Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/hEF_QgoyhNf5r6XJ0RVHkx4cVJQ.roa
File: hEF_QgoyhNf5r6XJ0RVHkx4cVJQ.roa (raw, json)
Hash identifier: 9Tspz7MMiOWp8KKePnp8cA5504s6EjWyzgCCAVh+1ro=
Subject key identifier: 84:41:7F:42:0A:32:84:D7:F9:AF:A5:C9:D1:15:47:93:1E:1C:54:94
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 0186EA81E7BC7FC01BBDCDEBB826032C3253
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/hEF_QgoyhNf5r6XJ0RVHkx4cVJQ.roa
Signing time: Thu 16 Mar 2023 13:00:27 +0000
ROA not before: Thu 16 Mar 2023 13:00:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207967
IP address blocks: 176.114.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ea:81:e7:bc:7f:c0:1b:bd:cd:eb:b8:26:03:2c:32:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Mar 16 13:00:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=84417f420a3284d7f9afa5c9d11547931e1c5494
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:fe:b4:54:3d:82:1e:b1:4e:2e:94:a1:e4:8c:
c7:1b:d3:c6:aa:6e:3d:c7:0e:c6:8a:fa:98:e5:65:
b3:bf:c4:57:c2:1e:69:bc:61:79:9a:be:14:c6:2a:
7b:88:be:53:65:4e:8c:b8:4b:7d:9c:57:1b:4e:79:
1d:7f:8c:1f:e1:fc:80:23:69:72:90:07:72:82:03:
65:45:c2:cb:d5:c6:03:94:66:8c:78:c5:ff:02:da:
17:c9:12:1c:de:c5:9a:30:f7:10:56:a8:c3:45:8d:
e2:25:25:d7:02:e5:1f:f2:f1:0e:0a:34:4f:49:a6:
b0:b6:ea:68:86:0e:6e:ba:a3:0c:0d:90:a5:e4:b0:
d6:32:85:41:96:be:16:6c:6e:76:72:f7:9a:f3:d3:
56:a0:b9:5a:2f:c8:6f:f6:8c:1d:e8:89:f5:51:14:
6d:e6:cc:f1:08:98:61:44:71:49:dc:76:56:f6:96:
ec:3f:ef:95:a4:98:e1:ba:b1:0b:29:9b:6d:37:a4:
25:9a:07:e1:d2:f8:a1:2f:68:e9:8d:d3:38:86:15:
9a:3d:75:a6:ff:29:44:6c:5f:74:20:a8:0c:2d:1d:
c1:2c:3c:3b:64:7a:22:d5:60:06:1f:49:6f:93:00:
2c:77:12:9f:aa:fc:74:3e:63:23:b7:77:e3:f3:ff:
c7:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:41:7F:42:0A:32:84:D7:F9:AF:A5:C9:D1:15:47:93:1E:1C:54:94
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/hEF_QgoyhNf5r6XJ0RVHkx4cVJQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.88.0/22
Signature Algorithm: sha256WithRSAEncryption
ae:17:cc:58:e7:95:ae:d0:e2:7a:f4:c9:8b:57:cd:ee:7a:c9:
1e:85:9a:55:98:eb:22:5f:a6:90:b1:bf:ad:33:42:97:ec:f3:
4e:4a:96:7a:05:d9:b9:11:8e:fa:a7:d8:4d:a3:df:9a:5e:06:
74:cf:52:a7:a4:e7:d5:93:ee:cd:c5:86:4a:7e:80:e1:59:ec:
d5:81:62:11:47:5f:9c:ad:85:2f:fb:49:dd:3b:aa:0a:37:e6:
c0:eb:62:c0:21:67:81:8e:72:5b:10:dd:31:6f:18:2e:ce:02:
bb:f3:d8:88:35:87:55:ce:95:e8:e6:da:24:78:a6:4d:83:fe:
a3:69:d7:80:91:6b:20:75:5f:65:fb:03:ea:3e:83:6f:5f:53:
f3:27:97:77:98:dd:68:c3:be:ef:1c:4e:b2:73:8e:1b:a1:96:
57:f3:8c:b5:b2:59:cd:d3:54:ea:97:b5:84:43:6d:bf:4a:a7:
cc:06:09:f8:44:f2:4c:a6:59:99:8b:0b:7d:5d:1e:02:3f:19:
28:f3:5e:4a:2a:ce:ae:05:fe:b2:4a:6e:10:dc:b4:5e:48:d5:
2b:69:7f:01:ed:59:d1:99:da:70:98:79:08:dc:81:25:1f:a0:
11:6e:7c:4c:7e:40:ab:7f:38:8b:74:99:07:a9:8d:79:69:76:
ea:cc:29:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYbqgee8f8Abvc3ruCYDLDJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwMzE2MTMwMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQxN2Y0MjBhMzI4NGQ3ZjlhZmE1YzlkMTE1NDc5MzFlMWM1NDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/60VD2CHrFOLpSh5IzHG9PGqm49
xw7GivqY5WWzv8RXwh5pvGF5mr4Uxip7iL5TZU6MuEt9nFcbTnkdf4wf4fyAI2ly
kAdyggNlRcLL1cYDlGaMeMX/AtoXyRIc3sWaMPcQVqjDRY3iJSXXAuUf8vEOCjRP
Saawtupohg5uuqMMDZCl5LDWMoVBlr4WbG52cvea89NWoLlaL8hv9owd6In1URRt
5szxCJhhRHFJ3HZW9pbsP++VpJjhurELKZttN6Qlmgfh0vihL2jpjdM4hhWaPXWm
/ylEbF90IKgMLR3BLDw7ZHoi1WAGH0lvkwAsdxKfqvx0PmMjt3fj8//H3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRBf0IKMoTX+a+lydEVR5MeHFSUMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvaEVGX1Fnb3loTmY1cjZYSjBSVkhreDRjVkpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHJYMA0G
CSqGSIb3DQEBCwUAA4IBAQCuF8xY55Wu0OJ69MmLV83ueskehZpVmOsiX6aQsb+t
M0KX7PNOSpZ6Bdm5EY76p9hNo9+aXgZ0z1KnpOfVk+7NxYZKfoDhWezVgWIRR1+c
rYUv+0ndO6oKN+bA62LAIWeBjnJbEN0xbxguzgK789iINYdVzpXo5tokeKZNg/6j
adeAkWsgdV9l+wPqPoNvX1PzJ5d3mN1ow77vHE6yc44boZZX84y1slnN01Tql7WE
Q22/SqfMBgn4RPJMplmZiwt9XR4CPxko815KKs6uBf6ySm4Q3LReSNUraX8B7VnR
mdpwmHkI3IElH6ARbnxMfkCrfziLdJkHqY15aXbqzCkc
-----END CERTIFICATE-----
Generated at Sat Apr 19 00:40:27 2025 by rpki-client