Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/hyDwDVpi9tUYGaek2HPBW9JPZl0.roa
File: hyDwDVpi9tUYGaek2HPBW9JPZl0.roa (raw, json)
Hash identifier: NOmfsTFqlIep3db2Z0FpS9TO+08hfM/37O3tUbukxK0=
Subject key identifier: 87:20:F0:0D:5A:62:F6:D5:18:19:A7:A4:D8:73:C1:5B:D2:4F:66:5D
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 018EE22DF6503FDACD84D21084C626567C17
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/hyDwDVpi9tUYGaek2HPBW9JPZl0.roa
Signing time: Mon 15 Apr 2024 14:34:06 +0000
ROA not before: Mon 15 Apr 2024 14:34:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15596
IP address blocks: 31.42.119.0/24 maxlen: 24
31.42.120.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:e2:2d:f6:50:3f:da:cd:84:d2:10:84:c6:26:56:7c:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Apr 15 14:34:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8720f00d5a62f6d51819a7a4d873c15bd24f665d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:94:6a:d2:98:25:03:cf:64:66:aa:05:ea:e1:
e9:a0:39:0e:1b:d8:dc:4c:64:ca:2e:c3:3a:6d:5c:
f8:58:c2:f6:1b:11:22:71:06:d8:f0:db:29:04:33:
a6:dc:ff:92:02:50:f5:59:e9:f8:64:0f:5c:f6:34:
93:d3:fc:37:23:15:7b:76:8c:51:c1:a8:41:52:c3:
95:25:aa:0c:dd:b9:0e:5f:b7:4a:0c:c9:b4:28:ed:
68:d7:5c:38:fe:28:ca:80:a1:45:69:fa:ad:b1:6b:
6e:99:ce:70:b1:45:2c:3c:09:df:1a:e0:04:4a:0a:
47:1b:0d:0e:ce:5f:3e:1c:e6:0a:a8:6e:0c:0a:c0:
7c:d7:e0:8f:23:99:b5:96:95:ae:1d:c9:d4:33:f7:
34:c3:c0:b9:ba:54:6e:97:fb:d6:1b:aa:b0:e3:42:
47:63:41:e5:3f:1a:c9:6c:8c:1f:94:24:60:76:cc:
d7:d9:2b:55:a3:1a:7c:74:d9:81:58:b5:52:c8:f3:
b2:1a:3a:59:a6:a0:5c:29:b4:c2:4c:62:bd:c7:a3:
d7:0d:ce:43:ef:9d:a5:71:ef:0a:13:8b:1f:32:52:
f3:b4:48:cd:55:23:f1:10:20:4d:f4:25:07:58:f5:
79:fc:59:56:f8:0e:79:78:4d:28:bd:64:3b:d8:51:
75:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:20:F0:0D:5A:62:F6:D5:18:19:A7:A4:D8:73:C1:5B:D2:4F:66:5D
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/hyDwDVpi9tUYGaek2HPBW9JPZl0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.119.0-31.42.123.255
Signature Algorithm: sha256WithRSAEncryption
7c:3d:73:91:2b:fa:03:7b:ec:f7:59:f0:f9:78:c6:cf:9a:a3:
a3:7b:ff:78:a8:5e:64:82:08:90:57:57:61:fb:c5:e7:0d:ae:
09:f5:2c:18:64:aa:f5:5a:c2:69:7c:10:e8:9f:b2:5c:74:6e:
4d:fe:66:9f:d9:51:57:7a:92:3c:48:99:d4:87:d6:80:73:e5:
75:64:6e:5f:a6:ae:ae:fa:47:97:4e:96:f1:04:58:4b:fa:df:
aa:fb:b6:c8:c5:90:85:64:00:2c:58:17:cd:b3:a5:9f:b0:ca:
27:f3:70:f4:44:06:dd:74:f9:68:19:5a:f8:09:70:c2:dc:87:
83:8b:1e:cc:8b:7c:58:bf:a9:6b:50:e2:85:95:3d:fa:7d:a6:
c5:52:52:6d:19:77:9a:80:a2:8f:1f:05:6f:19:20:96:2b:ac:
0f:a2:3a:4d:13:97:e0:0a:bd:f1:1b:41:f1:d8:79:f5:2b:9a:
78:a6:1f:d9:d9:46:db:ee:42:01:9b:ae:a5:9e:50:ea:de:23:
b5:6d:b7:dc:1e:6b:13:c5:fe:33:f8:e0:90:e2:13:a9:15:2f:
5b:6e:c4:6c:8d:1d:09:c7:20:d5:8e:42:b7:94:c2:d7:62:26:
b3:83:3f:b2:52:38:4e:35:0a:e2:54:bb:55:72:39:fe:d2:c2:
75:c7:fe:b5
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY7iLfZQP9rNhNIQhMYmVnwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjQwNDE1MTQzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzIwZjAwZDVhNjJmNmQ1MTgxOWE3YTRkODczYzE1YmQyNGY2NjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpRq0pglA89kZqoF6uHpoDkOG9jc
TGTKLsM6bVz4WML2GxEicQbY8NspBDOm3P+SAlD1Wen4ZA9c9jST0/w3IxV7doxR
wahBUsOVJaoM3bkOX7dKDMm0KO1o11w4/ijKgKFFafqtsWtumc5wsUUsPAnfGuAE
SgpHGw0Ozl8+HOYKqG4MCsB81+CPI5m1lpWuHcnUM/c0w8C5ulRul/vWG6qw40JH
Y0HlPxrJbIwflCRgdszX2StVoxp8dNmBWLVSyPOyGjpZpqBcKbTCTGK9x6PXDc5D
752lce8KE4sfMlLztEjNVSPxECBN9CUHWPV5/FlW+A55eE0ovWQ72FF1gwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIcg8A1aYvbVGBmnpNhzwVvST2ZdMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvaHlEd0RWcGk5dFVZR2FlazJIUEJXOUpQWmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAfKncD
BAIfKngwDQYJKoZIhvcNAQELBQADggEBAHw9c5Er+gN77PdZ8Pl4xs+ao6N7/3io
XmSCCJBXV2H7xecNrgn1LBhkqvVawml8EOifslx0bk3+Zp/ZUVd6kjxImdSH1oBz
5XVkbl+mrq76R5dOlvEEWEv636r7tsjFkIVkACxYF82zpZ+wyifzcPREBt10+WgZ
WvgJcMLch4OLHsyLfFi/qWtQ4oWVPfp9psVSUm0Zd5qAoo8fBW8ZIJYrrA+iOk0T
l+AKvfEbQfHYefUrmnimH9nZRtvuQgGbrqWeUOreI7Vtt9weaxPF/jP44JDiE6kV
L1tuxGyNHQnHINWOQreUwtdiJrODP7JSOE41CuJUu1VyOf7SwnXH/rU=
-----END CERTIFICATE-----
Generated at Fri Apr 18 23:39:00 2025 by rpki-client