Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/V69utR5C_3XJxptIFEMDW0sdtA0.roa
File: V69utR5C_3XJxptIFEMDW0sdtA0.roa (raw, json)
Hash identifier: e3zx/BNegkfSzDXmxh7297QhYlKWn0sJpY1jMW+zedk=
Subject key identifier: 57:AF:6E:B5:1E:42:FF:75:C9:C6:9B:48:14:43:03:5B:4B:1D:B4:0D
Certificate issuer: /CN=2557fa956f0f53980d79c32ce1e6e93efd488fd7
Certificate serial: 018CC80161C4A6147C2C191A3A88BCCC196F
Authority key identifier: 25:57:FA:95:6F:0F:53:98:0D:79:C3:2C:E1:E6:E9:3E:FD:48:8F:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/V69utR5C_3XJxptIFEMDW0sdtA0.roa
Signing time: Tue 02 Jan 2024 02:29:42 +0000
ROA not before: Tue 02 Jan 2024 02:29:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208118
IP address blocks: 152.89.64.0/22 maxlen: 32
2a09:2e40::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:61:c4:a6:14:7c:2c:19:1a:3a:88:bc:cc:19:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2557fa956f0f53980d79c32ce1e6e93efd488fd7
Validity
Not Before: Jan 2 02:29:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=57af6eb51e42ff75c9c69b481443035b4b1db40d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:fd:76:d1:e7:72:ab:dc:e6:b3:43:0c:d3:55:
01:78:f9:89:f9:9f:dd:bc:02:18:02:56:b2:74:06:
06:08:12:a2:f8:ad:50:9b:21:06:aa:26:fa:1c:e7:
57:4a:14:6a:3b:8a:ba:3c:24:8c:2d:66:2b:5a:30:
87:5d:53:b0:8c:46:21:32:2e:f0:50:b1:ee:46:a4:
bd:6e:93:7a:36:11:c0:7c:14:c1:23:d1:b6:88:0a:
76:94:bf:43:a9:1a:9d:c8:ed:c0:7f:52:20:57:d3:
42:dd:76:e5:69:d4:cc:49:40:bc:56:48:54:3a:08:
dd:ff:83:31:3e:e2:f9:f4:67:2d:0c:4d:fd:3c:fe:
88:82:08:7b:31:4a:85:71:2e:ec:bf:3a:a3:cc:a0:
78:44:ba:3e:f0:b5:f8:54:40:23:a1:cf:5a:6c:28:
dd:f1:01:4b:92:2f:15:52:62:31:2a:7b:e3:01:4b:
5b:ee:d1:7a:72:ec:7e:79:eb:a4:87:5e:45:46:b9:
65:99:d4:cb:be:1b:49:ff:47:89:47:8c:51:25:c4:
55:a5:2f:c0:a1:e7:ed:c8:a8:c8:d6:f0:d5:73:89:
b1:d3:32:8c:09:41:44:af:bb:47:52:ea:09:69:d7:
45:2d:54:30:10:64:1f:fa:59:18:b3:0b:8c:ab:ed:
1b:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:AF:6E:B5:1E:42:FF:75:C9:C6:9B:48:14:43:03:5B:4B:1D:B4:0D
X509v3 Authority Key Identifier:
keyid:25:57:FA:95:6F:0F:53:98:0D:79:C3:2C:E1:E6:E9:3E:FD:48:8F:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVf6lW8PU5gNecMs4ebpPv1Ij9c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/V69utR5C_3XJxptIFEMDW0sdtA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/820fea-3c8d-4977-8000-6d7163442244/1/JVf6lW8PU5gNecMs4ebpPv1Ij9c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.64.0/22
IPv6:
2a09:2e40::/29
