Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/OB-NFIae5599OViHxN2IsnAr4Mo.roa
File: OB-NFIae5599OViHxN2IsnAr4Mo.roa (raw, json)
Hash identifier: wvVUaonOuyd2lsGQV1FnG+baPLP0U7CqBXx3r/stZAg=
Subject key identifier: 38:1F:8D:14:86:9E:E7:9F:7D:39:58:87:C4:DD:88:B2:70:2B:E0:CA
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018534AC62B7D52FDA3737B5FE4EFC583FA0
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/OB-NFIae5599OViHxN2IsnAr4Mo.roa
Signing time: Wed 21 Dec 2022 12:33:10 +0000
ROA not before: Wed 21 Dec 2022 12:33:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 996
IP address blocks: 176.114.84.0/22 maxlen: 22
176.114.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:34:ac:62:b7:d5:2f:da:37:37:b5:fe:4e:fc:58:3f:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Dec 21 12:33:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=381f8d14869ee79f7d395887c4dd88b2702be0ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:6b:9e:4a:6b:9c:ab:81:06:78:d5:be:21:ee:
63:15:d0:ec:05:f3:b2:c5:77:8e:f4:f6:b4:bf:31:
7e:4e:cc:6b:2d:1d:80:ab:5b:90:30:fd:1e:46:58:
8d:7e:95:db:fa:09:c6:16:50:f4:df:29:4e:3f:c9:
f5:23:df:7a:e7:b5:71:74:f7:66:0f:eb:7f:ee:63:
36:dd:de:6e:b1:5f:b1:b9:79:1a:9b:83:b3:a4:04:
48:f6:0c:38:52:4a:c8:fe:35:a9:4e:3d:75:77:f5:
7e:7e:a0:77:17:25:d3:fc:59:88:af:09:34:61:6b:
12:27:f7:02:02:ae:9a:37:53:77:15:b1:23:d4:f7:
93:35:f6:08:82:a5:2f:6c:ef:25:47:15:9a:d7:cb:
09:5c:d9:68:bd:62:66:00:09:c6:cd:5e:c6:a3:03:
72:3e:db:8b:b9:09:31:a7:f5:3b:39:a0:08:b4:7d:
75:6a:ae:09:5b:33:a6:b1:4c:ae:c4:e0:15:bd:90:
14:f8:29:59:3a:7d:25:2c:78:2e:e3:58:b2:f8:f0:
3a:fe:50:09:c9:65:8c:2a:e0:15:9d:a6:69:06:55:
7c:40:d1:89:88:c8:71:91:12:8e:4c:59:c7:58:c1:
94:75:61:c2:5f:b7:e6:de:7a:6a:91:b6:11:d7:90:
f7:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:1F:8D:14:86:9E:E7:9F:7D:39:58:87:C4:DD:88:B2:70:2B:E0:CA
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/OB-NFIae5599OViHxN2IsnAr4Mo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.84.0/22
176.114.92.0/22
Signature Algorithm: sha256WithRSAEncryption
74:1e:03:b2:79:df:d1:7a:a7:74:74:07:65:95:57:7d:b9:85:
98:83:c2:43:31:7c:b4:08:2e:bb:94:6f:73:86:7d:b8:33:08:
87:5f:e9:b1:60:23:ab:5e:b9:c6:18:6a:52:ce:24:d5:fe:1e:
ce:4a:a4:2b:59:58:ce:e1:c8:46:ca:d8:03:3f:1c:90:ad:e2:
09:90:69:b8:72:c9:dc:a7:1c:20:a7:37:a5:26:e6:08:07:0d:
1b:18:36:c0:53:a5:b4:d9:42:05:a2:4d:c0:5a:50:d5:1c:32:
16:82:fd:60:1d:91:6a:99:09:99:6c:3b:a5:af:79:5e:fb:42:
9f:d6:03:27:29:d2:eb:0f:3f:86:cb:c3:86:fc:12:0d:5e:ca:
e0:ab:e8:52:7c:f7:be:a2:44:a9:2d:97:18:7a:07:cf:62:40:
59:05:96:48:b6:f9:0f:54:42:e7:18:e4:ad:86:7c:b6:1e:c2:
fd:f6:a2:11:cb:e7:67:12:60:40:2f:01:68:96:40:cd:14:ef:
ef:3c:a5:9f:79:9b:80:a9:58:7a:68:8d:eb:d7:43:26:ab:80:
b1:8c:41:1c:04:2f:81:ca:81:eb:34:56:aa:77:c5:29:db:9e:
cb:e5:0e:6d:89:ae:f1:ab:c0:42:bf:ed:23:5b:1e:75:e5:ec:
6e:2f:77:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYU0rGK31S/aNze1/k78WD+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjIxMjIxMTIzMzEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODFmOGQxNDg2OWVlNzlmN2QzOTU4ODdjNGRkODhiMjcwMmJlMGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2ueSmucq4EGeNW+Ie5jFdDsBfOy
xXeO9Pa0vzF+TsxrLR2Aq1uQMP0eRliNfpXb+gnGFlD03ylOP8n1I99657VxdPdm
D+t/7mM23d5usV+xuXkam4OzpARI9gw4UkrI/jWpTj11d/V+fqB3FyXT/FmIrwk0
YWsSJ/cCAq6aN1N3FbEj1PeTNfYIgqUvbO8lRxWa18sJXNlovWJmAAnGzV7GowNy
PtuLuQkxp/U7OaAItH11aq4JWzOmsUyuxOAVvZAU+ClZOn0lLHgu41iy+PA6/lAJ
yWWMKuAVnaZpBlV8QNGJiMhxkRKOTFnHWMGUdWHCX7fm3npqkbYR15D3owIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDgfjRSGnueffTlYh8TdiLJwK+DKMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvT0ItTkZJYWU1NTk5T1ZpSHhOMklzbkFyNE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCsHJUAwQC
sHJcMA0GCSqGSIb3DQEBCwUAA4IBAQB0HgOyed/Reqd0dAdllVd9uYWYg8JDMXy0
CC67lG9zhn24MwiHX+mxYCOrXrnGGGpSziTV/h7OSqQrWVjO4chGytgDPxyQreIJ
kGm4csncpxwgpzelJuYIBw0bGDbAU6W02UIFok3AWlDVHDIWgv1gHZFqmQmZbDul
r3le+0Kf1gMnKdLrDz+Gy8OG/BINXsrgq+hSfPe+okSpLZcYegfPYkBZBZZItvkP
VELnGOSthny2HsL99qIRy+dnEmBALwFolkDNFO/vPKWfeZuAqVh6aI3r10Mmq4Cx
jEEcBC+ByoHrNFaqd8Up257L5Q5tia7xq8BCv+0jWx515exuL3fk
-----END CERTIFICATE-----
Generated at Sat Apr 19 15:13:59 2025 by rpki-client