Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/iuJfVNRCXn7RkZgxrcmDOCmVVFE.roa
File: iuJfVNRCXn7RkZgxrcmDOCmVVFE.roa (raw, json)
Hash identifier: 7gOesFt6OCutyLGMDaax3tpCui3v4GGEB7lZXBNAB4Q=
Subject key identifier: 8A:E2:5F:54:D4:42:5E:7E:D1:91:98:31:AD:C9:83:38:29:95:54:51
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 01874C48E144FEAFEF9179A791DA91EF162B
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/iuJfVNRCXn7RkZgxrcmDOCmVVFE.roa
Signing time: Tue 04 Apr 2023 12:40:57 +0000
ROA not before: Tue 04 Apr 2023 12:40:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201224
IP address blocks: 176.114.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4c:48:e1:44:fe:af:ef:91:79:a7:91:da:91:ef:16:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Apr 4 12:40:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8ae25f54d4425e7ed1919831adc9833829955451
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:6d:b3:94:92:e6:dc:ff:d5:94:66:cf:ac:63:
e9:b2:e2:40:cc:0e:03:66:a7:13:94:6a:cb:4f:2e:
85:84:fa:ef:10:06:c5:3a:e3:87:df:fe:fc:31:23:
e1:e2:92:cb:b6:f2:9f:12:e8:d3:dc:47:38:5b:a6:
8e:40:35:9e:01:8d:45:01:2c:ab:97:8f:84:10:7d:
7b:ec:ba:1d:e7:0a:8e:7b:a9:6a:04:45:2f:f2:9e:
6e:29:b5:f4:ba:6c:a2:da:7a:25:d4:92:a6:04:c5:
15:fa:af:4d:a4:d2:ff:db:00:72:c8:9a:0b:a4:ca:
4a:7d:63:b2:35:b8:fb:b6:ec:98:86:fb:ec:86:db:
83:20:d1:8e:de:de:4f:83:c5:e9:6c:60:00:cb:51:
f6:b0:34:bb:20:63:f8:2e:9e:5d:32:3b:aa:ab:41:
43:d1:72:1f:03:16:94:6c:14:e4:0e:52:a5:16:20:
17:13:80:ac:c9:e7:4f:0f:43:aa:dc:36:25:4d:f5:
c5:78:97:73:77:90:4c:d4:38:9c:2c:39:5b:ba:05:
d5:ed:98:19:61:bd:6d:91:2f:42:49:08:42:7d:01:
98:ea:79:be:7e:89:24:45:1e:cc:1a:68:5e:a6:8f:
45:2b:63:6c:35:ca:f4:92:3d:53:db:1a:08:50:64:
fc:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:E2:5F:54:D4:42:5E:7E:D1:91:98:31:AD:C9:83:38:29:95:54:51
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/iuJfVNRCXn7RkZgxrcmDOCmVVFE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.91.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:ac:5f:f9:39:f5:67:14:fa:be:b7:a5:c3:b2:b8:31:75:bf:
80:65:89:b6:ed:08:f1:c5:ae:b6:f6:89:24:a0:0b:b0:f3:6b:
e8:4e:18:c0:4a:09:2c:7a:62:84:58:1b:e8:87:f7:63:1e:dc:
18:63:c4:cb:68:3e:be:0a:4d:e7:5a:df:73:b8:49:11:40:fb:
b1:fe:5c:36:80:f0:40:51:6c:62:d7:21:e1:a9:3f:05:61:59:
5a:c1:b3:6f:03:5d:24:26:8d:56:23:e9:3a:ae:11:39:d8:26:
5b:09:31:0a:88:6b:c2:4e:91:7a:ea:4c:63:17:e5:21:53:71:
c1:75:ec:ee:a5:d6:51:81:bb:2e:d6:79:19:d0:17:93:68:ff:
db:8e:5f:1e:bf:a9:a1:76:3d:9e:93:f9:90:f0:e9:db:a8:67:
ec:b3:b4:29:55:15:e7:b6:22:58:af:ff:f0:ff:b2:84:e6:d0:
a3:62:98:1a:fb:31:a4:16:39:22:0e:ba:7e:97:24:e0:6a:53:
42:aa:99:09:d3:23:f8:e2:92:39:d0:29:c1:60:c4:ce:d7:87:
55:a6:bb:34:c8:6c:f3:5b:27:b3:fd:ef:ef:68:37:ba:02:b5:
4a:28:90:e7:58:c9:13:ce:9a:cc:a6:0c:9a:7f:57:e6:19:39:
ec:40:de:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdMSOFE/q/vkXmnkdqR7xYrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwNDA0MTI0MDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWUyNWY1NGQ0NDI1ZTdlZDE5MTk4MzFhZGM5ODMzODI5OTU1NDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW2zlJLm3P/VlGbPrGPpsuJAzA4D
ZqcTlGrLTy6FhPrvEAbFOuOH3/78MSPh4pLLtvKfEujT3Ec4W6aOQDWeAY1FASyr
l4+EEH177Lod5wqOe6lqBEUv8p5uKbX0umyi2nol1JKmBMUV+q9NpNL/2wByyJoL
pMpKfWOyNbj7tuyYhvvshtuDINGO3t5Pg8XpbGAAy1H2sDS7IGP4Lp5dMjuqq0FD
0XIfAxaUbBTkDlKlFiAXE4CsyedPD0Oq3DYlTfXFeJdzd5BM1DicLDlbugXV7ZgZ
Yb1tkS9CSQhCfQGY6nm+fokkRR7MGmhepo9FK2NsNcr0kj1T2xoIUGT8AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIriX1TUQl5+0ZGYMa3JgzgplVRRMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvaXVKZlZOUkNYbjdSa1pneHJjbURPQ21WVkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHJbMA0G
CSqGSIb3DQEBCwUAA4IBAQBerF/5OfVnFPq+t6XDsrgxdb+AZYm27Qjxxa629okk
oAuw82voThjASgksemKEWBvoh/djHtwYY8TLaD6+Ck3nWt9zuEkRQPux/lw2gPBA
UWxi1yHhqT8FYVlawbNvA10kJo1WI+k6rhE52CZbCTEKiGvCTpF66kxjF+UhU3HB
dezupdZRgbsu1nkZ0BeTaP/bjl8ev6mhdj2ek/mQ8OnbqGfss7QpVRXntiJYr//w
/7KE5tCjYpga+zGkFjkiDrp+lyTgalNCqpkJ0yP44pI50CnBYMTO14dVprs0yGzz
Wyez/e/vaDe6ArVKKJDnWMkTzprMpgyaf1fmGTnsQN4R
-----END CERTIFICATE-----
Generated at Sat Apr 19 00:33:01 2025 by rpki-client