Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/BDZ4xVmk5KhbTu80qvRgtgFfHZs.roa
File: BDZ4xVmk5KhbTu80qvRgtgFfHZs.roa (raw, json)
Hash identifier: clDo32DOnPAoEOBQk+PIuMreI3hQ+1+vsvNJ/pqHOBM=
Subject key identifier: 04:36:78:C5:59:A4:E4:A8:5B:4E:EF:34:AA:F4:60:B6:01:5F:1D:9B
Certificate issuer: /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial: 0193B15F2330B32A537E2E67EA6E59313142
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/BDZ4xVmk5KhbTu80qvRgtgFfHZs.roa
Signing time: Tue 10 Dec 2024 16:20:22 +0000
ROA not before: Tue 10 Dec 2024 16:20:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51824
IP address blocks: 192.162.196.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:b1:5f:23:30:b3:2a:53:7e:2e:67:ea:6e:59:31:31:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Validity
Not Before: Dec 10 16:20:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=043678c559a4e4a85b4eef34aaf460b6015f1d9b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:71:5a:74:82:91:99:b8:67:c0:19:85:04:92:
b2:cb:79:cc:72:95:74:83:e5:72:51:ad:65:f7:c2:
03:e8:6c:0b:2e:ab:9a:b3:32:d7:38:ba:1b:a1:e0:
e6:ff:db:cf:ad:e3:1a:12:83:20:a6:53:47:69:10:
2c:30:2e:21:be:b1:b0:6b:10:5e:66:74:dd:c7:94:
b0:d1:8e:aa:10:89:03:92:f3:c5:06:c6:a2:0f:41:
23:b2:7e:d2:75:a1:2c:27:96:33:89:f3:c5:47:b5:
bb:3d:0c:24:d2:1d:51:f1:a9:81:8c:09:53:59:53:
b8:ca:28:5c:69:99:7f:03:58:16:71:3c:f8:60:3a:
dd:92:15:df:08:ba:cd:c4:61:a8:84:57:8f:ac:ac:
40:d1:53:e3:13:7e:c0:ed:36:3a:07:a0:4c:9f:6b:
eb:e1:5d:d0:f5:7b:49:17:56:7e:63:9b:bc:bd:38:
7e:8b:64:da:3e:a8:f9:d2:1a:7b:3a:2c:65:85:01:
b6:6a:fe:00:c3:9a:75:9f:0f:c7:91:54:ce:07:5b:
b2:8d:01:7e:52:f9:57:9f:34:62:d7:9f:35:25:ac:
70:7e:fa:98:fa:18:4b:4b:9c:79:5d:c3:bb:78:6c:
92:be:ee:ca:96:05:9a:91:e9:f2:22:71:fb:b8:08:
96:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:36:78:C5:59:A4:E4:A8:5B:4E:EF:34:AA:F4:60:B6:01:5F:1D:9B
X509v3 Authority Key Identifier:
keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/BDZ4xVmk5KhbTu80qvRgtgFfHZs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.162.196.0/23
Signature Algorithm: sha256WithRSAEncryption
7e:c8:02:2b:41:0e:fe:45:98:41:bd:1e:67:33:6d:50:b2:54:
b4:9b:60:d3:40:2f:c7:59:2b:84:8d:66:a2:db:e8:45:52:9d:
7d:44:c5:74:1c:f6:63:68:77:90:c2:d1:20:69:1d:48:e2:06:
59:3e:3e:c5:2d:79:12:fa:26:4c:c3:31:9e:b4:ec:a7:15:9c:
a2:58:e3:62:ac:ed:a2:97:5c:6c:56:80:e5:59:cd:9b:a9:3d:
4b:3c:f2:03:79:2a:5d:4a:3d:26:d3:4d:24:1d:78:45:63:d9:
c0:cb:19:f8:dd:ab:2f:b5:30:74:f2:99:66:4c:d0:c1:05:ec:
6a:d3:14:ae:ea:11:45:31:23:2d:4d:30:ec:df:f2:36:2e:72:
ec:fc:b2:67:cf:35:74:5b:6b:70:98:94:1a:f5:4b:92:b4:a1:
2c:13:21:a1:1c:d4:85:81:c6:f1:72:3e:82:c1:5c:2a:0a:b3:
23:e7:26:a2:62:d0:b8:e4:6b:53:b7:c8:a0:d8:ef:9b:a6:5e:
85:0d:44:4d:51:ba:3e:dc:84:b2:d7:0f:ed:d9:ff:0d:54:4a:
30:b4:70:c8:ac:e9:5a:af:2b:e1:8d:46:f4:12:fa:0b:bb:ae:
ff:c6:1f:ae:f8:ad:a7:42:f9:b9:b5:dc:f4:65:36:55:c4:58:
c6:1f:34:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZOxXyMwsypTfi5n6m5ZMTFCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQxMjEwMTYyMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM2NzhjNTU5YTRlNGE4NWI0ZWVmMzRhYWY0NjBiNjAxNWYxZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznFadIKRmbhnwBmFBJKyy3nMcpV0
g+VyUa1l98ID6GwLLquaszLXOLoboeDm/9vPreMaEoMgplNHaRAsMC4hvrGwaxBe
ZnTdx5Sw0Y6qEIkDkvPFBsaiD0Ejsn7SdaEsJ5YzifPFR7W7PQwk0h1R8amBjAlT
WVO4yihcaZl/A1gWcTz4YDrdkhXfCLrNxGGohFePrKxA0VPjE37A7TY6B6BMn2vr
4V3Q9XtJF1Z+Y5u8vTh+i2TaPqj50hp7OixlhQG2av4Aw5p1nw/HkVTOB1uyjQF+
UvlXnzRi1581JaxwfvqY+hhLS5x5XcO7eGySvu7KlgWakenyInH7uAiWaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQ2eMVZpOSoW07vNKr0YLYBXx2bMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvQkRaNHhWbWs1S2hiVHU4MHF2Umd0Z0ZmSFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwKLEMA0G
CSqGSIb3DQEBCwUAA4IBAQB+yAIrQQ7+RZhBvR5nM21QslS0m2DTQC/HWSuEjWai
2+hFUp19RMV0HPZjaHeQwtEgaR1I4gZZPj7FLXkS+iZMwzGetOynFZyiWONirO2i
l1xsVoDlWc2bqT1LPPIDeSpdSj0m000kHXhFY9nAyxn43asvtTB08plmTNDBBexq
0xSu6hFFMSMtTTDs3/I2LnLs/LJnzzV0W2twmJQa9UuStKEsEyGhHNSFgcbxcj6C
wVwqCrMj5yaiYtC45GtTt8ig2O+bpl6FDURNUbo+3ISy1w/t2f8NVEowtHDIrOla
ryvhjUb0EvoLu67/xh+u+K2nQvm5tdz0ZTZVxFjGHzQn
-----END CERTIFICATE-----
Generated at Wed Apr 23 02:14:45 2025 by rpki-client