Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/uSfTLLPE2CC7hOLWOTLedwXFYnQ.roa
File: uSfTLLPE2CC7hOLWOTLedwXFYnQ.roa (raw, json)
Hash identifier: Yd9IgPLidwSpXJKEoFHzBbY8J/grKhJCIL/xqnyxXas=
Subject key identifier: B9:27:D3:2C:B3:C4:D8:20:BB:84:E2:D6:39:32:DE:77:05:C5:62:74
Certificate issuer: /CN=581ecc1a74cf92ab619c5f710123937ce50d9c43
Certificate serial: 0725E900
Authority key identifier: 58:1E:CC:1A:74:CF:92:AB:61:9C:5F:71:01:23:93:7C:E5:0D:9C:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/uSfTLLPE2CC7hOLWOTLedwXFYnQ.roa
Signing time: Sat 01 Jan 2022 05:02:11 +0000
ROA not before: Sat 01 Jan 2022 05:02:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 208041
IP address blocks: 193.160.10.0/23 maxlen: 23
193.160.14.0/23 maxlen: 23
109.197.32.0/23 maxlen: 23
2a0f:d181::/32 maxlen: 32
2a0f:d180::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 119924992 (0x725e900)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=581ecc1a74cf92ab619c5f710123937ce50d9c43
Validity
Not Before: Jan 1 05:02:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b927d32cb3c4d820bb84e2d63932de7705c56274
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:0e:86:90:a5:87:c1:c1:da:a1:f2:82:bd:f3:
2a:56:85:27:24:59:23:49:dd:d8:2b:27:db:c1:a2:
1e:e6:0b:a7:a9:81:a1:d6:7b:78:e2:80:c1:16:e9:
6f:b1:55:53:d5:5f:9d:e2:56:c3:63:cf:3c:a0:ca:
ab:ff:2b:6f:b7:02:9d:35:9e:4e:62:c2:e3:f2:06:
a7:fb:5f:dd:e3:58:0d:ba:31:0b:46:74:35:2d:84:
67:13:f2:31:73:e5:67:88:cb:80:04:19:57:90:5f:
dc:ff:f7:b9:3b:4e:96:bb:6b:30:42:5c:30:d2:e0:
fd:e7:d9:92:3b:e0:27:47:3b:75:ad:6b:34:2d:6d:
90:98:69:af:9b:99:a8:64:d3:0e:1f:09:6b:94:50:
8c:80:5b:43:fd:1a:53:d7:c3:53:fc:ee:2e:a6:c4:
78:4a:92:a1:d0:0e:6a:d2:8d:24:71:a6:80:78:87:
42:1c:1a:01:2f:bc:98:01:03:cc:23:6a:8f:c2:91:
69:e7:aa:a1:89:0c:d9:ef:59:4d:f7:d1:e5:c5:76:
16:d1:f9:70:90:9b:d0:9b:b4:02:c8:17:4e:87:d5:
00:70:8b:c5:ba:80:36:ad:16:13:23:4d:b6:11:fc:
f1:40:83:4b:7b:8b:89:5d:28:c0:ea:e7:f2:61:05:
eb:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:27:D3:2C:B3:C4:D8:20:BB:84:E2:D6:39:32:DE:77:05:C5:62:74
X509v3 Authority Key Identifier:
keyid:58:1E:CC:1A:74:CF:92:AB:61:9C:5F:71:01:23:93:7C:E5:0D:9C:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/uSfTLLPE2CC7hOLWOTLedwXFYnQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/WB7MGnTPkqthnF9xASOTfOUNnEM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.197.32.0/23
193.160.10.0/23
193.160.14.0/23
IPv6:
2a0f:d180::/31
Signature Algorithm: sha256WithRSAEncryption