Signature Algorithm: sha256WithRSAEncryption
8d:f2:5a:39:38:0d:a6:c9:94:fb:31:53:28:c6:fa:76:44:a9:
32:de:06:0d:63:5c:3e:da:0d:8e:94:69:65:d5:36:0b:c1:fe:
b7:c2:a7:b3:65:44:2d:08:d5:20:bf:99:16:a4:ef:35:66:26:
bf:8d:10:0f:ae:be:d1:3f:0c:04:86:7f:59:0d:e0:16:83:7d:
7f:27:c9:20:3e:4f:23:45:c4:b2:99:b9:69:31:0b:91:b6:65:
06:41:c0:8f:91:47:97:70:f9:9d:a7:b3:43:74:dd:93:a6:e0:
4f:af:44:8b:61:50:06:9d:50:d5:9f:b8:2e:48:a1:b0:0f:7e:
89:26:eb:60:a2:ea:4f:21:2e:ea:eb:7e:36:91:6a:3d:ac:e8:
aa:27:04:d1:d4:6c:b4:d6:f7:cc:5a:2d:ff:9e:03:4a:8e:11:
6a:81:e1:7a:94:b6:5f:3c:63:fe:e4:37:96:3f:36:fd:f6:28:
3f:8f:4f:8b:e1:ca:e9:1c:8c:4c:49:5b:7f:a4:e7:a7:ea:62:
5f:76:3e:52:3f:34:9b:aa:fb:10:23:7b:99:bb:c7:ed:4e:ea:
88:4a:ff:f3:d3:c3:53:a3:33:cf:50:6b:cb:17:7a:88:fb:05:
8f:47:c2:dd:03:48:69:99:e4:35:04:92:ed:2c:27:05:9c:2d:
57:d6:93:1a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAWHEphR8LBkaOoi8zBlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTdmYTk1NmYwZjUzOTgwZDc5YzMyY2UxZTZlOTNlZmQ0
ODhmZDcwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2FmNmViNTFlNDJmZjc1YzljNjliNDgxNDQzMDM1YjRiMWRiNDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/120edyq9zms0MM01UBePmJ+Z/d
vAIYAlaydAYGCBKi+K1QmyEGqib6HOdXShRqO4q6PCSMLWYrWjCHXVOwjEYhMi7w
ULHuRqS9bpN6NhHAfBTBI9G2iAp2lL9DqRqdyO3Af1IgV9NC3XbladTMSUC8VkhU
Ogjd/4MxPuL59GctDE39PP6Iggh7MUqFcS7svzqjzKB4RLo+8LX4VEAjoc9abCjd
8QFLki8VUmIxKnvjAUtb7tF6cux+eeukh15FRrllmdTLvhtJ/0eJR4xRJcRVpS/A
oeftyKjI1vDVc4mx0zKMCUFEr7tHUuoJaddFLVQwEGQf+lkYswuMq+0b+wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFevbrUeQv91ycabSBRDA1tLHbQNMB8GA1UdIwQY
MBaAFCVX+pVvD1OYDXnDLOHm6T79SI/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZmNmxXOFBVNWdOZWNNczRlYnBQdjFJajljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MjBmZWEtM2M4ZC00OTc3LTgwMDAt
NmQ3MTYzNDQyMjQ0LzEvVjY5dXRSNUNfM1hKeHB0SUZFTURXMHNkdEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MjBmZWEtM2M4ZC00OTc3LTgwMDAtNmQ3MTYzNDQyMjQ0
LzEvSlZmNmxXOFBVNWdOZWNNczRlYnBQdjFJajljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCmFlAMA0E
AgACMAcDBQMqCS5AMA0GCSqGSIb3DQEBCwUAA4IBAQCN8lo5OA2myZT7MVMoxvp2
RKky3gYNY1w+2g2OlGll1TYLwf63wqezZUQtCNUgv5kWpO81Zia/jRAPrr7RPwwE
hn9ZDeAWg31/J8kgPk8jRcSymblpMQuRtmUGQcCPkUeXcPmdp7NDdN2TpuBPr0SL
YVAGnVDVn7guSKGwD36JJutgoupPIS7q6342kWo9rOiqJwTR1Gy01vfMWi3/ngNK
jhFqgeF6lLZfPGP+5DeWPzb99ig/j0+L4crpHIxMSVt/pOen6mJfdj5SPzSbqvsQ
I3uZu8ftTuqISv/z08NTozPPUGvLF3qI+wWPR8LdA0hpmeQ1BJLtLCcFnC1X1pMa
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:58:55 2025 by rpki-client