Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/sYt44MrfZmAUuceHb0q3u-0JoVc.roa
File: sYt44MrfZmAUuceHb0q3u-0JoVc.roa (raw, json)
Hash identifier: FL85qxLFtkZZVV+brqNygfiExYe0Taa52y3syORYRCI=
Subject key identifier: B1:8B:78:E0:CA:DF:66:60:14:B9:C7:87:6F:4A:B7:BB:ED:09:A1:57
Certificate issuer: /CN=0e282a15c1a5d154bbda872b357607a91f950aa5
Certificate serial: 018AB2552B632CB059329B83F852B4F7078D
Authority key identifier: 0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/sYt44MrfZmAUuceHb0q3u-0JoVc.roa
Signing time: Wed 20 Sep 2023 11:24:00 +0000
ROA not before: Wed 20 Sep 2023 11:24:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57033
IP address blocks: 31.43.163.0/24 maxlen: 24
31.43.160.0/22 maxlen: 22
31.43.161.0/24 maxlen: 24
31.43.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:b2:55:2b:63:2c:b0:59:32:9b:83:f8:52:b4:f7:07:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e282a15c1a5d154bbda872b357607a91f950aa5
Validity
Not Before: Sep 20 11:24:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b18b78e0cadf666014b9c7876f4ab7bbed09a157
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:71:9e:1b:7d:9c:a9:d1:1c:69:4a:43:5f:f9:
96:29:01:99:8d:ed:30:13:05:6c:17:fb:ba:f5:14:
6f:da:c5:5d:bc:5d:48:fe:4a:3f:00:82:7e:6a:ac:
25:e3:e4:42:03:a2:1b:b1:ec:d0:3a:aa:b8:f5:73:
6e:e4:16:49:35:8b:1e:91:54:ee:5c:59:e8:82:fd:
c4:f6:38:f2:78:b5:d9:d8:82:01:79:9d:87:5e:e7:
36:4f:df:12:42:62:40:d7:9f:c3:5a:c1:39:36:bb:
dd:e3:2a:85:2f:62:59:30:26:0a:66:87:32:18:0b:
b3:5f:bd:97:53:c9:96:de:41:8b:ea:77:c6:58:44:
ee:18:27:0c:eb:63:63:54:8d:14:43:26:76:14:94:
c5:3e:2f:b9:2a:cd:2a:ef:54:d8:98:38:7a:fd:4b:
08:5d:d9:a5:ae:90:64:f6:74:dc:ab:d0:51:f5:37:
fa:77:52:e7:a3:50:f9:2d:14:9c:50:55:b5:11:95:
b4:45:c4:d2:f1:da:d1:d0:83:e7:40:6b:3a:a5:54:
56:2e:6e:5d:9d:f0:df:eb:ae:40:40:ce:cf:06:f6:
99:9c:28:77:ea:18:35:dc:57:02:b8:98:e3:a9:0c:
eb:ca:5f:06:d5:a4:61:c6:6b:45:6b:b3:cd:b4:60:
c7:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:8B:78:E0:CA:DF:66:60:14:B9:C7:87:6F:4A:B7:BB:ED:09:A1:57
X509v3 Authority Key Identifier:
keyid:0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/sYt44MrfZmAUuceHb0q3u-0JoVc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/DigqFcGl0VS72ocrNXYHqR-VCqU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.160.0/22
Signature Algorithm: sha256WithRSAEncryption
34:1a:26:95:ad:b3:4c:83:7f:a4:c7:f5:28:f3:e0:a3:8c:aa:
