Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/8Iqg0_L7pXw59_aRySqgpkuJRjQ.roa
File: 8Iqg0_L7pXw59_aRySqgpkuJRjQ.roa (raw, json)
Hash identifier: y2pFJ+8p0xtG0kJywZ4iD47kzyWAOnctenUAe4D8PhU=
Subject key identifier: F0:8A:A0:D3:F2:FB:A5:7C:39:F7:F6:91:C9:2A:A0:A6:4B:89:46:34
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018703EBA49A673B516527E9050287FEC7B8
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/8Iqg0_L7pXw59_aRySqgpkuJRjQ.roa
Signing time: Tue 21 Mar 2023 11:26:27 +0000
ROA not before: Tue 21 Mar 2023 11:26:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 996
IP address blocks: 176.114.84.0/22 maxlen: 22
176.114.88.0/22 maxlen: 22
176.114.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:03:eb:a4:9a:67:3b:51:65:27:e9:05:02:87:fe:c7:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Mar 21 11:26:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f08aa0d3f2fba57c39f7f691c92aa0a64b894634
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:36:3b:2f:8b:cf:a7:46:12:e9:34:66:cf:1e:
fc:12:bd:88:f3:04:f9:81:74:33:30:4e:7b:a0:67:
e8:5c:2d:f6:56:67:b9:22:8d:0c:26:4b:fd:68:f7:
d7:cc:f1:a8:63:12:38:e6:68:2b:7b:99:55:fb:2b:
b7:15:9e:1e:70:8f:35:53:9a:d8:e2:0a:fb:c5:1f:
65:0b:35:8a:dd:8f:4f:26:67:c0:61:27:5e:f0:03:
3f:09:33:c9:b8:44:e3:a8:36:6d:25:b2:6b:10:c9:
1e:4b:ac:43:f1:79:22:d4:ed:82:03:f6:39:ca:31:
91:94:25:11:7d:ff:17:6f:d6:08:f6:03:02:72:09:
a1:d4:dd:da:fc:07:6d:8a:0a:55:17:ed:e4:6e:20:
5b:92:71:8d:5c:c3:22:08:45:5b:3f:0f:4e:36:1c:
9c:66:07:7a:3b:4c:38:17:43:3e:94:6c:e2:27:48:
0a:8c:f6:2f:95:50:e1:9e:db:8e:4e:80:21:8f:f5:
0d:0f:ac:f7:c6:be:b1:78:1b:3d:83:72:30:80:ea:
e2:e5:86:55:63:20:be:1b:f7:72:45:10:85:56:46:
21:ab:8e:9a:94:7a:fd:66:11:e6:13:e5:26:b3:cc:
c5:b5:07:13:61:39:2b:42:26:51:df:f7:fd:b1:f0:
41:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:8A:A0:D3:F2:FB:A5:7C:39:F7:F6:91:C9:2A:A0:A6:4B:89:46:34
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/8Iqg0_L7pXw59_aRySqgpkuJRjQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.84.0-176.114.95.255
Signature Algorithm: sha256WithRSAEncryption
3f:e3:9c:3f:46:20:21:4c:76:eb:ec:d0:a7:4d:45:d1:ab:80:
47:ec:d7:6d:9b:9a:bc:80:fd:24:8a:1c:5e:59:aa:69:8e:e6:
50:f8:ff:80:89:b6:2b:f0:43:d8:f7:cd:1d:cd:93:14:94:2a:
93:f1:ae:23:71:a8:52:58:c0:ee:41:b4:2e:46:e9:93:68:25:
3a:eb:c9:65:cf:33:ab:c6:4a:23:66:6e:86:c2:f2:86:e1:7b:
2d:7a:d0:6d:57:64:ad:58:59:db:c2:52:a2:de:bc:bd:95:12:
83:e8:f1:da:a1:52:41:38:e0:6c:e3:c0:b0:8e:8b:dc:b1:0f:
f9:99:23:12:d1:e5:a5:91:05:be:a1:2f:7e:08:53:2f:bc:6c:
0f:61:20:d4:43:72:d4:8f:6f:e4:7f:a3:ba:48:42:01:c0:00:
77:08:c8:4c:00:84:61:a5:62:26:41:40:20:e7:3b:99:23:3f:
8c:1d:e5:2e:3f:c7:ed:0b:df:5d:6e:59:37:f8:65:fe:a8:d8:
e4:13:56:e1:bc:01:96:16:a8:41:d5:08:17:09:2b:4f:2e:22:
5d:3a:97:e8:0c:42:4b:b7:6d:2b:63:e8:ee:21:4a:5c:a5:58:
96:7b:70:96:77:09:16:1c:64:0e:f3:72:e7:b0:57:07:be:c0:
f1:19:6f:98
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYcD66SaZztRZSfpBQKH/se4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwMzIxMTEyNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDhhYTBkM2YyZmJhNTdjMzlmN2Y2OTFjOTJhYTBhNjRiODk0NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTY7L4vPp0YS6TRmzx78Er2I8wT5
gXQzME57oGfoXC32Vme5Io0MJkv9aPfXzPGoYxI45mgre5lV+yu3FZ4ecI81U5rY
4gr7xR9lCzWK3Y9PJmfAYSde8AM/CTPJuETjqDZtJbJrEMkeS6xD8Xki1O2CA/Y5
yjGRlCURff8Xb9YI9gMCcgmh1N3a/AdtigpVF+3kbiBbknGNXMMiCEVbPw9ONhyc
Zgd6O0w4F0M+lGziJ0gKjPYvlVDhntuOToAhj/UND6z3xr6xeBs9g3IwgOri5YZV
YyC+G/dyRRCFVkYhq46alHr9ZhHmE+Ums8zFtQcTYTkrQiZR3/f9sfBBPwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPCKoNPy+6V8Off2kckqoKZLiUY0MB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvOElxZzBfTDdwWHc1OV9hUnlTcWdwa3VKUmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKwclQD
BAWwckAwDQYJKoZIhvcNAQELBQADggEBAD/jnD9GICFMduvs0KdNRdGrgEfs122b
mryA/SSKHF5ZqmmO5lD4/4CJtivwQ9j3zR3NkxSUKpPxriNxqFJYwO5BtC5G6ZNo
JTrryWXPM6vGSiNmbobC8obhey160G1XZK1YWdvCUqLevL2VEoPo8dqhUkE44Gzj
wLCOi9yxD/mZIxLR5aWRBb6hL34IUy+8bA9hINRDctSPb+R/o7pIQgHAAHcIyEwA
hGGlYiZBQCDnO5kjP4wd5S4/x+0L311uWTf4Zf6o2OQTVuG8AZYWqEHVCBcJK08u
Il06l+gMQku3bStj6O4hSlylWJZ7cJZ3CRYcZA7zcuewVwe+wPEZb5g=
-----END CERTIFICATE-----
Generated at Sat Apr 19 00:55:38 2025 by rpki-client