4f56b/1/o-P_HJRBKOtB2eEd39Te63g5FH8.roa
File: o-P_HJRBKOtB2eEd39Te63g5FH8.roa (raw, json)
Hash identifier: L3vDUxaoybO4N6N1a8W2aCyzQvjaPEwHamNNMq9j3s0=
Subject key identifier: A3:E3:FF:1C:94:41:28:EB:41:D9:E1:1D:DF:D4:DE:EB:78:39:14:7F
Certificate issuer: /CN=f6f18c02405742c25377d696cd2a69dcc974bff8
Certificate serial: 0191139F7CCF286B4C790C8DAD708B829773
Authority key identifier: F6:F1:8C:02:40:57:42:C2:53:77:D6:96:CD:2A:69:DC:C9:74:BF:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9vGMAkBXQsJTd9aWzSpp3Ml0v_g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/df05e1-6862-4ed4-876d-150b5db4f56b/1/o-P_HJRBKOtB2eEd39Te63g5FH8.roa
Signing time: Fri 02 Aug 2024 15:05:04 +0000
ROA not before: Fri 02 Aug 2024 15:05:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48919
IP address blocks: 31.128.160.0/20 maxlen: 20
31.128.160.0/21 maxlen: 21
95.215.92.0/22 maxlen: 22
2001:67c:19ac::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:13:9f:7c:cf:28:6b:4c:79:0c:8d:ad:70:8b:82:97:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f6f18c02405742c25377d696cd2a69dcc974bff8
Validity
Not Before: Aug 2 15:05:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a3e3ff1c944128eb41d9e11ddfd4deeb7839147f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:9a:16:f4:97:bc:5e:31:e7:49:fc:f5:4c:86:
d1:9f:b0:78:44:19:8d:9f:a5:1c:f0:54:be:fb:d7:
56:ad:1e:f9:df:00:3e:74:1e:ef:95:54:d7:ac:f3:
77:36:7e:5c:8e:83:05:7f:be:1c:8d:f2:0c:38:8a:
64:5b:c2:32:84:e6:ca:25:de:a9:fb:5e:dc:08:a8:
fe:09:d0:42:d0:99:0e:ca:ad:37:09:bd:db:a4:ee:
64:c0:9a:db:81:2e:9a:af:86:e0:73:30:e1:28:91:
42:05:a3:57:fc:dc:e6:2e:e2:b7:48:00:2e:a9:81:
37:02:e2:c1:9f:07:79:0f:74:98:ab:d0:26:9e:a4:
85:87:2d:cc:79:80:a9:88:1d:f2:e6:d8:6e:48:36:
7a:87:38:b8:7c:23:9b:22:19:49:91:d9:18:2a:d2:
8e:ba:fc:c4:62:f9:10:a7:4f:1b:93:95:da:29:1d:
e1:61:aa:17:9d:e1:b0:d8:0a:f9:0f:b5:4c:f6:95:
d7:13:0f:fc:9d:c4:44:60:d3:0d:96:05:94:58:ca:
96:78:58:b6:20:c0:39:e2:9c:19:34:73:e9:55:de:
d8:20:c5:a9:ac:dc:83:3b:37:e6:f4:c4:42:b0:06:
59:8e:6a:7f:76:76:09:d6:ba:f6:3f:61:9a:f2:42:
70:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:E3:FF:1C:94:41:28:EB:41:D9:E1:1D:DF:D4:DE:EB:78:39:14:7F
X509v3 Authority Key Identifier:
keyid:F6:F1:8C:02:40:57:42:C2:53:77:D6:96:CD:2A:69:DC:C9:74:BF:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9vGMAkBXQsJTd9aWzSpp3Ml0v_g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/df05e1-6862-4ed4-876d-150b5db4f56b/1/o-P_HJRBKOtB2eEd39Te63g5FH8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/df05e1-6862-4ed4-876d-150b5db4f56b/1/9vGMAkBXQsJTd9aWzSpp3Ml0v_g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.128.160.0/20