e1:ce:df:eb:be:ad:5e:6d:64:57:f8:dd:16:58:89:1a:63:79:
71:82:fd:9e:55:35:3c:9a:30:09:34:09:69:bb:cd:3c:d4:aa:
5f:e8:e1:99:f5:d0:21:23:40:f7:2c:c3:3a:c5:e5:61:54:dd:
6a:ec:9f:1a:a4:f0:59:2b:98:2d:9d:f6:c4:55:24:70:fa:ec:
7d:a1:da:47:11:34:d8:d0:4d:fb:62:32:c0:33:02:5b:a4:af:
ec:fb:e9:91:dc:b0:51:2c:ae:71:1f:79:3a:3a:9c:da:8f:ab:
e7:96:c1:7f:18:88:d2:c5:c9:4a:65:68:2d:b5:ca:ef:fc:12:
60:6e:68:2c:f5:33:d4:00:7c:d3:22:b8:45:49:9e:b3:cd:b7:
28:92:77:48:b2:96:05:d9:b8:77:62:0f:eb:0f:3a:3e:bc:7c:
bc:6b:4d:33:79:c6:02:9f:57:5b:75:5e:ee:d0:cc:89:e2:b2:
d7:71:cf:c7:de:4b:d7:48:8f:97:df:6c:b4:24:eb:31:68:98:
7a:60:df:30:0a:08:e6:01:1f:a9:e1:3d:8d:c5:e5:06:fb:43:
69:1c:e1:55:b5:c6:77:31:66:e7:68:c0:b6:41:1e:e8:a1:37:
96:9b:5d:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYqyVStjLLBZMpuD+FK09weNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjgyYTE1YzFhNWQxNTRiYmRhODcyYjM1NzYwN2E5MWY5
NTBhYTUwHhcNMjMwOTIwMTEyNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThiNzhlMGNhZGY2NjYwMTRiOWM3ODc2ZjRhYjdiYmVkMDlhMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3GeG32cqdEcaUpDX/mWKQGZje0w
EwVsF/u69RRv2sVdvF1I/ko/AIJ+aqwl4+RCA6IbsezQOqq49XNu5BZJNYsekVTu
XFnogv3E9jjyeLXZ2IIBeZ2HXuc2T98SQmJA15/DWsE5Nrvd4yqFL2JZMCYKZocy
GAuzX72XU8mW3kGL6nfGWETuGCcM62NjVI0UQyZ2FJTFPi+5Ks0q71TYmDh6/UsI
XdmlrpBk9nTcq9BR9Tf6d1Lno1D5LRScUFW1EZW0RcTS8drR0IPnQGs6pVRWLm5d
nfDf665AQM7PBvaZnCh36hg13FcCuJjjqQzryl8G1aRhxmtFa7PNtGDHMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGLeODK32ZgFLnHh29Kt7vtCaFXMB8GA1UdIwQY
MBaAFA4oKhXBpdFUu9qHKzV2B6kflQqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGlncUZjR2wwVlM3Mm9jck5YWUhxUi1WQ3FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kYWYxYWUtZDVlYi00Y2E0LThhYWYt
Nzg3NDFhYzkzYjMwLzEvc1l0NDRNcmZabUFVdWNlSGIwcTN1LTBKb1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kYWYxYWUtZDVlYi00Y2E0LThhYWYtNzg3NDFhYzkzYjMw
LzEvRGlncUZjR2wwVlM3Mm9jck5YWUhxUi1WQ3FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHyugMA0G
CSqGSIb3DQEBCwUAA4IBAQA0GiaVrbNMg3+kx/Uo8+CjjKrhzt/rvq1ebWRX+N0W
WIkaY3lxgv2eVTU8mjAJNAlpu8081Kpf6OGZ9dAhI0D3LMM6xeVhVN1q7J8apPBZ
K5gtnfbEVSRw+ux9odpHETTY0E37YjLAMwJbpK/s++mR3LBRLK5xH3k6Opzaj6vn
lsF/GIjSxclKZWgttcrv/BJgbmgs9TPUAHzTIrhFSZ6zzbcokndIspYF2bh3Yg/r
Dzo+vHy8a00zecYCn1dbdV7u0MyJ4rLXcc/H3kvXSI+X32y0JOsxaJh6YN8wCgjm
AR+p4T2NxeUG+0NpHOFVtcZ3MWbnaMC2QR7ooTeWm11a
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:55:04 2025 by rpki-client