Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/520d04-e912-4f46-a9e6-7055393f75fe/1/2CQeMTgS8vWtgeLI1sDtbRgyMWk.roa
File: 2CQeMTgS8vWtgeLI1sDtbRgyMWk.roa (raw, json)
Hash identifier: HrE+t1btaOGskZFM7Lk9FwqnmeeQQFkx13laJJmuy6I=
Subject key identifier: D8:24:1E:31:38:12:F2:F5:AD:81:E2:C8:D6:C0:ED:6D:18:32:31:69
Certificate issuer: /CN=1dc7522321c23d169ed332ff49879ccc245172db
Certificate serial: 33060E58
Authority key identifier: 1D:C7:52:23:21:C2:3D:16:9E:D3:32:FF:49:87:9C:CC:24:51:72:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HcdSIyHCPRae0zL_SYeczCRRcts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/520d04-e912-4f46-a9e6-7055393f75fe/1/2CQeMTgS8vWtgeLI1sDtbRgyMWk.roa
Signing time: Sat 01 Jan 2022 10:01:27 +0000
ROA not before: Sat 01 Jan 2022 10:01:27 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15583
IP address blocks: 62.233.1.0/24 maxlen: 24
62.233.0.0/19 maxlen: 19
62.233.6.0/24 maxlen: 24
2a01:9100::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 856034904 (0x33060e58)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1dc7522321c23d169ed332ff49879ccc245172db
Validity
Not Before: Jan 1 10:01:27 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d8241e313812f2f5ad81e2c8d6c0ed6d18323169
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:b7:ff:bd:4c:6b:83:dd:76:77:65:80:4c:5e:
6e:b7:3c:67:aa:d2:91:c1:cc:17:56:60:bd:d2:d3:
ed:17:6e:5a:d5:6d:60:11:f4:c4:14:22:86:48:9b:
f2:8a:58:72:05:6f:7c:8a:90:09:fa:fe:18:a9:b6:
ca:59:0f:66:8b:55:3b:43:37:fa:82:60:5a:08:0f:
14:eb:30:48:08:52:1d:02:f5:d0:ef:c8:ac:bb:17:
ed:3f:2d:f5:01:33:43:9d:ec:d5:56:f6:58:d7:05:
5b:b6:fc:1e:55:5d:b7:dd:65:4e:62:c4:ba:45:1d:
62:5f:35:75:33:7d:da:77:be:51:b5:e4:50:b3:40:
03:94:da:a8:a2:44:32:00:08:b9:6d:55:b9:2b:62:
22:be:82:f2:47:f0:2f:fa:12:8b:86:5e:a4:b3:90:
b3:c4:b3:53:d3:7b:ba:b9:67:4d:82:a4:51:3e:8f:
0c:fe:01:b8:aa:29:e4:4d:47:45:55:b1:af:85:63:
15:a7:44:f7:88:7f:6e:d5:3f:d9:d2:86:80:a9:e2:
7b:f5:6b:1b:13:d3:8e:6d:e0:e3:11:72:57:d6:3f:
58:f2:8e:be:a6:f3:41:02:b6:33:3f:fa:60:55:0a:
41:f1:3d:4a:79:cb:5d:4f:3a:2e:71:86:e7:12:2f:
63:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:24:1E:31:38:12:F2:F5:AD:81:E2:C8:D6:C0:ED:6D:18:32:31:69
X509v3 Authority Key Identifier:
keyid:1D:C7:52:23:21:C2:3D:16:9E:D3:32:FF:49:87:9C:CC:24:51:72:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HcdSIyHCPRae0zL_SYeczCRRcts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/520d04-e912-4f46-a9e6-7055393f75fe/1/2CQeMTgS8vWtgeLI1sDtbRgyMWk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/520d04-e912-4f46-a9e6-7055393f75fe/1/HcdSIyHCPRae0zL_SYeczCRRcts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.233.0.0/19
