Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/9_dXPWAxzXje3fbA68n1o_BosMs.roa
File: 9_dXPWAxzXje3fbA68n1o_BosMs.roa (raw, json)
Hash identifier: dqSbiA58caSvfInjC4vnAId8UWM2yDaaib0eA2LP0mU=
Subject key identifier: F7:F7:57:3D:60:31:CD:78:DE:DD:F6:C0:EB:C9:F5:A3:F0:68:B0:CB
Certificate issuer: /CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Certificate serial: 01888125B55F911C412DF6B9CEDD6B2956CE
Authority key identifier: 79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/9_dXPWAxzXje3fbA68n1o_BosMs.roa
Signing time: Sat 03 Jun 2023 12:05:12 +0000
ROA not before: Sat 03 Jun 2023 12:05:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210000
IP address blocks: 31.41.34.0/24 maxlen: 24
176.119.223.0/24 maxlen: 24
194.156.188.0/24 maxlen: 24
2a12:3fc0::/44 maxlen: 44
2a12:3fc1:1001::/48 maxlen: 48
2a12:3fc1:1002::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:81:25:b5:5f:91:1c:41:2d:f6:b9:ce:dd:6b:29:56:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=798f7b1fd802b3dc6abd7a5cda786a6311e1d63d
Validity
Not Before: Jun 3 12:05:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f7f7573d6031cd78deddf6c0ebc9f5a3f068b0cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:ce:5c:bd:a1:09:e5:02:fd:9e:fa:93:6c:59:
29:34:25:07:3e:f5:9e:20:a4:cc:a4:95:84:96:67:
94:46:aa:a8:4d:29:03:6e:1d:de:2e:4c:b7:3a:3f:
fa:bd:04:56:a7:4f:bc:a8:18:d6:69:7e:03:b4:e0:
68:6f:9d:f8:58:85:03:22:21:2f:be:b5:41:12:bf:
9d:52:0a:5e:dc:13:95:2c:9e:3b:fd:7a:8b:ec:a3:
5e:78:46:60:1f:05:3e:9b:b3:f4:b9:90:be:8b:81:
fb:cb:72:68:03:c2:38:fb:d0:fa:68:ae:1c:e0:dd:
51:a3:b3:bb:51:c7:20:35:f7:d9:c4:59:b6:85:3e:
17:40:39:3a:73:49:03:6a:d1:88:c0:e9:47:44:cd:
a7:ff:5c:81:bb:b5:df:16:fb:27:40:2b:7d:5a:82:
a7:5f:bf:b4:4d:4a:69:cd:8a:9e:8b:3d:34:1a:5f:
e0:c3:43:d1:65:c2:4f:cc:b3:bb:16:44:b9:8e:d2:
36:f8:80:2a:00:ba:e0:80:c5:0a:43:02:db:46:d8:
16:f1:5e:34:db:f0:66:86:3d:b1:86:82:ac:63:48:
d5:b6:b4:36:26:26:7a:1e:7f:00:88:5f:fb:ef:a8:
1f:ac:f4:76:00:70:cd:74:cd:ca:99:c7:46:07:70:
45:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:F7:57:3D:60:31:CD:78:DE:DD:F6:C0:EB:C9:F5:A3:F0:68:B0:CB
X509v3 Authority Key Identifier:
keyid:79:8F:7B:1F:D8:02:B3:DC:6A:BD:7A:5C:DA:78:6A:63:11:E1:D6:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY97H9gCs9xqvXpc2nhqYxHh1j0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/9_dXPWAxzXje3fbA68n1o_BosMs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/30883a-16d7-4212-9199-09d0aa28e551/1/eY97H9gCs9xqvXpc2nhqYxHh1j0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.34.0/24
176.119.223.0/24
