Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/Jm578um-knBCowa6nQ29hmXAfeU.roa
File: Jm578um-knBCowa6nQ29hmXAfeU.roa (raw, json)
Hash identifier: szycHDvtaaqtsfQF89GCQVX/FGBDL7q20Amikmzqae8=
Subject key identifier: 26:6E:7B:F2:E9:BE:92:70:42:A3:06:BA:9D:0D:BD:86:65:C0:7D:E5
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 018CC72700EB6868224194A7F843D35098C5
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/Jm578um-knBCowa6nQ29hmXAfeU.roa
Signing time: Mon 01 Jan 2024 22:31:11 +0000
ROA not before: Mon 01 Jan 2024 22:31:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15596
IP address blocks: 31.42.112.0/20 maxlen: 20
91.210.144.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:00:eb:68:68:22:41:94:a7:f8:43:d3:50:98:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Jan 1 22:31:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=266e7bf2e9be927042a306ba9d0dbd8665c07de5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:56:10:47:f3:14:91:84:71:7f:52:7c:df:70:
f3:de:fd:5d:80:7e:5f:8c:3e:75:76:31:e8:fd:42:
34:19:3d:98:80:ff:19:b3:0e:7b:f7:df:cd:4a:42:
2f:8c:ee:44:69:d6:2f:ec:83:b4:76:5d:c4:f6:be:
88:7b:c4:08:80:7c:dd:e5:49:95:84:00:95:10:e8:
e0:f0:d1:f9:af:76:7f:75:87:ca:59:b6:d6:a2:bc:
48:49:86:3a:c3:bb:d7:0a:6a:97:e9:0d:67:36:b2:
ba:36:09:96:14:c9:1c:13:3d:d3:e8:e5:5f:24:37:
be:7c:bf:0f:2f:68:fb:4b:90:9c:8b:c0:fe:d3:e7:
c4:67:91:59:b3:3e:8d:a6:6e:ea:d5:9a:09:5e:3b:
bb:69:45:48:8d:bf:2c:22:75:1b:67:4f:ea:32:30:
0e:d0:8b:da:30:b4:df:53:bf:9b:f0:73:f3:3b:cb:
05:b8:45:32:f5:43:4f:c1:88:47:13:18:1c:b6:1b:
1e:01:2b:98:7c:a5:6e:78:4b:2c:94:a5:30:4e:eb:
15:82:d4:48:1c:0d:89:a7:c5:e2:15:1c:57:ed:4a:
e4:5f:b6:73:d8:75:20:36:6c:1c:1e:3d:1d:21:2a:
18:39:56:48:c6:12:a0:fc:fb:ee:dd:97:38:ce:2c:
aa:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:6E:7B:F2:E9:BE:92:70:42:A3:06:BA:9D:0D:BD:86:65:C0:7D:E5
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/Jm578um-knBCowa6nQ29hmXAfeU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.112.0/20
91.210.144.0/22
Signature Algorithm: sha256WithRSAEncryption
17:ab:f9:42:e1:76:1a:da:57:fb:99:8d:27:85:70:43:8e:2e:
e6:f7:37:d5:7d:cb:1c:29:04:c3:c3:66:69:5b:a0:39:04:21:
31:9a:4b:d9:ba:e7:3d:24:cf:bb:57:c0:60:6a:11:f7:37:f4:
68:80:c1:6d:cd:cd:e0:ac:36:6c:c3:ed:b7:e7:e0:a9:e2:16:
15:2a:75:8e:a6:f2:d3:7c:ad:2f:78:2c:85:95:e4:d8:b1:06:
3e:dd:be:44:c0:38:60:c7:62:55:a6:e6:81:83:00:7b:b2:6d:
6b:e7:08:1b:4d:bc:57:7e:e0:91:80:9b:44:b9:18:96:6b:2e:
5c:02:50:ca:8c:a9:76:07:14:96:88:b3:4d:62:05:8a:17:a3:
f3:4d:9d:58:c3:29:57:ce:34:0d:6c:73:c6:88:63:74:91:b2:
c3:f2:26:db:71:8c:20:a7:11:bc:a7:17:c2:48:55:c4:0a:0f:
f1:f5:4e:d8:cc:7d:80:d5:0c:b1:ed:77:e4:f5:62:fa:d6:0f:
9c:a2:23:12:86:80:18:f5:c5:de:57:fd:0b:79:44:b9:7c:96:
09:e5:53:8a:f2:18:84:41:52:14:cc:6c:07:fa:61:5d:cd:d7:
46:a2:55:00:95:59:91:82:6b:54:f8:bf:2c:69:89:e9:d1:43:
40:9a:d2:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJwDraGgiQZSn+EPTUJjFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjQwMTAxMjIzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjZlN2JmMmU5YmU5MjcwNDJhMzA2YmE5ZDBkYmQ4NjY1YzA3ZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1YQR/MUkYRxf1J833Dz3v1dgH5f
jD51djHo/UI0GT2YgP8Zsw5799/NSkIvjO5EadYv7IO0dl3E9r6Ie8QIgHzd5UmV
hACVEOjg8NH5r3Z/dYfKWbbWorxISYY6w7vXCmqX6Q1nNrK6NgmWFMkcEz3T6OVf
JDe+fL8PL2j7S5Cci8D+0+fEZ5FZsz6Npm7q1ZoJXju7aUVIjb8sInUbZ0/qMjAO
0IvaMLTfU7+b8HPzO8sFuEUy9UNPwYhHExgcthseASuYfKVueEsslKUwTusVgtRI
HA2Jp8XiFRxX7UrkX7Zz2HUgNmwcHj0dISoYOVZIxhKg/Pvu3Zc4ziyqLwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCZue/LpvpJwQqMGup0NvYZlwH3lMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvSm01Nzh1bS1rbkJDb3dhNm5RMjlobVhBZmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEHypwAwQC
W9KQMA0GCSqGSIb3DQEBCwUAA4IBAQAXq/lC4XYa2lf7mY0nhXBDji7m9zfVfcsc
KQTDw2ZpW6A5BCExmkvZuuc9JM+7V8BgahH3N/RogMFtzc3grDZsw+235+Cp4hYV
KnWOpvLTfK0veCyFleTYsQY+3b5EwDhgx2JVpuaBgwB7sm1r5wgbTbxXfuCRgJtE
uRiWay5cAlDKjKl2BxSWiLNNYgWKF6PzTZ1YwylXzjQNbHPGiGN0kbLD8ibbcYwg
pxG8pxfCSFXECg/x9U7YzH2A1Qyx7Xfk9WL61g+coiMShoAY9cXeV/0LeUS5fJYJ
5VOK8hiEQVIUzGwH+mFdzddGolUAlVmRgmtU+L8saYnp0UNAmtIp
-----END CERTIFICATE-----
Generated at Fri Apr 18 23:36:47 2025 by rpki-client