Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/520d04-e912-4f46-a9e6-7055393f75fe/1/oSGpX3XbqNBGofqXxKMU7rbutFU.roa
File: oSGpX3XbqNBGofqXxKMU7rbutFU.roa (raw, json)
Hash identifier: d+vs+8S1EjnFVzZY5ZuTH+YjGjJ0pIaUtMf+rEDviEk=
Subject key identifier: A1:21:A9:5F:75:DB:A8:D0:46:A1:FA:97:C4:A3:14:EE:B6:EE:B4:55
Certificate issuer: /CN=1dc7522321c23d169ed332ff49879ccc245172db
Certificate serial: 018CC26D5179AD0F6F8F8A3EB86080CBF087
Authority key identifier: 1D:C7:52:23:21:C2:3D:16:9E:D3:32:FF:49:87:9C:CC:24:51:72:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HcdSIyHCPRae0zL_SYeczCRRcts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/520d04-e912-4f46-a9e6-7055393f75fe/1/oSGpX3XbqNBGofqXxKMU7rbutFU.roa
Signing time: Mon 01 Jan 2024 00:29:53 +0000
ROA not before: Mon 01 Jan 2024 00:29:53 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9166
IP address blocks: 212.113.64.0/19 maxlen: 24
62.233.0.0/19 maxlen: 24
2a02:239c:0:20::/64 maxlen: 64
2a02:2398::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:51:79:ad:0f:6f:8f:8a:3e:b8:60:80:cb:f0:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1dc7522321c23d169ed332ff49879ccc245172db
Validity
Not Before: Jan 1 00:29:53 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a121a95f75dba8d046a1fa97c4a314eeb6eeb455
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:75:b7:16:ea:c5:b4:bf:77:66:2e:a6:e0:00:
f6:47:db:b7:da:be:bc:86:d8:2e:5c:88:a9:f2:70:
b2:63:cb:01:ad:16:2c:36:87:60:57:07:68:90:ed:
59:86:fb:6d:56:65:80:f0:66:e2:fe:31:ab:c6:19:
dd:ec:b0:f3:f3:04:c4:63:92:34:8a:56:f7:6e:f5:
c1:76:2c:b2:a7:47:a1:3c:ea:41:ad:44:a6:92:3d:
6c:f0:ab:12:f6:43:f6:2e:89:b0:14:17:b3:70:9a:
21:f0:ab:1d:72:c0:36:05:46:9d:c3:52:b0:b7:42:
47:28:62:c1:7b:51:e7:df:c7:fd:26:de:14:c8:e7:
36:97:1d:20:81:32:ca:df:e3:53:50:f1:12:46:a5:
a2:4c:00:b2:e1:5b:a3:73:bb:fc:09:8b:f4:e7:7c:
1e:87:dc:c9:02:4c:47:f7:01:fe:cf:99:9a:4d:0b:
c3:18:d1:d7:06:07:df:a2:64:7a:1a:45:50:13:ae:
2a:06:21:95:69:10:12:46:02:19:73:96:e9:a1:03:
c3:9b:6f:ea:fb:1c:6c:35:1b:af:9a:ec:6c:51:e5:
e2:b1:35:a0:c7:7c:96:25:11:b7:09:08:26:0a:dd:
07:7f:81:0a:99:cc:c7:fa:6b:5a:46:61:49:8a:04:
fc:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:21:A9:5F:75:DB:A8:D0:46:A1:FA:97:C4:A3:14:EE:B6:EE:B4:55
X509v3 Authority Key Identifier:
keyid:1D:C7:52:23:21:C2:3D:16:9E:D3:32:FF:49:87:9C:CC:24:51:72:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HcdSIyHCPRae0zL_SYeczCRRcts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/520d04-e912-4f46-a9e6-7055393f75fe/1/oSGpX3XbqNBGofqXxKMU7rbutFU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/520d04-e912-4f46-a9e6-7055393f75fe/1/HcdSIyHCPRae0zL_SYeczCRRcts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.233.0.0/19
