Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/BJVsvV5t1DB0LIlqYi1gHDLqji8.roa
File: BJVsvV5t1DB0LIlqYi1gHDLqji8.roa (raw, json)
Hash identifier: aWB4Vq4tjqKytWfsAd+3Xx03Ty3ecRYBzWjg4noJliQ=
Subject key identifier: 04:95:6C:BD:5E:6D:D4:30:74:2C:89:6A:62:2D:60:1C:32:EA:8E:2F
Certificate issuer: /CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Certificate serial: 018573E85F49EE48D84CDE66EEA6E0AD8165
Authority key identifier: B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/BJVsvV5t1DB0LIlqYi1gHDLqji8.roa
Signing time: Mon 02 Jan 2023 19:14:46 +0000
ROA not before: Mon 02 Jan 2023 19:14:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31008
IP address blocks: 217.168.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:e8:5f:49:ee:48:d8:4c:de:66:ee:a6:e0:ad:81:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b10c3cf3dc53ca549c03e4f5f46d91ce90b8e070
Validity
Not Before: Jan 2 19:14:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=04956cbd5e6dd430742c896a622d601c32ea8e2f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:34:1e:a0:6b:52:7f:3b:13:06:b7:25:d7:f9:
26:ba:8d:5f:db:d7:ff:10:e3:38:db:a1:f7:a4:62:
b3:3a:c2:ff:78:08:1e:1b:ed:a0:2b:1a:04:29:db:
18:63:f1:8b:61:f2:da:f3:69:7e:25:6b:8f:7f:f2:
5b:65:2c:f0:da:54:ab:4d:59:9e:0a:ef:3b:52:38:
3a:cc:06:ce:92:f3:73:26:f4:b6:bd:b6:2d:bf:bc:
cb:a3:c2:43:63:ef:68:b6:b7:6e:36:66:23:a9:2f:
d2:71:07:23:0c:74:d5:01:2b:a9:3c:92:c3:17:7f:
6d:a7:2c:ff:1c:af:6a:82:0a:6d:f8:87:a5:b1:d3:
48:4f:15:30:4b:b1:00:41:e3:01:fd:ff:5d:ed:cf:
b8:d2:4c:08:0b:e9:ce:fe:28:b5:4a:18:2a:1b:1e:
2e:20:93:bf:bb:f9:df:db:92:41:44:cd:4e:20:8b:
af:cb:ba:95:8b:ce:55:27:6d:6a:56:b3:e5:49:07:
d6:e2:86:95:7b:05:f8:cb:b6:de:54:be:43:07:eb:
a3:15:ed:73:42:cc:bc:53:d0:a0:22:13:d1:3a:5c:
8f:9b:c5:b1:78:18:51:3a:e4:2c:38:e8:17:5a:3f:
80:e4:c6:cf:5d:d1:6f:d4:c6:b0:0f:05:e8:b0:13:
c1:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:95:6C:BD:5E:6D:D4:30:74:2C:89:6A:62:2D:60:1C:32:EA:8E:2F
X509v3 Authority Key Identifier:
keyid:B1:0C:3C:F3:DC:53:CA:54:9C:03:E4:F5:F4:6D:91:CE:90:B8:E0:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQw889xTylScA-T19G2RzpC44HA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/BJVsvV5t1DB0LIlqYi1gHDLqji8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/25cdb4-e508-4b37-81bc-36f82bd379bd/1/sQw889xTylScA-T19G2RzpC44HA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.168.247.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:b3:97:ad:df:95:09:17:64:d3:46:48:d6:ce:00:33:af:e1:
5b:cd:93:92:99:8f:01:ad:d8:3c:0d:9d:d1:c5:59:db:24:06:
d7:1e:18:1d:d8:30:ef:73:ad:b1:ba:85:35:03:5d:cc:5e:6c:
a4:ed:e4:13:eb:58:57:ad:06:11:7e:37:b0:13:50:d3:7b:7c:
cc:be:93:c0:df:7f:0d:77:94:c3:c8:d7:78:27:26:68:1d:55:
a6:2d:f9:1b:af:82:58:1e:1e:d1:79:ff:ea:03:e9:cf:3a:ad:
ed:1e:70:52:03:95:9b:39:7f:8a:19:3e:64:0d:2e:d5:78:67:
77:da:37:3a:3f:38:37:43:06:e3:18:3c:24:8f:32:80:4d:ce:
f9:15:50:f1:51:d9:61:47:d9:b0:83:6c:2d:53:c8:0f:bf:eb:
2a:e4:ea:55:49:1e:7e:dd:f1:00:61:6a:bb:ad:7e:79:1c:c5:
81:cb:7e:b5:e1:c4:b3:4c:61:4e:f8:93:92:5e:c9:34:1e:2d:
b3:02:b0:52:0c:47:bf:84:44:00:7a:ef:33:4f:c7:9f:63:3f:
ab:17:8c:86:57:f1:f0:56:e5:d3:aa:f6:ef:7b:3a:f2:70:1c:
81:2c:0f:7d:e6:64:c8:ff:2a:2f:dd:88:ce:21:c4:c3:90:98:
18:16:6d:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVz6F9J7kjYTN5m7qbgrYFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGMzY2YzZGM1M2NhNTQ5YzAzZTRmNWY0NmQ5MWNlOTBi
OGUwNzAwHhcNMjMwMTAyMTkxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk1NmNiZDVlNmRkNDMwNzQyYzg5NmE2MjJkNjAxYzMyZWE4ZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTQeoGtSfzsTBrcl1/kmuo1f29f/
EOM426H3pGKzOsL/eAgeG+2gKxoEKdsYY/GLYfLa82l+JWuPf/JbZSzw2lSrTVme
Cu87Ujg6zAbOkvNzJvS2vbYtv7zLo8JDY+9otrduNmYjqS/ScQcjDHTVASupPJLD
F39tpyz/HK9qggpt+IelsdNITxUwS7EAQeMB/f9d7c+40kwIC+nO/ii1ShgqGx4u
IJO/u/nf25JBRM1OIIuvy7qVi85VJ21qVrPlSQfW4oaVewX4y7beVL5DB+ujFe1z
Qsy8U9CgIhPROlyPm8WxeBhROuQsOOgXWj+A5MbPXdFv1MawDwXosBPBgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASVbL1ebdQwdCyJamItYBwy6o4vMB8GA1UdIwQY
MBaAFLEMPPPcU8pUnAPk9fRtkc6QuOBwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMt
MzZmODJiZDM3OWJkLzEvQkpWc3ZWNXQxREIwTElscVlpMWdIRExxamk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8yNWNkYjQtZTUwOC00YjM3LTgxYmMtMzZmODJiZDM3OWJk
LzEvc1F3ODg5eFR5bFNjQS1UMTlHMlJ6cEM0NEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2aj3MA0G
CSqGSIb3DQEBCwUAA4IBAQAas5et35UJF2TTRkjWzgAzr+FbzZOSmY8Brdg8DZ3R
xVnbJAbXHhgd2DDvc62xuoU1A13MXmyk7eQT61hXrQYRfjewE1DTe3zMvpPA338N
d5TDyNd4JyZoHVWmLfkbr4JYHh7Ref/qA+nPOq3tHnBSA5WbOX+KGT5kDS7VeGd3
2jc6Pzg3QwbjGDwkjzKATc75FVDxUdlhR9mwg2wtU8gPv+sq5OpVSR5+3fEAYWq7
rX55HMWBy3614cSzTGFO+JOSXsk0Hi2zArBSDEe/hEQAeu8zT8efYz+rF4yGV/Hw
VuXTqvbvezrycByBLA995mTI/yov3YjOIcTDkJgYFm1M
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:25:41 2025 by rpki-client