50:8f:33:b6:85:a0:7c:fe:16:f6:74:62:57:0e:d6:f4:37:14:
74:c5:98:1d:ef:91:9c:17:61:53:61:90:8c:4c:e4:d3:9a:22:
48:ec:d1:c9:65:c4:a8:b5:3c:35:b7:bb:4e:fa:f7:45:73:13:
b7:91:7b:38:14:a3:48:60:0a:17:93:05:a4:8c:f6:e3:5e:88:
4e:e1:88:ef:43:92:ad:3d:1f:6d:23:c0:37:c9:2f:c9:d3:d3:
03:64:c1:7f:ff:f9:79:51:7e:4e:7e:50:e7:6a:c6:ec:39:7f:
51:e4:22:95:19:a9:b5:0a:f9:2d:b4:5f:45:40:49:eb:dd:17:
6e:48:b3:6e:74:45:4d:8e:83:d6:f8:d8:0b:11:6d:21:a5:4e:
bb:2a:1f:5f:95:3b:d7:76:ca:55:1d:bb:c2:2c:f2:f1:65:1b:
d0:c2:35:36:3e:59:3b:d8:7b:35:b2:72:e1:50:c8:6e:08:84:
d3:1c:6e:ec:a1:75:e7:ab:f4:40:b2:da:df:42:e1:68:00:77:
bd:f7:91:4f:dc:fc:58:87:ed:bc:be:20:31:01:44:79:a6:27:
98:fc:8d:97:78:f9:30:b0:57:64:24:d9:dc:bd:6e:46:09:5a:
1f:15:4b:5e:c6:ea:bd:58:b6:ed:85:b1:79:f7:0d:78:ac:72:
0f:e3:27:2d
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEByXpADANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ODFlY2MxYTc0Y2Y5MmFiNjE5YzVmNzEwMTIzOTM3Y2U1MGQ5YzQzMB4XDTIyMDEw
MTA1MDIxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjkyN2QzMmNiM2M0
ZDgyMGJiODRlMmQ2MzkzMmRlNzcwNWM1NjI3NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL8OhpClh8HB2qHygr3zKlaFJyRZI0nd2Csn28GiHuYLp6mB
odZ7eOKAwRbpb7FVU9VfneJWw2PPPKDKq/8rb7cCnTWeTmLC4/IGp/tf3eNYDbox
C0Z0NS2EZxPyMXPlZ4jLgAQZV5Bf3P/3uTtOlrtrMEJcMNLg/efZkjvgJ0c7da1r
NC1tkJhpr5uZqGTTDh8Ja5RQjIBbQ/0aU9fDU/zuLqbEeEqSodAOatKNJHGmgHiH
QhwaAS+8mAEDzCNqj8KRaeeqoYkM2e9ZTffR5cV2FtH5cJCb0Ju0AsgXTofVAHCL
xbqANq0WEyNNthH88UCDS3uLiV0owOrn8mEF688CAwEAAaOCAiQwggIgMB0GA1Ud
DgQWBBS5J9Mss8TYILuE4tY5Mt53BcVidDAfBgNVHSMEGDAWgBRYHswadM+Sq2Gc
X3EBI5N85Q2cQzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dCN01HblRQa3F0aG5GOXhBU09UZk9VTm5FTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzcvYzcxZGFmLWRkNjYtNDFkOC1iMDRmLWRhODhiNmJkYjMxNi8x
L3VTZlRMTFBFMkNDN2hPTFdPVExlZHdYRlluUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcv
YzcxZGFmLWRkNjYtNDFkOC1iMDRmLWRhODhiNmJkYjMxNi8xL1dCN01HblRQa3F0
aG5GOXhBU09UZk9VTm5FTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA6
BggrBgEFBQcBBwEB/wQrMCkwGAQCAAEwEgMEAW3FIAMEAcGgCgMEAcGgDjANBAIA
AjAHAwUBKg/RgDANBgkqhkiG9w0BAQsFAAOCAQEAUI8ztoWgfP4W9nRiVw7W9DcU
dMWYHe+RnBdhU2GQjEzk05oiSOzRyWXEqLU8Nbe7Tvr3RXMTt5F7OBSjSGAKF5MF
pIz2416ITuGI70OSrT0fbSPAN8kvydPTA2TBf//5eVF+Tn5Q52rG7Dl/UeQilRmp
tQr5LbRfRUBJ690XbkizbnRFTY6D1vjYCxFtIaVOuyofX5U713bKVR27wizy8WUb
0MI1Nj5ZO9h7NbJy4VDIbgiE0xxu7KF156v0QLLa30LhaAB3vfeRT9z8WIftvL4g
MQFEeaYnmPyNl3j5MLBXZCTZ3L1uRglaHxVLXsbqvVi27YWxefcNeKxyD+MnLQ==
-----END CERTIFICATE-----
Generated at Tue Apr 8 06:17:56 2025 by rpki-client