Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/oXKZJ8LtFZcrjcz2bW7JKXc3VE4.roa
File: oXKZJ8LtFZcrjcz2bW7JKXc3VE4.roa (raw, json)
Hash identifier: cgJD6k7USJDktu7UGN3TLa2/aS9I5YO+QBTH/vrBlro=
Subject key identifier: A1:72:99:27:C2:ED:15:97:2B:8D:CC:F6:6D:6E:C9:29:77:37:54:4E
Certificate issuer: /CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Certificate serial: 01937229EB3E381ED7647326207C72C16BE1
Authority key identifier: 60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/oXKZJ8LtFZcrjcz2bW7JKXc3VE4.roa
Signing time: Thu 28 Nov 2024 09:46:09 +0000
ROA not before: Thu 28 Nov 2024 09:46:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197071
IP address blocks: 212.11.64.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:72:29:eb:3e:38:1e:d7:64:73:26:20:7c:72:c1:6b:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Validity
Not Before: Nov 28 09:46:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a1729927c2ed15972b8dccf66d6ec9297737544e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:bb:c6:cc:51:7c:67:a0:d9:5a:69:ad:22:00:
fe:7d:b6:cb:32:bf:f7:ac:f7:f0:5d:10:fe:50:94:
b1:0c:56:9a:be:f3:08:5c:85:91:1a:72:b2:9a:26:
7a:3b:29:d3:61:98:1f:c1:7b:28:45:38:85:fd:17:
3d:36:ba:d1:84:da:46:13:dc:a2:fc:55:83:25:1e:
4b:74:55:3b:2f:bd:00:d7:77:b9:8d:d4:1f:5e:a3:
b2:9a:12:44:51:69:77:e9:16:61:53:29:80:e1:d2:
90:62:08:94:f4:93:4c:59:c3:fa:7f:28:4a:93:3a:
15:b7:3f:cf:90:80:56:bd:2d:0c:31:f2:da:98:4f:
4b:25:a0:82:fa:db:76:71:ca:07:33:65:1c:fe:26:
e3:f6:fd:4a:6d:8c:06:8f:59:a0:ca:9c:c6:52:7e:
44:e3:ad:be:7b:21:3c:75:15:cd:81:70:e9:d6:0e:
ff:84:e5:ef:62:e6:3f:1f:96:dc:0c:04:fe:d6:8c:
3d:4f:9e:0c:d7:4a:f9:8c:c3:5e:4f:a4:c8:26:f2:
14:c5:73:08:ec:8e:3d:0f:ec:61:30:cb:cd:73:49:
09:3c:60:4d:62:b5:58:e1:e7:15:ee:5b:39:ab:53:
62:71:94:45:e1:0c:a2:21:f0:9d:9a:69:21:31:77:
31:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:72:99:27:C2:ED:15:97:2B:8D:CC:F6:6D:6E:C9:29:77:37:54:4E
X509v3 Authority Key Identifier:
keyid:60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/oXKZJ8LtFZcrjcz2bW7JKXc3VE4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.11.64.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:b8:d8:a2:19:07:67:9d:ce:9c:28:14:fe:fb:64:95:4b:7a:
2f:aa:9c:e3:39:40:a1:2a:e8:90:b0:d1:a0:ec:59:c9:fa:59:
48:a0:89:b0:31:35:7e:71:db:f3:fe:8b:ec:ff:03:ba:3b:9c:
18:5c:b5:09:2d:54:2d:81:40:72:9f:07:1b:ab:5e:07:f6:3b:
b8:c5:8a:1f:fa:d1:9c:22:23:60:6e:92:ce:7e:fc:e6:c8:b0:
56:40:ab:7c:dd:01:5f:aa:12:bd:3f:c3:a5:b1:e1:75:b2:af:
75:9f:e9:ab:ea:40:6a:d6:e9:30:e2:5a:04:5d:31:d5:b6:01:
b5:e1:c0:be:2a:15:9b:5d:ad:84:fa:be:2c:5d:b7:37:3b:04:
10:2d:41:35:94:83:03:06:84:b4:e7:cb:ef:6f:fc:77:0c:e7:
9f:fd:c3:d3:a6:5e:0c:ee:44:d3:bf:38:7e:16:ba:e9:27:fc:
69:ec:44:24:05:7a:2c:92:22:f8:ba:db:3e:3e:eb:4c:13:d7:
e2:e3:5b:20:b2:ee:10:5c:1d:96:47:a4:fc:c4:1e:cf:65:53:
2f:59:5f:a4:77:19:42:82:52:e8:7f:28:52:65:20:1c:4e:41:
5b:74:aa:6d:60:6f:25:ea:24:2b:4d:85:b0:61:93:fa:41:f8:
b1:e9:fc:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNyKes+OB7XZHMmIHxywWvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTk4ZDNjOWQ4YmRjOWMxZGZmOGUzMTk0MjQ0MTJiNmNk
YzFkZDMwHhcNMjQxMTI4MDk0NjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTcyOTkyN2MyZWQxNTk3MmI4ZGNjZjY2ZDZlYzkyOTc3Mzc1NDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLvGzFF8Z6DZWmmtIgD+fbbLMr/3
rPfwXRD+UJSxDFaavvMIXIWRGnKymiZ6OynTYZgfwXsoRTiF/Rc9NrrRhNpGE9yi
/FWDJR5LdFU7L70A13e5jdQfXqOymhJEUWl36RZhUymA4dKQYgiU9JNMWcP6fyhK
kzoVtz/PkIBWvS0MMfLamE9LJaCC+tt2ccoHM2Uc/ibj9v1KbYwGj1mgypzGUn5E
462+eyE8dRXNgXDp1g7/hOXvYuY/H5bcDAT+1ow9T54M10r5jMNeT6TIJvIUxXMI
7I49D+xhMMvNc0kJPGBNYrVY4ecV7ls5q1NicZRF4QyiIfCdmmkhMXcxqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFymSfC7RWXK43M9m1uySl3N1ROMB8GA1UdIwQY
MBaAFGCZjTydi9ycHf+OMZQkQSts3B3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWIt
MGVhNGQ1MzFiNzkzLzEvb1hLWko4THRGWmNyamN6MmJXN0pLWGMzVkU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWItMGVhNGQ1MzFiNzkz
LzEvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AtAMA0G
CSqGSIb3DQEBCwUAA4IBAQBruNiiGQdnnc6cKBT++2SVS3ovqpzjOUChKuiQsNGg
7FnJ+llIoImwMTV+cdvz/ovs/wO6O5wYXLUJLVQtgUBynwcbq14H9ju4xYof+tGc
IiNgbpLOfvzmyLBWQKt83QFfqhK9P8OlseF1sq91n+mr6kBq1ukw4loEXTHVtgG1
4cC+KhWbXa2E+r4sXbc3OwQQLUE1lIMDBoS058vvb/x3DOef/cPTpl4M7kTTvzh+
FrrpJ/xp7EQkBXoskiL4uts+PutME9fi41sgsu4QXB2WR6T8xB7PZVMvWV+kdxlC
glLofyhSZSAcTkFbdKptYG8l6iQrTYWwYZP6Qfix6fxs
-----END CERTIFICATE-----
Generated at Thu Apr 17 07:31:30 2025 by rpki-client