212.113.64.0/19
IPv6:
2a02:2398::/29
Signature Algorithm: sha256WithRSAEncryption
c1:8c:08:ad:0e:c4:48:38:52:c1:09:fd:11:b5:67:09:ed:57:
01:54:c3:0e:75:8e:29:86:bf:31:58:ed:af:85:5f:eb:bd:da:
3b:ed:a6:84:d4:22:fd:ba:bb:c9:d8:ab:55:ad:c9:c4:79:2c:
cf:97:4a:25:4e:0f:6d:75:47:fc:9a:68:32:ef:38:85:a8:a5:
d0:3e:b4:e7:00:58:b4:42:81:47:9c:1c:f7:f2:a8:e0:f3:2c:
d1:ae:19:80:e0:a9:cf:f9:de:2c:a5:4a:49:b6:4e:cf:3f:e9:
f4:18:1d:cb:73:a7:c6:cb:41:e4:78:02:d5:fd:c6:37:92:37:
cd:84:5f:60:b3:fc:44:0b:23:08:42:c4:1a:fc:75:ef:a0:ef:
58:ce:9d:40:bb:64:61:10:d4:db:20:72:85:d9:1d:4e:14:6a:
69:b7:94:5a:99:b8:b1:57:ad:28:79:5a:3d:82:27:cf:5d:95:
ba:cc:9f:ee:d2:89:ba:59:de:a8:cc:6f:b3:6d:06:6b:90:1e:
81:d7:77:03:10:66:24:9b:c8:7a:ce:f8:95:b1:0b:00:48:07:
e5:80:f8:9a:9b:76:6b:4d:83:3e:fe:07:57:47:b7:45:28:fe:
c0:06:46:9c:db:30:06:b5:2f:50:6c:73:ab:50:17:5f:e3:c7:
bb:9d:93:14
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbVF5rQ9vj4o+uGCAy/CHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYzc1MjIzMjFjMjNkMTY5ZWQzMzJmZjQ5ODc5Y2NjMjQ1
MTcyZGIwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTIxYTk1Zjc1ZGJhOGQwNDZhMWZhOTdjNGEzMTRlZWI2ZWViNDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnW3FurFtL93Zi6m4AD2R9u32r68
htguXIip8nCyY8sBrRYsNodgVwdokO1ZhvttVmWA8Gbi/jGrxhnd7LDz8wTEY5I0
ilb3bvXBdiyyp0ehPOpBrUSmkj1s8KsS9kP2LomwFBezcJoh8KsdcsA2BUadw1Kw
t0JHKGLBe1Hn38f9Jt4UyOc2lx0ggTLK3+NTUPESRqWiTACy4Vujc7v8CYv053we
h9zJAkxH9wH+z5maTQvDGNHXBgffomR6GkVQE64qBiGVaRASRgIZc5bpoQPDm2/q
+xxsNRuvmuxsUeXisTWgx3yWJRG3CQgmCt0Hf4EKmczH+mtaRmFJigT8pwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKEhqV9126jQRqH6l8SjFO627rRVMB8GA1UdIwQY
MBaAFB3HUiMhwj0WntMy/0mHnMwkUXLbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGNkU0l5SENQUmFlMHpMX1NZZWN6Q1JSY3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi81MjBkMDQtZTkxMi00ZjQ2LWE5ZTYt
NzA1NTM5M2Y3NWZlLzEvb1NHcFgzWGJxTkJHb2ZxWHhLTVU3cmJ1dEZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi81MjBkMDQtZTkxMi00ZjQ2LWE5ZTYtNzA1NTM5M2Y3NWZl
LzEvSGNkU0l5SENQUmFlMHpMX1NZZWN6Q1JSY3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFPukAAwQF
1HFAMA0EAgACMAcDBQMqAiOYMA0GCSqGSIb3DQEBCwUAA4IBAQDBjAitDsRIOFLB
Cf0RtWcJ7VcBVMMOdY4phr8xWO2vhV/rvdo77aaE1CL9urvJ2KtVrcnEeSzPl0ol
Tg9tdUf8mmgy7ziFqKXQPrTnAFi0QoFHnBz38qjg8yzRrhmA4KnP+d4spUpJtk7P
P+n0GB3Lc6fGy0HkeALV/cY3kjfNhF9gs/xECyMIQsQa/HXvoO9Yzp1Au2RhENTb
IHKF2R1OFGppt5RambixV60oeVo9gifPXZW6zJ/u0om6Wd6ozG+zbQZrkB6B13cD
EGYkm8h6zviVsQsASAflgPiam3ZrTYM+/gdXR7dFKP7ABkac2zAGtS9QbHOrUBdf
48e7nZMU
-----END CERTIFICATE-----
Generated at Tue Apr 22 01:43:12 2025 by rpki-client