194.156.188.0/24
IPv6:
2a12:3fc0::/44
2a12:3fc1:1001::-2a12:3fc1:1002:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
21:8f:3b:1b:27:25:0c:cf:42:b6:7e:f0:d5:20:c2:96:7d:9f:
87:88:26:bb:9d:ae:c4:57:43:45:61:39:cb:2d:d0:8f:1c:e3:
bb:8d:7d:b4:50:4e:d2:80:0a:91:69:2a:2d:3f:2f:2b:de:b2:
f5:08:da:54:8e:76:47:e4:85:ba:da:1e:59:b9:07:b6:97:b4:
d3:ef:fb:a9:33:ca:9c:b9:93:97:f9:7c:b4:20:d2:be:aa:79:
16:4d:3f:3e:8c:53:eb:a6:8b:fe:6a:7b:9b:ee:ab:27:c7:e4:
3c:43:4b:6d:e7:43:60:f1:97:d0:d7:6d:b2:e4:9d:23:24:43:
52:dd:bd:5b:89:41:16:e6:4b:9d:97:46:5f:77:fe:06:5c:fb:
d2:33:dc:1e:34:c7:6a:c3:6d:8a:32:a5:ba:f4:fe:17:d8:0b:
58:a4:42:92:57:4d:9a:b8:64:4c:9c:df:d2:e7:b5:14:e7:cf:
c7:d0:33:9a:c0:de:34:e4:9f:35:20:7b:c4:57:06:05:a8:56:
05:bc:88:e7:81:5f:c4:a8:28:48:12:99:2a:58:13:2b:f8:a5:
f4:04:6d:6b:ac:c7:8b:5a:a3:bb:e2:69:e0:2f:24:53:e5:2a:
cf:0a:f0:c8:15:25:90:15:65:ea:f0:0f:81:4b:7c:ee:ce:1c:
e7:3a:66:91
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYiBJbVfkRxBLfa5zt1rKVbOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGY3YjFmZDgwMmIzZGM2YWJkN2E1Y2RhNzg2YTYzMTFl
MWQ2M2QwHhcNMjMwNjAzMTIwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Y3NTczZDYwMzFjZDc4ZGVkZGY2YzBlYmM5ZjVhM2YwNjhiMGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhM5cvaEJ5QL9nvqTbFkpNCUHPvWe
IKTMpJWElmeURqqoTSkDbh3eLky3Oj/6vQRWp0+8qBjWaX4DtOBob534WIUDIiEv
vrVBEr+dUgpe3BOVLJ47/XqL7KNeeEZgHwU+m7P0uZC+i4H7y3JoA8I4+9D6aK4c
4N1Ro7O7UccgNffZxFm2hT4XQDk6c0kDatGIwOlHRM2n/1yBu7XfFvsnQCt9WoKn
X7+0TUppzYqeiz00Gl/gw0PRZcJPzLO7FkS5jtI2+IAqALrggMUKQwLbRtgW8V40
2/Bmhj2xhoKsY0jVtrQ2JiZ6Hn8AiF/776gfrPR2AHDNdM3KmcdGB3BFFwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFPf3Vz1gMc143t32wOvJ9aPwaLDLMB8GA1UdIwQY
MBaAFHmPex/YArPcar16XNp4amMR4dY9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTkt
MDlkMGFhMjhlNTUxLzEvOV9kWFBXQXh6WGplM2ZiQTY4bjFvX0Jvc01zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8zMDg4M2EtMTZkNy00MjEyLTkxOTktMDlkMGFhMjhlNTUx
LzEvZVk5N0g5Z0NzOXhxdlhwYzJuaHFZeEhoMWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAYBAIAATASAwQAHykiAwQA
sHffAwQAwpy8MCMEAgACMB0DBwQqEj/AAAAwEgMHACoSP8EQAQMHACoSP8EQAjAN
BgkqhkiG9w0BAQsFAAOCAQEAIY87GyclDM9Ctn7w1SDCln2fh4gmu52uxFdDRWE5
yy3Qjxzju419tFBO0oAKkWkqLT8vK96y9QjaVI52R+SFutoeWbkHtpe00+/7qTPK
nLmTl/l8tCDSvqp5Fk0/PoxT66aL/mp7m+6rJ8fkPENLbedDYPGX0NdtsuSdIyRD
Ut29W4lBFuZLnZdGX3f+Blz70jPcHjTHasNtijKluvT+F9gLWKRCkldNmrhkTJzf
0ue1FOfPx9AzmsDeNOSfNSB7xFcGBahWBbyI54FfxKgoSBKZKlgTK/il9ARta6zH
i1qju+Jp4C8kU+UqzwrwyBUlkBVl6vAPgUt87s4c5zpmkQ==
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:58:23 2025 by rpki-client