IPv6:
2a01:9100::/29
Signature Algorithm: sha256WithRSAEncryption
49:45:0d:69:b1:5a:05:7a:e6:97:89:48:e1:17:ef:b9:5b:e4:
07:0f:10:f1:db:da:e0:17:73:51:7f:65:2c:7e:a3:ec:04:18:
64:4a:99:43:d0:01:67:fd:ee:ec:52:2b:56:c9:1e:2a:d0:13:
04:d4:cc:43:b6:bc:1c:a9:99:d7:df:4c:7a:78:b8:3b:3d:68:
26:b8:75:63:36:63:aa:79:50:8a:14:c7:7a:ce:55:d0:b7:10:
22:dd:1c:b5:e6:4e:ca:7a:5f:5f:9d:14:a1:7d:80:72:78:99:
45:8f:c7:c0:ea:ba:76:27:a1:33:d0:93:01:e4:67:fd:59:8c:
23:9f:f9:0f:3c:e9:90:50:83:fc:a7:93:e4:27:7a:ef:46:ae:
42:58:57:98:bb:cb:5e:bf:59:99:d9:84:d0:2a:da:16:a0:75:
ea:e7:01:91:d5:af:61:17:b9:57:66:79:f9:37:f3:cb:df:ca:
58:83:b5:de:9f:6f:39:0e:3e:19:55:74:c8:e5:a5:52:5d:ae:
94:0d:6a:65:a8:17:d8:d0:b1:77:e7:f2:fe:d0:e8:79:cc:88:
47:d8:ff:28:b9:8f:76:ac:62:7a:7e:10:8d:f6:bb:75:ca:1a:
9b:ed:2f:e5:05:cb:56:e6:7a:de:7d:99:ec:1d:87:08:6e:17:
f3:a9:f2:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIEMwYOWDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZGM3NTIyMzIxYzIzZDE2OWVkMzMyZmY0OTg3OWNjYzI0NTE3MmRiMB4XDTIyMDEw
MTEwMDEyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDgyNDFlMzEzODEy
ZjJmNWFkODFlMmM4ZDZjMGVkNmQxODMyMzE2OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANO3/71Ma4PddndlgExebrc8Z6rSkcHMF1ZgvdLT7RduWtVt
YBH0xBQihkib8opYcgVvfIqQCfr+GKm2ylkPZotVO0M3+oJgWggPFOswSAhSHQL1
0O/IrLsX7T8t9QEzQ53s1Vb2WNcFW7b8HlVdt91lTmLEukUdYl81dTN92ne+UbXk
ULNAA5TaqKJEMgAIuW1VuStiIr6C8kfwL/oSi4ZepLOQs8SzU9N7urlnTYKkUT6P
DP4BuKop5E1HRVWxr4VjFadE94h/btU/2dKGgKnie/VrGxPTjm3g4xFyV9Y/WPKO
vqbzQQK2Mz/6YFUKQfE9SnnLXU86LnGG5xIvY00CAwEAAaOCAhgwggIUMB0GA1Ud
DgQWBBTYJB4xOBLy9a2B4sjWwO1tGDIxaTAfBgNVHSMEGDAWgBQdx1IjIcI9Fp7T
Mv9Jh5zMJFFy2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hjZFNJeUhDUFJhZTB6TF9TWWVjekNSUmN0cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzIvNTIwZDA0LWU5MTItNGY0Ni1hOWU2LTcwNTUzOTNmNzVmZS8x
LzJDUWVNVGdTOHZXdGdlTEkxc0R0YlJneU1Xay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzIv
NTIwZDA0LWU5MTItNGY0Ni1hOWU2LTcwNTUzOTNmNzVmZS8xL0hjZFNJeUhDUFJh
ZTB6TF9TWWVjekNSUmN0cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAu
BggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEBT7pADANBAIAAjAHAwUDKgGRADAN
BgkqhkiG9w0BAQsFAAOCAQEASUUNabFaBXrml4lI4RfvuVvkBw8Q8dva4BdzUX9l
LH6j7AQYZEqZQ9ABZ/3u7FIrVskeKtATBNTMQ7a8HKmZ199Meni4Oz1oJrh1YzZj
qnlQihTHes5V0LcQIt0cteZOynpfX50UoX2AcniZRY/HwOq6diehM9CTAeRn/VmM
I5/5DzzpkFCD/KeT5Cd670auQlhXmLvLXr9ZmdmE0CraFqB16ucBkdWvYRe5V2Z5
+Tfzy9/KWIO13p9vOQ4+GVV0yOWlUl2ulA1qZagX2NCxd+fy/tDoecyIR9j/KLmP
dqxien4Qjfa7dcoam+0v5QXLVuZ63n2Z7B2HCG4X86ny4g==
-----END CERTIFICATE-----
Generated at Tue Apr 22 03:28:04 2025 by rpki-client