Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/SdmSOfgOouHpiJE03NAe2poB7bA.roa
File: SdmSOfgOouHpiJE03NAe2poB7bA.roa (raw, json)
Hash identifier: 2XiiR7Giti47A2DasGRFENB9ropmpSxSSqpWvzucnW8=
Subject key identifier: 49:D9:92:39:F8:0E:A2:E1:E9:88:91:34:DC:D0:1E:DA:9A:01:ED:B0
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018CC9BC600C3015B86271CA78B5ED60766C
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/SdmSOfgOouHpiJE03NAe2poB7bA.roa
Signing time: Tue 02 Jan 2024 10:33:34 +0000
ROA not before: Tue 02 Jan 2024 10:33:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 54339
IP address blocks: 176.114.94.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:60:0c:30:15:b8:62:71:ca:78:b5:ed:60:76:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Jan 2 10:33:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=49d99239f80ea2e1e9889134dcd01eda9a01edb0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:98:c7:e3:23:a8:cb:8c:ba:e8:8e:19:40:57:
50:b5:fa:96:45:6d:99:db:45:53:74:16:8c:d9:bd:
29:17:ec:8c:37:ec:f5:ce:fb:84:b0:af:ad:cd:ea:
48:df:cc:ec:da:cc:ff:74:0b:ab:45:fd:d2:0b:ef:
5d:3e:51:38:b7:2f:84:2d:ff:6b:2a:c6:dc:94:e5:
e1:13:9b:36:52:3f:f2:8a:6d:f5:6a:bd:ec:98:6b:
54:50:fd:37:7a:de:fe:a4:9e:dc:91:a6:1d:ef:48:
d6:43:7d:4f:02:fb:5e:62:53:8a:61:06:a5:52:08:
e4:4f:80:80:35:b5:50:20:55:ae:7e:57:22:d5:fc:
4e:9d:fb:30:9e:87:fb:f4:ec:df:7f:8c:cf:33:67:
78:4b:64:db:93:aa:1d:ba:88:85:5d:d8:e3:95:42:
ad:b8:65:7a:7f:6c:ad:f8:52:c6:ff:44:01:2a:93:
05:5f:0d:2a:1b:df:82:93:19:ee:30:e8:d5:10:3d:
7b:04:ec:66:62:cc:c9:e4:94:e7:07:b0:71:a8:ae:
09:39:75:64:0c:4a:8a:32:2e:d9:84:ff:a5:39:67:
af:5b:bb:ec:b9:25:2b:c0:11:19:f4:37:52:91:2a:
75:42:48:69:e5:28:b7:78:a4:63:ac:91:d3:1d:f2:
ee:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:D9:92:39:F8:0E:A2:E1:E9:88:91:34:DC:D0:1E:DA:9A:01:ED:B0
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/SdmSOfgOouHpiJE03NAe2poB7bA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.94.0/23
Signature Algorithm: sha256WithRSAEncryption
41:53:ef:4b:3e:7d:a7:83:01:cd:71:c9:4d:7e:2a:ee:42:9e:
dd:f2:bd:ee:a2:6d:f3:8b:85:f6:78:44:e1:11:43:bc:ce:a0:
6b:5d:b3:7b:52:8a:ed:ac:89:18:24:9f:f8:bd:50:a3:59:17:
6a:ff:b7:38:79:f4:d8:09:42:54:37:92:5a:6c:e8:79:c6:b8:
ec:da:75:83:2a:bc:dd:c1:95:16:0a:68:b8:f1:51:c9:49:ce:
f3:5f:4e:f3:7f:95:46:bc:8b:36:61:71:7f:de:11:10:cf:37:
f4:0f:89:19:ed:78:92:14:01:65:11:dc:de:e3:e8:ed:b8:b3:
1f:64:79:2b:4a:02:07:07:8e:0b:8e:e4:0e:d6:78:b3:2b:e5:
b1:c3:8f:28:6a:d6:b9:dd:1c:79:74:6e:83:f4:2e:6f:e8:78:
fd:a6:33:22:55:63:20:a0:5d:f3:12:f4:0a:2f:0e:7e:a4:a8:
1e:73:ff:31:ed:44:dc:9b:90:15:cb:1b:52:59:76:8b:51:a1:
86:4a:c8:7b:c1:57:c6:34:cb:c2:57:21:67:a7:aa:ea:62:ea:
7e:95:50:d4:2c:d6:f3:91:f1:1e:c5:ed:b5:17:bd:5e:73:e7:
7b:6b:0e:00:f2:6e:f1:d9:fe:29:c6:2f:5e:05:f2:eb:65:04:
75:25:a0:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGAMMBW4YnHKeLXtYHZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWQ5OTIzOWY4MGVhMmUxZTk4ODkxMzRkY2QwMWVkYTlhMDFlZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpjH4yOoy4y66I4ZQFdQtfqWRW2Z
20VTdBaM2b0pF+yMN+z1zvuEsK+tzepI38zs2sz/dAurRf3SC+9dPlE4ty+ELf9r
KsbclOXhE5s2Uj/yim31ar3smGtUUP03et7+pJ7ckaYd70jWQ31PAvteYlOKYQal
UgjkT4CANbVQIFWuflci1fxOnfswnof79Ozff4zPM2d4S2Tbk6oduoiFXdjjlUKt
uGV6f2yt+FLG/0QBKpMFXw0qG9+CkxnuMOjVED17BOxmYszJ5JTnB7BxqK4JOXVk
DEqKMi7ZhP+lOWevW7vsuSUrwBEZ9DdSkSp1Qkhp5Si3eKRjrJHTHfLuawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEnZkjn4DqLh6YiRNNzQHtqaAe2wMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvU2RtU09mZ09vdUhwaUpFMDNOQWUycG9CN2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHJeMA0G
CSqGSIb3DQEBCwUAA4IBAQBBU+9LPn2ngwHNcclNfiruQp7d8r3uom3zi4X2eETh
EUO8zqBrXbN7UortrIkYJJ/4vVCjWRdq/7c4efTYCUJUN5JabOh5xrjs2nWDKrzd
wZUWCmi48VHJSc7zX07zf5VGvIs2YXF/3hEQzzf0D4kZ7XiSFAFlEdze4+jtuLMf
ZHkrSgIHB44LjuQO1nizK+Wxw48oata53Rx5dG6D9C5v6Hj9pjMiVWMgoF3zEvQK
Lw5+pKgec/8x7UTcm5AVyxtSWXaLUaGGSsh7wVfGNMvCVyFnp6rqYup+lVDULNbz
kfEexe21F71ec+d7aw4A8m7x2f4pxi9eBfLrZQR1JaBR
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:11:09 2025 by rpki-client