Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/K8LyJmuCczCGILUwavB2ki7gLZQ.roa
File: K8LyJmuCczCGILUwavB2ki7gLZQ.roa (raw, json)
Hash identifier: YalrfbcRchw+f/c89iaF5WtTEMjS18QW7ynZOfBPex4=
Subject key identifier: 2B:C2:F2:26:6B:82:73:30:86:20:B5:30:6A:F0:76:92:2E:E0:2D:94
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 01909186A4A65D79DE5F67FDAA4869074A8D
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/K8LyJmuCczCGILUwavB2ki7gLZQ.roa
Signing time: Mon 08 Jul 2024 08:47:18 +0000
ROA not before: Mon 08 Jul 2024 08:47:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60068
IP address blocks: 2.56.103.0/24 maxlen: 24
2.59.22.0/24 maxlen: 24
45.131.215.0/24 maxlen: 24
185.155.200.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:91:86:a4:a6:5d:79:de:5f:67:fd:aa:48:69:07:4a:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Jul 8 08:47:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2bc2f2266b8273308620b5306af076922ee02d94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:1b:a4:7e:0f:4f:ac:14:85:40:52:f7:7b:c1:
f8:03:15:8d:b8:44:1b:04:84:33:ed:1a:a7:14:13:
ea:32:c9:c6:31:94:b9:80:4d:ee:e9:be:8e:07:8a:
85:5a:3d:5d:33:fa:92:44:28:d3:bb:19:bc:5e:17:
60:a0:0d:5e:0e:52:ac:52:ea:16:8d:78:d6:7a:d7:
e3:5d:b2:77:40:e1:dc:bc:a4:47:18:a6:8d:76:76:
c3:02:04:90:53:db:03:f1:96:47:d6:b6:0d:16:40:
bc:d9:c6:40:ef:20:99:40:3b:c3:d0:a1:4b:a4:44:
2f:85:66:b8:68:77:c2:08:c2:f2:a7:fc:6c:75:7d:
88:fc:c5:ed:96:11:bc:a3:c3:e9:f7:41:85:39:93:
5c:b7:46:56:9a:f2:02:cc:03:de:2e:4f:0c:be:93:
f1:f0:0c:59:46:20:bd:72:d9:38:ec:85:fd:07:91:
35:43:61:ea:ed:c9:dc:f8:d5:e2:80:ee:7e:b7:be:
ff:92:09:75:ab:e2:36:b0:2d:3b:cd:49:69:ba:14:
fb:a9:e1:9b:3e:09:0b:9e:12:d9:05:cf:9b:33:06:
9a:a7:44:ee:4d:1b:9e:35:50:03:0a:22:60:5f:3b:
b3:c4:38:3a:7f:f1:85:d1:bd:2e:21:02:1c:ca:93:
7b:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:C2:F2:26:6B:82:73:30:86:20:B5:30:6A:F0:76:92:2E:E0:2D:94
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/K8LyJmuCczCGILUwavB2ki7gLZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.103.0/24
2.59.22.0/24
45.131.215.0/24
185.155.200.0/24
Signature Algorithm: sha256WithRSAEncryption
b4:3b:29:5c:c1:b2:06:20:12:54:d8:91:f7:d5:f4:67:6a:4c:
e1:a2:fd:49:50:34:b9:34:44:b5:41:01:f7:32:c8:51:bf:17:
6f:5a:86:18:73:71:d0:3e:f2:98:24:bc:a8:65:80:99:14:ad:
0b:6a:95:e9:cb:17:d5:86:f4:24:e0:d3:04:e5:b5:26:4f:81:
7b:e4:60:9a:d1:08:93:1e:4e:af:b2:46:ed:96:ed:24:5b:fb:
d2:9e:11:a4:6b:06:40:5e:5b:3f:17:65:07:8d:2f:1c:8f:54:
3a:2d:ca:00:29:08:96:10:42:ad:5c:1f:f0:b3:a2:1f:96:99:
e5:e1:ee:04:81:89:78:88:63:ab:6e:79:58:8c:c3:72:ca:19:
f6:a2:ab:e1:c3:32:bc:8e:20:e8:36:ca:a9:25:1b:65:69:fa:
8a:c3:e0:e7:bd:2f:73:b6:1d:ff:e2:59:eb:6b:ae:7f:b6:45:
55:53:f8:31:36:05:0f:42:f5:fe:0c:b2:d3:dc:96:93:3a:cf:
b2:da:21:01:57:2a:ce:8a:3e:fc:a8:f8:2f:7a:a1:5f:bf:e1:
4f:1e:35:bd:5e:6f:34:ca:af:65:57:ca:3f:1e:19:22:a5:96:
17:0d:07:3e:2b:34:6a:d1:60:69:49:8a:b4:e4:14:54:76:c4:
32:4d:6e:d1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZCRhqSmXXneX2f9qkhpB0qNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNzA4MDg0NzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmMyZjIyNjZiODI3MzMwODYyMGI1MzA2YWYwNzY5MjJlZTAyZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBukfg9PrBSFQFL3e8H4AxWNuEQb
BIQz7RqnFBPqMsnGMZS5gE3u6b6OB4qFWj1dM/qSRCjTuxm8XhdgoA1eDlKsUuoW
jXjWetfjXbJ3QOHcvKRHGKaNdnbDAgSQU9sD8ZZH1rYNFkC82cZA7yCZQDvD0KFL
pEQvhWa4aHfCCMLyp/xsdX2I/MXtlhG8o8Pp90GFOZNct0ZWmvICzAPeLk8MvpPx
8AxZRiC9ctk47IX9B5E1Q2Hq7cnc+NXigO5+t77/kgl1q+I2sC07zUlpuhT7qeGb
PgkLnhLZBc+bMwaap0TuTRueNVADCiJgXzuzxDg6f/GF0b0uIQIcypN7PwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCvC8iZrgnMwhiC1MGrwdpIu4C2UMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSzhMeUptdUNjekNHSUxVd2F2QjJraTdnTFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAAjhnAwQA
AjsWAwQALYPXAwQAuZvIMA0GCSqGSIb3DQEBCwUAA4IBAQC0OylcwbIGIBJU2JH3
1fRnakzhov1JUDS5NES1QQH3MshRvxdvWoYYc3HQPvKYJLyoZYCZFK0LapXpyxfV
hvQk4NME5bUmT4F75GCa0QiTHk6vskbtlu0kW/vSnhGkawZAXls/F2UHjS8cj1Q6
LcoAKQiWEEKtXB/ws6Iflpnl4e4EgYl4iGOrbnlYjMNyyhn2oqvhwzK8jiDoNsqp
JRtlafqKw+DnvS9zth3/4lnra65/tkVVU/gxNgUPQvX+DLLT3JaTOs+y2iEBVyrO
ij78qPgveqFfv+FPHjW9Xm80yq9lV8o/HhkipZYXDQc+KzRq0WBpSYq05BRUdsQy
TW7R
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:45:47 2025 by rpki-client