95.215.92.0/22
IPv6:
2001:67c:19ac::/48
Signature Algorithm: sha256WithRSAEncryption
17:6a:d0:ac:7a:f5:91:57:bd:bc:82:5a:4e:80:78:97:9d:bb:
a7:78:6b:ea:99:2b:f3:df:67:f6:cc:6c:36:b3:70:fa:d9:aa:
df:b6:0d:a5:b2:9c:bb:73:e7:81:9f:24:9e:3f:61:24:41:b6:
42:17:ee:5c:f9:e7:09:a6:3f:b7:54:49:21:48:1e:67:0d:cf:
d7:d3:a4:49:ef:90:cc:ec:b1:ca:ba:e3:43:88:58:81:f3:cb:
aa:53:77:ea:b0:a5:cb:43:39:b9:49:32:44:8e:d0:23:6f:1c:
3c:50:14:e3:49:d7:b3:f5:48:07:0b:ae:cb:5a:87:96:8f:00:
80:89:7a:38:e0:d9:06:65:85:91:28:64:8b:12:4f:6f:00:e8:
6b:06:96:2c:ce:b1:5f:d4:e8:90:ca:88:45:5c:42:1b:57:49:
1f:dd:27:f4:25:93:57:f7:7a:b9:eb:d9:06:7d:d0:0e:ae:2f:
78:bb:39:6a:0e:6c:37:14:8a:9f:e1:cc:b2:c2:73:e0:48:d4:
a5:47:a1:69:ba:29:32:5d:06:c4:ba:5d:05:a6:e8:4e:ff:66:
7c:c5:cf:d5:43:d1:b2:14:e3:ea:17:19:f7:5b:37:51:f2:7c:
9a:cf:08:54:92:b6:9c:83:e9:88:0c:b4:69:28:af:b5:94:c0:
2f:4f:25:19
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZETn3zPKGtMeQyNrXCLgpdzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZjE4YzAyNDA1NzQyYzI1Mzc3ZDY5NmNkMmE2OWRjYzk3
NGJmZjgwHhcNMjQwODAyMTUwNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2UzZmYxYzk0NDEyOGViNDFkOWUxMWRkZmQ0ZGVlYjc4MzkxNDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJoW9Je8XjHnSfz1TIbRn7B4RBmN
n6Uc8FS++9dWrR753wA+dB7vlVTXrPN3Nn5cjoMFf74cjfIMOIpkW8IyhObKJd6p
+17cCKj+CdBC0JkOyq03Cb3bpO5kwJrbgS6ar4bgczDhKJFCBaNX/NzmLuK3SAAu
qYE3AuLBnwd5D3SYq9AmnqSFhy3MeYCpiB3y5thuSDZ6hzi4fCObIhlJkdkYKtKO
uvzEYvkQp08bk5XaKR3hYaoXneGw2Ar5D7VM9pXXEw/8ncREYNMNlgWUWMqWeFi2
IMA54pwZNHPpVd7YIMWprNyDOzfm9MRCsAZZjmp/dnYJ1rr2P2Ga8kJwJQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFKPj/xyUQSjrQdnhHd/U3ut4ORR/MB8GA1UdIwQY
MBaAFPbxjAJAV0LCU3fWls0qadzJdL/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXZHTUFrQlhRc0pUZDlhV3pTcHAzTWwwdl9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9kZjA1ZTEtNjg2Mi00ZWQ0LTg3NmQt
MTUwYjVkYjRmNTZiLzEvby1QX0hKUkJLT3RCMmVFZDM5VGU2M2c1Rkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9kZjA1ZTEtNjg2Mi00ZWQ0LTg3NmQtMTUwYjVkYjRmNTZi
LzEvOXZHTUFrQlhRc0pUZDlhV3pTcHAzTWwwdl9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQEH4CgAwQC
X9dcMA8EAgACMAkDBwAgAQZ8GawwDQYJKoZIhvcNAQELBQADggEBABdq0Kx69ZFX
vbyCWk6AeJedu6d4a+qZK/PfZ/bMbDazcPrZqt+2DaWynLtz54GfJJ4/YSRBtkIX
7lz55wmmP7dUSSFIHmcNz9fTpEnvkMzsscq640OIWIHzy6pTd+qwpctDOblJMkSO
0CNvHDxQFONJ17P1SAcLrstah5aPAICJejjg2QZlhZEoZIsST28A6GsGlizOsV/U
6JDKiEVcQhtXSR/dJ/Qlk1f3ernr2QZ90A6uL3i7OWoObDcUip/hzLLCc+BI1KVH
oWm6KTJdBsS6XQWm6E7/ZnzFz9VD0bIU4+oXGfdbN1HyfJrPCFSStpyD6YgMtGko
r7WUwC9PJRk=
-----END CERTIFICATE-----
Generated at Tue Apr 22 19:47:58 2025 by rpki-client