Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/2c8_cbEnVfjX0Gh-UXhr0PtfXvE.roa
File: 2c8_cbEnVfjX0Gh-UXhr0PtfXvE.roa (raw, json)
Hash identifier: rKzy9tgUDB+v9jnzzGG11FDiaAmv8oUow0fIbGibto0=
Subject key identifier: D9:CF:3F:71:B1:27:55:F8:D7:D0:68:7E:51:78:6B:D0:FB:5F:5E:F1
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018612F4FDAB06D47773FCE22E4DC32E4276
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/2c8_cbEnVfjX0Gh-UXhr0PtfXvE.roa
Signing time: Thu 02 Feb 2023 16:28:10 +0000
ROA not before: Thu 02 Feb 2023 16:28:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 54339
IP address blocks: 176.114.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:12:f4:fd:ab:06:d4:77:73:fc:e2:2e:4d:c3:2e:42:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Feb 2 16:28:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d9cf3f71b12755f8d7d0687e51786bd0fb5f5ef1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e1:23:40:4d:5b:ed:a3:d1:45:21:86:70:f0:
89:16:d2:e4:77:11:85:5e:fb:cb:0e:6f:79:53:c2:
2c:01:9d:00:ad:84:ee:94:25:5b:40:00:fe:1c:2f:
61:96:27:9a:61:c4:45:a3:22:9b:27:6c:42:72:92:
59:20:60:f7:dd:fc:d7:31:04:b8:b1:46:9d:45:ed:
13:71:6d:f2:4e:11:4d:8b:e3:6b:e1:20:d9:15:8e:
85:f6:59:5a:8e:78:f8:1c:b1:eb:b3:c0:fb:1d:31:
52:f0:66:74:02:b7:2e:31:9b:d7:51:74:0f:0a:7d:
0d:34:1e:16:96:1d:52:9a:69:52:30:58:82:b6:dd:
83:64:8c:06:74:2a:11:3c:0e:9f:96:47:c3:e5:d8:
47:ef:46:67:c2:d0:e0:22:f4:fd:5a:e5:c0:a1:83:
1a:6b:70:51:13:32:98:bb:3c:26:ee:87:74:d7:39:
b6:b7:30:02:48:ce:9d:0c:ce:36:f7:18:ae:8b:8d:
b1:d4:c7:dc:63:d0:5f:ce:07:33:ae:5b:5d:75:02:
97:0c:f3:2e:9b:a2:2b:26:6e:32:09:f9:64:a7:ef:
76:13:b6:9e:2b:c1:3e:84:7c:d4:59:87:02:75:f3:
bd:70:07:3e:2b:54:78:74:7f:29:3d:d7:11:b2:20:
56:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:CF:3F:71:B1:27:55:F8:D7:D0:68:7E:51:78:6B:D0:FB:5F:5E:F1
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/2c8_cbEnVfjX0Gh-UXhr0PtfXvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.88.0/22
Signature Algorithm: sha256WithRSAEncryption
c7:ad:39:57:e3:bf:49:3b:65:6f:fd:2e:c9:10:d2:28:a4:b1:
33:78:bf:63:22:22:48:37:6e:72:e2:78:31:eb:77:70:49:b2:
79:39:6b:93:dd:f5:b3:16:6a:6e:7f:d9:06:83:27:41:ae:6d:
fb:1f:02:65:76:34:ec:0f:bd:61:b7:f6:96:f2:13:d6:e2:cc:
ee:ad:d3:72:70:7d:4e:a6:9d:b8:ba:5c:2e:e6:18:37:5a:47:
a2:e6:73:a9:86:7b:45:61:62:5b:25:b9:1a:65:82:3f:35:a2:
38:06:45:b1:a3:be:ac:be:7b:d5:f1:d9:7d:28:53:33:81:43:
97:c2:6c:69:06:c5:1c:15:6b:e3:8b:89:1f:64:44:85:fc:1f:
81:0f:fb:39:d4:80:12:41:0b:08:2c:49:be:f7:0f:df:0a:00:
c4:18:31:23:7d:77:e9:70:f3:7c:a6:8f:7d:53:59:51:76:ea:
ca:82:31:a7:9b:32:38:89:02:f0:1c:ec:47:77:14:09:a8:eb:
27:6b:22:d4:d3:e9:c8:07:61:73:13:8d:21:7c:75:f1:9c:f6:
a9:44:08:07:bd:c7:15:92:fa:46:76:b2:ef:51:19:1c:6a:43:
20:fa:5d:2c:74:07:8e:7c:3d:8a:8f:6f:66:b4:eb:2b:23:ee:
8c:a3:12:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYS9P2rBtR3c/ziLk3DLkJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwMjAyMTYyODEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWNmM2Y3MWIxMjc1NWY4ZDdkMDY4N2U1MTc4NmJkMGZiNWY1ZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOEjQE1b7aPRRSGGcPCJFtLkdxGF
XvvLDm95U8IsAZ0ArYTulCVbQAD+HC9hlieaYcRFoyKbJ2xCcpJZIGD33fzXMQS4
sUadRe0TcW3yThFNi+Nr4SDZFY6F9llajnj4HLHrs8D7HTFS8GZ0ArcuMZvXUXQP
Cn0NNB4Wlh1SmmlSMFiCtt2DZIwGdCoRPA6flkfD5dhH70ZnwtDgIvT9WuXAoYMa
a3BREzKYuzwm7od01zm2tzACSM6dDM429xiui42x1MfcY9BfzgczrltddQKXDPMu
m6IrJm4yCflkp+92E7aeK8E+hHzUWYcCdfO9cAc+K1R4dH8pPdcRsiBWOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnPP3GxJ1X419BoflF4a9D7X17xMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvMmM4X2NiRW5WZmpYMEdoLVVYaHIwUHRmWHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHJYMA0G
CSqGSIb3DQEBCwUAA4IBAQDHrTlX479JO2Vv/S7JENIopLEzeL9jIiJIN25y4ngx
63dwSbJ5OWuT3fWzFmpuf9kGgydBrm37HwJldjTsD71ht/aW8hPW4szurdNycH1O
pp24ulwu5hg3Wkei5nOphntFYWJbJbkaZYI/NaI4BkWxo76svnvV8dl9KFMzgUOX
wmxpBsUcFWvji4kfZESF/B+BD/s51IASQQsILEm+9w/fCgDEGDEjfXfpcPN8po99
U1lRdurKgjGnmzI4iQLwHOxHdxQJqOsnayLU0+nIB2FzE40hfHXxnPapRAgHvccV
kvpGdrLvURkcakMg+l0sdAeOfD2Kj29mtOsrI+6MoxIo
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:19:19 2025 by rpki-client