Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/wCKcLlwz8lp4TGcGD311OQ_RgHg.roa
File: wCKcLlwz8lp4TGcGD311OQ_RgHg.roa (raw, json)
Hash identifier: WKF1c7yIK7WX9w4HD8KtXVfpYd9QDPFApVptqw/+VEk=
Subject key identifier: C0:22:9C:2E:5C:33:F2:5A:78:4C:67:06:0F:7D:75:39:0F:D1:80:78
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018612F4FCCB3A04A6A9A28FE80C9CAAAD90
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/wCKcLlwz8lp4TGcGD311OQ_RgHg.roa
Signing time: Thu 02 Feb 2023 16:28:10 +0000
ROA not before: Thu 02 Feb 2023 16:28:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 996
IP address blocks: 176.114.84.0/22 maxlen: 22
176.114.88.0/22 maxlen: 22
176.114.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:12:f4:fc:cb:3a:04:a6:a9:a2:8f:e8:0c:9c:aa:ad:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Feb 2 16:28:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c0229c2e5c33f25a784c67060f7d75390fd18078
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:2a:eb:97:9a:89:7e:ef:7e:5d:2c:61:bc:d2:
58:e6:86:77:d6:77:10:da:d2:3c:7c:9d:3f:9f:f8:
86:4e:ae:ab:f9:b3:fc:d6:35:1b:4c:27:ca:be:cb:
b6:16:df:17:f6:7e:23:bd:ca:cd:fd:4a:48:e0:8f:
7c:0d:eb:43:f6:a0:e9:75:4d:78:23:69:b6:fc:12:
dc:fd:94:93:1d:2a:07:ca:ad:0d:37:00:95:48:96:
9e:5e:78:d1:25:8f:6c:a2:b7:ac:c5:e0:c9:9e:74:
24:16:1f:2f:e3:4b:fa:2d:d0:25:99:b6:e3:84:cc:
02:e3:01:89:1c:50:26:7e:de:85:15:73:72:09:12:
0c:95:37:c8:f4:e8:6d:b3:01:11:6f:57:88:27:3d:
fa:3a:7e:5c:dc:c7:b5:4e:14:e5:61:ef:82:15:73:
ff:f8:24:3e:61:32:64:66:02:fd:ea:a0:7f:6a:09:
88:21:a6:fc:74:ea:09:ee:53:8e:df:51:9d:9e:f4:
68:34:b4:c5:de:23:9d:89:f8:64:ce:fb:1a:20:52:
d7:2a:28:57:c4:9c:81:2b:84:da:70:0b:61:1d:ea:
10:12:f7:d3:84:93:27:3a:0e:52:10:6f:bb:a2:15:
49:ee:c7:e7:d0:94:db:6e:cd:7e:72:c3:6f:fc:9f:
b8:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:22:9C:2E:5C:33:F2:5A:78:4C:67:06:0F:7D:75:39:0F:D1:80:78
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/wCKcLlwz8lp4TGcGD311OQ_RgHg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.84.0-176.114.95.255
Signature Algorithm: sha256WithRSAEncryption
8d:cd:e4:3c:dc:e2:fa:38:ab:8b:68:10:6c:a3:0f:ba:0f:3e:
58:60:90:0f:ca:87:7e:01:d3:47:cd:3d:6b:39:c2:64:85:5c:
12:ba:a7:a7:d1:5d:ea:da:dd:48:e8:56:0f:83:19:30:d4:ca:
3d:80:94:f5:c7:7f:f7:67:6f:87:69:39:7c:55:70:f5:a3:60:
4b:9a:a0:c9:dc:c3:ea:17:df:1f:fa:c1:7d:ee:8c:e8:60:1f:
f2:88:82:c3:61:d6:c7:47:fd:f7:95:b7:a0:ff:ea:1a:2d:20:
60:cb:b7:04:09:85:06:ba:dc:15:a4:a3:cd:81:d0:29:65:33:
1e:91:68:83:dc:64:35:d1:e0:a4:cd:7f:70:fb:ef:e6:6a:0f:
c1:d1:d1:08:45:b8:ff:9a:fd:20:7c:2a:4b:8d:11:65:5e:e2:
13:ef:05:ce:bd:4b:b0:b3:52:22:ed:2a:e8:a0:fe:58:46:2e:
e1:79:79:78:4f:20:b8:92:17:8b:93:cd:88:ad:fd:9e:d0:ff:
6d:25:be:63:3c:1f:a2:d8:55:bc:aa:7d:92:c1:6a:f5:69:f4:
23:c3:7e:3f:62:ed:09:9a:33:2c:3b:5b:0e:e9:97:aa:f4:2c:
1a:c0:c8:10:83:f2:d2:86:8c:da:ee:2d:82:82:67:e0:37:80:
d0:b9:05:23
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYYS9PzLOgSmqaKP6Aycqq2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwMjAyMTYyODEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDIyOWMyZTVjMzNmMjVhNzg0YzY3MDYwZjdkNzUzOTBmZDE4MDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCrrl5qJfu9+XSxhvNJY5oZ31ncQ
2tI8fJ0/n/iGTq6r+bP81jUbTCfKvsu2Ft8X9n4jvcrN/UpI4I98DetD9qDpdU14
I2m2/BLc/ZSTHSoHyq0NNwCVSJaeXnjRJY9soresxeDJnnQkFh8v40v6LdAlmbbj
hMwC4wGJHFAmft6FFXNyCRIMlTfI9OhtswERb1eIJz36On5c3Me1ThTlYe+CFXP/
+CQ+YTJkZgL96qB/agmIIab8dOoJ7lOO31GdnvRoNLTF3iOdifhkzvsaIFLXKihX
xJyBK4TacAthHeoQEvfThJMnOg5SEG+7ohVJ7sfn0JTbbs1+csNv/J+4bQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMAinC5cM/JaeExnBg99dTkP0YB4MB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvd0NLY0xsd3o4bHA0VEdjR0QzMTFPUV9SZ0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKwclQD
BAWwckAwDQYJKoZIhvcNAQELBQADggEBAI3N5Dzc4vo4q4toEGyjD7oPPlhgkA/K
h34B00fNPWs5wmSFXBK6p6fRXera3UjoVg+DGTDUyj2AlPXHf/dnb4dpOXxVcPWj
YEuaoMncw+oX3x/6wX3ujOhgH/KIgsNh1sdH/feVt6D/6hotIGDLtwQJhQa63BWk
o82B0CllMx6RaIPcZDXR4KTNf3D77+ZqD8HR0QhFuP+a/SB8KkuNEWVe4hPvBc69
S7CzUiLtKuig/lhGLuF5eXhPILiSF4uTzYit/Z7Q/20lvmM8H6LYVbyqfZLBavVp
9CPDfj9i7QmaMyw7Ww7pl6r0LBrAyBCD8tKGjNruLYKCZ+A3gNC5BSM=
-----END CERTIFICATE-----
Generated at Sun Apr 20 00:13:48 2025 by rpki-client