Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/xGoGuzmlKTVQNnqiepILimgo0R0.roa
File: xGoGuzmlKTVQNnqiepILimgo0R0.roa (raw, json)
Hash identifier: JvWkAMydJ0tw4fry/2SuAB+rT/OUSygn8ZiJ42Vl2gE=
Subject key identifier: C4:6A:06:BB:39:A5:29:35:50:36:7A:A2:7A:92:0B:8A:68:28:D1:1D
Certificate issuer: /CN=0e282a15c1a5d154bbda872b357607a91f950aa5
Certificate serial: 018CC3B729A0D29CC3FAA9E885D54DCF1A4C
Authority key identifier: 0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/xGoGuzmlKTVQNnqiepILimgo0R0.roa
Signing time: Mon 01 Jan 2024 06:30:10 +0000
ROA not before: Mon 01 Jan 2024 06:30:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 57033
IP address blocks: 31.43.163.0/24 maxlen: 24
31.43.160.0/22 maxlen: 22
31.43.161.0/24 maxlen: 24
31.43.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b7:29:a0:d2:9c:c3:fa:a9:e8:85:d5:4d:cf:1a:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e282a15c1a5d154bbda872b357607a91f950aa5
Validity
Not Before: Jan 1 06:30:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c46a06bb39a5293550367aa27a920b8a6828d11d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:f4:98:2f:07:15:95:70:33:31:37:41:8f:0e:
30:c5:6c:98:cd:99:b0:c6:2c:91:b4:12:4a:3a:e7:
0b:f6:f0:47:33:c2:3e:b2:e5:3a:6c:cf:cb:03:d2:
a2:ab:5a:4c:ee:eb:ed:f6:ac:d6:8a:86:c1:e7:c9:
4d:8d:ac:c5:c3:af:49:83:56:5c:ce:e8:c7:e3:d7:
06:ff:ba:10:83:c7:20:98:f6:84:ee:b1:98:3d:54:
7a:94:7b:eb:84:5c:94:65:2e:56:3a:80:93:ef:24:
00:76:4a:74:b4:ac:8e:29:eb:d6:a3:47:d3:9b:99:
98:cb:5d:ca:39:35:aa:ed:f5:2b:09:ce:5a:b1:78:
eb:a6:11:18:b9:31:0d:4b:e7:60:36:21:5d:26:a5:
32:17:1e:72:cb:21:b4:ca:8d:dd:65:b8:cd:1b:2a:
24:f6:8e:05:f2:b2:cb:42:53:b0:d6:43:b0:d4:0a:
fd:67:15:8f:77:b5:f6:e1:07:e9:02:e8:52:33:a5:
96:75:f4:9b:21:fa:31:3f:11:e2:71:85:fd:d7:b8:
ef:a6:e6:b3:b5:a7:2f:24:17:80:2d:23:e9:d4:6b:
1e:9c:17:b0:5b:ee:48:60:aa:8f:b6:02:cb:fd:f3:
ce:8e:b4:c7:e6:95:e3:94:20:f3:d7:0f:28:6a:52:
81:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:6A:06:BB:39:A5:29:35:50:36:7A:A2:7A:92:0B:8A:68:28:D1:1D
X509v3 Authority Key Identifier:
keyid:0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/xGoGuzmlKTVQNnqiepILimgo0R0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/DigqFcGl0VS72ocrNXYHqR-VCqU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.160.0/22
Signature Algorithm: sha256WithRSAEncryption
74:c1:95:0b:ee:45:a5:27:56:10:cb:90:43:33:fe:60:f9:62:
