Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/xhkffqjg35BV1TkReDuIEc9tXsU.roa
File: xhkffqjg35BV1TkReDuIEc9tXsU.roa (raw, json)
Hash identifier: DMY8YNaqenQrf34qgpLkzgpXT23JFe2y9SQmhOm3szw=
Subject key identifier: C6:19:1F:7E:A8:E0:DF:90:55:D5:39:11:78:3B:88:11:CF:6D:5E:C5
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 089F6392
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/xhkffqjg35BV1TkReDuIEc9tXsU.roa
Signing time: Mon 25 Apr 2022 12:07:04 +0000
ROA not before: Mon 25 Apr 2022 12:07:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 52000
IP address blocks: 176.114.80.0/21 maxlen: 21
176.114.88.0/22 maxlen: 22
176.114.92.0/22 maxlen: 22
176.114.69.0/24 maxlen: 24
176.114.71.0/24 maxlen: 24
176.114.76.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 144663442 (0x89f6392)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Apr 25 12:07:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c6191f7ea8e0df9055d53911783b8811cf6d5ec5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:71:17:35:e7:b2:4e:1b:0e:b5:9f:65:64:90:
96:93:34:43:34:2c:a5:b6:89:3f:85:65:fa:1d:b0:
66:c3:0d:1f:06:45:9a:08:21:32:62:d2:c6:f8:65:
89:4c:31:6e:89:21:19:68:db:d4:f0:44:15:14:ba:
33:ca:e6:c1:fc:4c:8c:b5:8b:33:f4:26:ef:52:19:
e3:78:2e:a3:0e:8a:40:36:19:ff:85:03:fb:03:5d:
2f:fb:77:c5:07:86:82:36:ad:b8:cd:7f:fd:3d:38:
ad:b1:e9:20:f9:04:86:24:cb:1d:ce:fc:01:94:7d:
b8:16:e8:fc:a9:31:e8:ae:8f:cc:a9:74:1f:b6:6c:
52:10:87:d1:c1:e8:69:c5:58:bc:a9:4d:d4:44:33:
3a:c0:08:64:ee:97:d3:6a:82:22:30:f3:45:04:d0:
bb:10:87:11:24:1c:d0:06:4a:84:c2:4d:b1:32:a7:
db:a2:0a:07:b5:50:9c:02:78:82:b0:cb:de:1f:22:
de:47:9e:b8:13:4e:f9:09:03:9f:f9:34:96:95:56:
8d:6d:fc:ad:b1:50:e0:72:49:cc:93:9b:c6:dc:2b:
57:2e:4a:ee:61:12:4a:a2:2a:7a:d6:e8:51:22:dc:
69:90:b4:23:b4:77:85:84:d4:b4:5f:b6:8f:df:14:
16:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:19:1F:7E:A8:E0:DF:90:55:D5:39:11:78:3B:88:11:CF:6D:5E:C5
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/xhkffqjg35BV1TkReDuIEc9tXsU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.69.0/24
176.114.71.0/24
176.114.76.0-176.114.95.255
Signature Algorithm: sha256WithRSAEncryption
7a:4f:fd:67:46:3a:5d:76:bb:6a:c3:29:11:c5:7f:ee:08:70:
e9:a6:60:38:1b:96:fc:93:75:88:81:5d:b1:bd:df:44:54:0d:
e3:ad:ef:45:40:e6:f0:74:7d:42:85:69:c6:4a:04:b5:f0:5a:
9d:0b:fd:b7:a5:f6:f4:0a:76:eb:13:35:29:a5:82:db:0d:c5:
8d:e3:9d:3a:54:ef:0d:e1:91:9f:af:53:73:a3:b9:71:a0:2f:
16:b8:65:6e:9f:f3:44:8a:3f:d4:bc:cf:4f:ed:d3:a4:08:2a:
c7:c7:3e:36:b0:db:cf:89:71:9c:39:5c:59:65:c2:79:39:2c:
82:51:a9:e3:3c:31:03:c4:64:bc:13:9b:62:0a:79:57:7e:cb:
dd:c6:7f:85:de:8f:49:c5:56:dd:a4:4e:34:e3:1c:78:d1:25:
75:78:20:9b:36:3e:8f:24:68:e2:4d:d7:19:ee:e7:df:71:b3:
61:8b:9c:c4:25:76:5b:0a:ed:7e:c1:93:11:fe:57:07:eb:8b:
47:0e:36:b2:2e:90:2f:d1:a3:80:78:52:0a:2f:6a:81:84:9d:
16:c8:7e:c5:e7:c5:5a:68:76:91:48:c6:4c:24:9e:76:3e:50:
27:18:fc:d8:95:83:55:a3:c3:76:fb:4a:a4:ba:6e:c6:73:05:
7a:93:41:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIECJ9jkjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
OWYxZDViMDZmNTcwMTU1NWZmNTg4ODE1NGRkMTQxYjQ4ODk2MTE3MB4XDTIyMDQy
NTEyMDcwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzYxOTFmN2VhOGUw
ZGY5MDU1ZDUzOTExNzgzYjg4MTFjZjZkNWVjNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANhxFzXnsk4bDrWfZWSQlpM0QzQspbaJP4Vl+h2wZsMNHwZF
mgghMmLSxvhliUwxbokhGWjb1PBEFRS6M8rmwfxMjLWLM/Qm71IZ43guow6KQDYZ
/4UD+wNdL/t3xQeGgjatuM1//T04rbHpIPkEhiTLHc78AZR9uBbo/Kkx6K6PzKl0
H7ZsUhCH0cHoacVYvKlN1EQzOsAIZO6X02qCIjDzRQTQuxCHESQc0AZKhMJNsTKn
26IKB7VQnAJ4grDL3h8i3keeuBNO+QkDn/k0lpVWjW38rbFQ4HJJzJObxtwrVy5K
7mESSqIqetboUSLcaZC0I7R3hYTUtF+2j98UFlcCAwEAAaOCAh0wggIZMB0GA1Ud
DgQWBBTGGR9+qODfkFXVORF4O4gRz21exTAfBgNVHSMEGDAWgBS58dWwb1cBVV/1
iIFU3RQbSIlhFzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VmSFZzRzlYQVZWZjlZaUJWTjBVRzBpSllSYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDEvY2FmNWVhLTYyNmUtNDU1YS04NzA4LWY1Y2E4ZmE3MjcwZC8x
L3hoa2ZmcWpnMzVCVjFUa1JlRHVJRWM5dFhzVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEv
Y2FmNWVhLTYyNmUtNDU1YS04NzA4LWY1Y2E4ZmE3MjcwZC8xL3VmSFZzRzlYQVZW
ZjlZaUJWTjBVRzBpSllSYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAz
BggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGgMEALByRQMEALByRzAMAwQCsHJMAwQF
sHJAMA0GCSqGSIb3DQEBCwUAA4IBAQB6T/1nRjpddrtqwykRxX/uCHDppmA4G5b8
k3WIgV2xvd9EVA3jre9FQObwdH1ChWnGSgS18FqdC/23pfb0CnbrEzUppYLbDcWN
4506VO8N4ZGfr1Nzo7lxoC8WuGVun/NEij/UvM9P7dOkCCrHxz42sNvPiXGcOVxZ
ZcJ5OSyCUanjPDEDxGS8E5tiCnlXfsvdxn+F3o9JxVbdpE404xx40SV1eCCbNj6P
JGjiTdcZ7uffcbNhi5zEJXZbCu1+wZMR/lcH64tHDjayLpAv0aOAeFIKL2qBhJ0W
yH7F58VaaHaRSMZMJJ52PlAnGPzYlYNVo8N2+0qkum7GcwV6k0Fn
-----END CERTIFICATE-----
Generated at Sat Apr 19 00:52:45 2025 by rpki-client