Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/4VLVut-d0YDneLyjKn4zWJU0ELc.roa
File: 4VLVut-d0YDneLyjKn4zWJU0ELc.roa (raw, json)
Hash identifier: wPaowr9tRROB7IK9smhfk0/FGyqcmna4HQP7MKofYyk=
Subject key identifier: E1:52:D5:BA:DF:9D:D1:80:E7:78:BC:A3:2A:7E:33:58:95:34:10:B7
Certificate issuer: /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial: 018635DD06D0BBE581DA45B9EA355243F02F
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/4VLVut-d0YDneLyjKn4zWJU0ELc.roa
Signing time: Thu 09 Feb 2023 11:08:42 +0000
ROA not before: Thu 09 Feb 2023 11:08:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59956
IP address blocks: 176.117.80.0/22 maxlen: 22
176.117.84.0/22 maxlen: 22
176.117.88.0/22 maxlen: 22
176.117.92.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:35:dd:06:d0:bb:e5:81:da:45:b9:ea:35:52:43:f0:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Validity
Not Before: Feb 9 11:08:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e152d5badf9dd180e778bca32a7e3358953410b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:49:dd:c5:59:c7:52:1b:76:0e:86:a7:4d:06:
c7:40:2c:62:fe:36:b2:6a:05:a1:9f:7c:6c:d7:14:
31:36:0e:8f:0c:b0:a6:62:81:c4:ca:99:48:09:34:
31:07:8f:a6:f8:8f:45:f4:c9:86:49:cd:ed:74:d9:
1c:f0:d5:41:47:3c:21:c5:f2:37:e2:2a:bb:70:44:
3e:d2:a1:fd:22:0a:5d:27:cc:e2:7b:cb:ee:87:a1:
5b:d8:3f:cb:03:73:65:70:a7:a6:b8:4a:4e:af:3f:
61:01:1e:ba:1b:cc:12:08:ff:79:c6:16:ce:ea:a4:
1b:35:11:a4:cd:ff:45:0e:5f:17:73:46:7c:f9:74:
33:b5:99:43:4a:17:20:e4:a2:7a:37:8a:d4:1b:f8:
c2:25:f6:81:b2:05:50:e5:1d:3d:0e:cd:d8:a0:06:
a9:2b:0e:f7:3d:9e:79:e5:58:97:c5:cd:84:dd:64:
ef:c5:03:62:13:5c:70:be:70:79:08:f6:77:af:ad:
c2:53:c3:e4:0c:50:29:ee:ec:7d:67:67:d2:27:66:
fd:14:9e:86:a9:78:a8:10:3c:ce:34:a4:17:16:d5:
de:3a:c4:41:ae:a6:ff:53:27:3f:a5:49:8d:9c:98:
29:3f:a8:ab:10:16:24:b8:75:c4:85:02:32:6e:af:
4a:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:52:D5:BA:DF:9D:D1:80:E7:78:BC:A3:2A:7E:33:58:95:34:10:B7
X509v3 Authority Key Identifier:
keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/4VLVut-d0YDneLyjKn4zWJU0ELc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.117.80.0/20
Signature Algorithm: sha256WithRSAEncryption
9d:db:93:08:a1:b5:bd:e1:4b:55:f0:d4:ba:55:9e:7d:2c:26:
36:f0:d4:b1:6d:7b:97:cd:34:06:b3:ad:53:3a:e0:f7:7a:67:
29:ed:ef:ed:4b:ce:29:ce:26:56:78:25:f2:d2:7e:04:6d:a5:
87:db:26:e2:fc:bf:43:dd:d9:32:17:da:7c:01:9d:60:d5:ed:
b3:e6:2e:ce:86:a5:ae:2d:bb:a2:54:34:f9:00:fa:6d:91:04:
34:19:11:1a:55:18:84:a9:47:0a:86:34:d5:a0:b3:95:81:71:
23:b9:db:2a:0f:0e:06:a0:31:2c:88:ef:13:50:af:6d:a0:27:
11:5e:44:4d:75:ac:f8:fa:5f:de:4f:66:5b:87:3e:04:6d:71:
40:77:4d:e2:e3:00:58:46:a8:f3:63:a4:7a:e9:7b:85:ef:05:
5b:a2:ae:be:dc:1f:bb:8d:ab:06:36:ee:20:94:07:6d:7a:de:
b0:ae:8f:63:81:7d:65:e7:60:7d:71:b7:54:c2:4a:36:60:01:
52:6c:5c:b8:35:e0:88:bf:e1:fb:e2:cf:8a:d2:f6:69:82:47:
4c:89:21:e0:ac:f6:45:8f:0a:79:65:bf:da:be:0d:56:35:c8:
34:40:83:5f:ca:17:8f:5e:fe:30:9c:eb:60:bd:62:3b:09:e7:
42:e3:4e:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYY13QbQu+WB2kW56jVSQ/AvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjMwMjA5MTEwODQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTUyZDViYWRmOWRkMTgwZTc3OGJjYTMyYTdlMzM1ODk1MzQxMGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkndxVnHUht2DoanTQbHQCxi/jay
agWhn3xs1xQxNg6PDLCmYoHEyplICTQxB4+m+I9F9MmGSc3tdNkc8NVBRzwhxfI3
4iq7cEQ+0qH9IgpdJ8zie8vuh6Fb2D/LA3NlcKemuEpOrz9hAR66G8wSCP95xhbO
6qQbNRGkzf9FDl8Xc0Z8+XQztZlDShcg5KJ6N4rUG/jCJfaBsgVQ5R09Ds3YoAap
Kw73PZ555ViXxc2E3WTvxQNiE1xwvnB5CPZ3r63CU8PkDFAp7ux9Z2fSJ2b9FJ6G
qXioEDzONKQXFtXeOsRBrqb/Uyc/pUmNnJgpP6irEBYkuHXEhQIybq9KyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFS1brfndGA53i8oyp+M1iVNBC3MB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvNFZMVnV0LWQwWURuZUx5aktuNHpXSlUwRUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEsHVQMA0G
CSqGSIb3DQEBCwUAA4IBAQCd25MIobW94UtV8NS6VZ59LCY28NSxbXuXzTQGs61T
OuD3emcp7e/tS84pziZWeCXy0n4EbaWH2ybi/L9D3dkyF9p8AZ1g1e2z5i7OhqWu
LbuiVDT5APptkQQ0GREaVRiEqUcKhjTVoLOVgXEjudsqDw4GoDEsiO8TUK9toCcR
XkRNdaz4+l/eT2Zbhz4EbXFAd03i4wBYRqjzY6R66XuF7wVboq6+3B+7jasGNu4g
lAdtet6wro9jgX1l52B9cbdUwko2YAFSbFy4NeCIv+H74s+K0vZpgkdMiSHgrPZF
jwp5Zb/avg1WNcg0QINfyhePXv4wnOtgvWI7CedC405P
-----END CERTIFICATE-----
Generated at Sun Apr 27 13:12:06 2025 by rpki-client