e0:43:38:21:40:03:05:3c:95:24:65:f0:67:2f:06:e2:6c:09:
d4:c9:49:ef:a8:e0:79:c1:5f:6f:53:f7:ee:55:ad:4a:6b:d4:
ff:03:3a:4e:97:ba:14:65:a7:30:f2:d3:cf:76:6c:9c:28:ca:
de:8f:53:ac:9f:da:80:8e:8e:54:35:01:e2:a5:e4:e2:13:4b:
74:e4:db:84:b2:b1:2b:89:31:0f:68:25:aa:39:38:0c:b3:d3:
ec:a2:31:3b:55:3f:5f:ce:f5:b3:ff:2e:97:52:18:11:2c:42:
11:9f:76:f6:7c:fd:31:f0:9e:9c:36:d8:98:af:7e:da:9c:e0:
d7:0e:36:5d:46:84:5f:18:e2:ec:99:18:c7:44:5a:89:ee:50:
1f:e0:ef:32:4a:d2:96:c4:cc:4c:25:d1:a0:9a:24:28:37:ae:
45:b2:4a:ab:c0:51:8e:33:b0:72:64:73:17:72:2c:02:df:88:
99:cc:3c:18:e9:ea:f8:f0:ab:f9:ab:32:f8:a5:b0:af:b7:b4:
45:cc:62:fc:c1:bf:1f:18:99:70:8a:a5:a8:96:00:8b:03:04:
2e:90:de:de:7c:86:d2:18:7b:cd:f5:03:2e:52:a0:58:96:4b:
81:c0:b4:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtymg0pzD+qnohdVNzxpMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjgyYTE1YzFhNWQxNTRiYmRhODcyYjM1NzYwN2E5MWY5
NTBhYTUwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDZhMDZiYjM5YTUyOTM1NTAzNjdhYTI3YTkyMGI4YTY4MjhkMTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/SYLwcVlXAzMTdBjw4wxWyYzZmw
xiyRtBJKOucL9vBHM8I+suU6bM/LA9Kiq1pM7uvt9qzWiobB58lNjazFw69Jg1Zc
zujH49cG/7oQg8cgmPaE7rGYPVR6lHvrhFyUZS5WOoCT7yQAdkp0tKyOKevWo0fT
m5mYy13KOTWq7fUrCc5asXjrphEYuTENS+dgNiFdJqUyFx5yyyG0yo3dZbjNGyok
9o4F8rLLQlOw1kOw1Ar9ZxWPd7X24QfpAuhSM6WWdfSbIfoxPxHicYX917jvpuaz
tacvJBeALSPp1GsenBewW+5IYKqPtgLL/fPOjrTH5pXjlCDz1w8oalKBswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRqBrs5pSk1UDZ6onqSC4poKNEdMB8GA1UdIwQY
MBaAFA4oKhXBpdFUu9qHKzV2B6kflQqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGlncUZjR2wwVlM3Mm9jck5YWUhxUi1WQ3FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kYWYxYWUtZDVlYi00Y2E0LThhYWYt
Nzg3NDFhYzkzYjMwLzEveEdvR3V6bWxLVFZRTm5xaWVwSUxpbWdvMFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kYWYxYWUtZDVlYi00Y2E0LThhYWYtNzg3NDFhYzkzYjMw
LzEvRGlncUZjR2wwVlM3Mm9jck5YWUhxUi1WQ3FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCHyugMA0G
CSqGSIb3DQEBCwUAA4IBAQB0wZUL7kWlJ1YQy5BDM/5g+WLgQzghQAMFPJUkZfBn
LwbibAnUyUnvqOB5wV9vU/fuVa1Ka9T/AzpOl7oUZacw8tPPdmycKMrej1Osn9qA
jo5UNQHipeTiE0t05NuEsrEriTEPaCWqOTgMs9PsojE7VT9fzvWz/y6XUhgRLEIR
n3b2fP0x8J6cNtiYr37anODXDjZdRoRfGOLsmRjHRFqJ7lAf4O8yStKWxMxMJdGg
miQoN65FskqrwFGOM7ByZHMXciwC34iZzDwY6er48Kv5qzL4pbCvt7RFzGL8wb8f
GJlwiqWolgCLAwQukN7efIbSGHvN9QMuUqBYlkuBwLS8
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:59:47 2025 by rpki-client