Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Csts7Wo5yGooiE2Xp29KGL41On8.roa
File: Csts7Wo5yGooiE2Xp29KGL41On8.roa (raw, json)
Hash identifier: TZuYBsNVWgokvg5D1n2iZQ6LoYkzZgR8axUdVMR2BBg=
Subject key identifier: 0A:CB:6C:ED:6A:39:C8:6A:28:88:4D:97:A7:6F:4A:18:BE:35:3A:7F
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 01857246DE900D4330ADA353161B3FD50609
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Csts7Wo5yGooiE2Xp29KGL41On8.roa
Signing time: Mon 02 Jan 2023 11:38:44 +0000
ROA not before: Mon 02 Jan 2023 11:38:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 176.114.84.0/22 maxlen: 22
176.114.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:46:de:90:0d:43:30:ad:a3:53:16:1b:3f:d5:06:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Jan 2 11:38:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0acb6ced6a39c86a28884d97a76f4a18be353a7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:ab:69:59:2f:c1:5f:ed:d2:7a:2f:4b:08:82:
e3:05:bd:ff:54:4b:25:92:3a:ef:3b:9b:50:46:19:
b2:58:f1:76:4f:8c:25:86:72:77:97:be:b3:e2:fc:
09:e1:cb:57:58:ae:0a:64:7d:67:56:c0:fc:8c:f7:
5b:aa:05:d6:0a:cb:58:10:c1:6d:f7:8b:30:15:e6:
9c:0c:5d:19:f3:d8:a1:52:d2:ea:65:6f:ce:9f:54:
de:72:e8:52:ee:ca:3f:8a:6f:d0:e9:70:26:23:ce:
1f:c5:6e:ac:d3:2a:00:f1:fd:8e:a3:df:7e:26:d3:
91:35:d8:cf:0d:26:bd:eb:d5:0d:f8:35:a3:34:c1:
6b:1a:2a:4d:12:d9:9a:e2:34:18:0e:25:d8:8e:a1:
fe:fa:ff:a6:6e:44:99:c9:fd:2b:51:8c:3b:ba:d6:
50:6d:39:ac:2a:f9:dc:ef:b2:f0:74:c8:8e:a3:da:
27:ce:b8:59:98:0a:f1:02:b5:31:b4:f0:66:89:e0:
f6:7e:10:05:f9:0c:13:4b:4c:20:f3:b9:45:00:83:
ca:21:ea:a6:99:85:c7:cb:4f:e0:c0:d9:97:2e:29:
a0:b3:2d:11:37:8f:a1:8a:4b:a2:1b:eb:08:7f:27:
5d:54:fa:21:fb:d1:f7:9a:0f:56:a4:d3:45:92:97:
e3:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:CB:6C:ED:6A:39:C8:6A:28:88:4D:97:A7:6F:4A:18:BE:35:3A:7F
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Csts7Wo5yGooiE2Xp29KGL41On8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.84.0/22
176.114.92.0/22
Signature Algorithm: sha256WithRSAEncryption
09:9b:cc:51:67:35:b5:12:04:6c:6e:c0:fe:53:22:01:69:36:
08:ae:91:9a:82:7e:29:7e:b9:c2:33:6b:2e:75:1a:7c:12:11:
84:53:d9:2a:e4:c4:a0:4d:06:ef:52:b6:e5:bf:b2:8c:18:38:
5b:59:8c:03:80:22:93:95:37:c3:c9:31:cb:f8:d4:75:f5:c9:
71:bf:10:a9:92:10:06:d0:52:75:e6:65:76:f4:58:68:d4:ee:
02:13:91:65:5d:a2:c4:22:18:89:43:0a:41:00:20:96:51:43:
41:db:d8:30:36:03:c6:1e:9a:7d:e6:b4:3e:6f:43:b8:89:31:
e6:a2:fd:da:69:49:2f:8a:a1:4b:e6:f0:96:ee:65:3c:a8:b7:
8b:16:3d:09:b3:7b:6e:48:ca:b9:7c:77:55:8f:18:d9:36:6c:
9d:0e:39:c7:11:dc:d8:3d:a3:d7:19:d4:de:b2:a6:14:57:d1:
92:85:42:fd:60:ff:66:c7:52:b2:db:ad:38:ff:00:72:8c:2b:
14:4e:14:44:3e:6c:88:c4:8f:aa:0f:55:f9:ca:97:07:f1:98:
95:83:3c:7c:bb:c9:9c:99:2b:f9:25:4c:93:e2:59:75:1f:89:
1d:84:f8:b7:28:e0:2c:16:0b:4d:49:f9:43:53:9f:08:d7:a5:
a8:f1:30:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVyRt6QDUMwraNTFhs/1QYJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwMTAyMTEzODQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWNiNmNlZDZhMzljODZhMjg4ODRkOTdhNzZmNGExOGJlMzUzYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6tpWS/BX+3Sei9LCILjBb3/VEsl
kjrvO5tQRhmyWPF2T4wlhnJ3l76z4vwJ4ctXWK4KZH1nVsD8jPdbqgXWCstYEMFt
94swFeacDF0Z89ihUtLqZW/On1TecuhS7so/im/Q6XAmI84fxW6s0yoA8f2Oo99+
JtORNdjPDSa969UN+DWjNMFrGipNEtma4jQYDiXYjqH++v+mbkSZyf0rUYw7utZQ
bTmsKvnc77LwdMiOo9onzrhZmArxArUxtPBmieD2fhAF+QwTS0wg87lFAIPKIeqm
mYXHy0/gwNmXLimgsy0RN4+hikuiG+sIfyddVPoh+9H3mg9WpNNFkpfjFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFArLbO1qOchqKIhNl6dvShi+NTp/MB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvQ3N0czdXbzV5R29vaUUyWHAyOUtHTDQxT244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsHJUAwQC
sHJcMA0GCSqGSIb3DQEBCwUAA4IBAQAJm8xRZzW1EgRsbsD+UyIBaTYIrpGagn4p
frnCM2sudRp8EhGEU9kq5MSgTQbvUrblv7KMGDhbWYwDgCKTlTfDyTHL+NR19clx
vxCpkhAG0FJ15mV29Fho1O4CE5FlXaLEIhiJQwpBACCWUUNB29gwNgPGHpp95rQ+
b0O4iTHmov3aaUkviqFL5vCW7mU8qLeLFj0Js3tuSMq5fHdVjxjZNmydDjnHEdzY
PaPXGdTesqYUV9GShUL9YP9mx1Ky2604/wByjCsUThREPmyIxI+qD1X5ypcH8ZiV
gzx8u8mcmSv5JUyT4ll1H4kdhPi3KOAsFgtNSflDU58I16Wo8TC7
-----END CERTIFICATE-----
Generated at Sat Apr 19 12:08:34 2025 by rpki-client