Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/mVyZQ1AB2gAn7Bd48LBl1soj570.roa
File: mVyZQ1AB2gAn7Bd48LBl1soj570.roa (raw, json)
Hash identifier: 0RlWz7UciKUCXqf/OzBFymzfJ9imnY3y7lYn4Sl0dUA=
Subject key identifier: 99:5C:99:43:50:01:DA:00:27:EC:17:78:F0:B0:65:D6:CA:23:E7:BD
Certificate issuer: /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial: 01906F118981020780287E234CCEF0E9995B
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/mVyZQ1AB2gAn7Bd48LBl1soj570.roa
Signing time: Mon 01 Jul 2024 16:12:18 +0000
ROA not before: Mon 01 Jul 2024 16:12:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43260
IP address blocks: 176.117.84.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:6f:11:89:81:02:07:80:28:7e:23:4c:ce:f0:e9:99:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Validity
Not Before: Jul 1 16:12:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=995c99435001da0027ec1778f0b065d6ca23e7bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:6d:19:a1:29:69:38:70:12:3d:89:7b:7c:7a:
d5:f8:bc:f3:c2:60:b5:83:e7:9c:ad:49:0f:e4:e5:
3a:ab:3d:c3:9a:e6:9f:c5:c6:53:40:99:db:aa:8a:
94:94:ec:46:18:4f:4e:1a:2b:c7:d7:0a:4a:dd:ce:
7e:c0:70:31:93:4f:5c:ae:5c:da:09:40:0e:f2:3b:
b4:a2:cf:0f:e2:2a:24:f9:67:a9:e3:eb:9f:75:7e:
02:80:96:fd:b8:d3:4a:7c:32:b3:66:4b:2e:82:25:
a5:56:32:c9:30:95:5d:53:57:b2:2d:11:6e:5e:0e:
8e:c6:68:77:08:2d:b7:5e:8e:3c:e0:c0:0b:10:10:
20:31:bb:3b:61:7b:f9:fd:5c:3c:d9:70:37:59:53:
16:2c:f1:cf:d5:fd:fc:a6:c8:a2:c0:1e:0f:19:73:
48:e2:a8:8d:80:ab:96:0c:a9:2a:42:90:28:23:bc:
da:56:b0:e3:ed:26:08:15:6b:25:d8:79:b9:a0:10:
3a:ee:91:16:89:51:59:69:fd:34:31:72:56:8d:d5:
04:50:37:e0:4f:6c:3b:b0:12:92:89:b0:b6:f8:77:
e1:90:5d:ea:b9:d7:b4:92:1c:c8:9d:ae:08:ef:2c:
2d:ae:2d:75:61:93:07:a5:f8:8d:01:60:12:b2:7f:
f5:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:5C:99:43:50:01:DA:00:27:EC:17:78:F0:B0:65:D6:CA:23:E7:BD
X509v3 Authority Key Identifier:
keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/mVyZQ1AB2gAn7Bd48LBl1soj570.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.117.84.0/22
Signature Algorithm: sha256WithRSAEncryption
9c:37:56:68:ac:a0:47:54:ff:fd:b0:0b:a5:d7:63:ae:38:90:
1a:73:d3:71:17:a2:24:32:11:6e:ab:d1:ad:b8:97:68:56:8b:
31:60:e4:f1:4f:1e:c0:03:da:3a:1d:cf:2b:54:ab:69:09:62:
d8:9f:87:1f:b3:10:25:97:e1:d3:1f:07:42:36:fd:e4:54:bf:
8c:ec:71:89:1b:09:a0:c6:be:72:7b:41:f6:7d:03:d8:16:95:
7e:54:cc:67:85:6a:c4:9c:94:cf:a8:9e:34:74:cc:2a:82:66:
58:23:47:5b:7e:05:3d:62:0d:12:10:66:db:52:09:cb:8d:74:
8e:d2:31:4e:c1:7a:d1:11:3c:29:48:52:6e:31:31:53:8f:45:
a3:af:32:b4:39:03:06:90:af:2c:0b:9e:9d:18:8e:2b:c8:fc:
0b:4a:a2:24:7f:29:ab:ef:fd:cb:a7:63:70:4d:7b:9f:3e:be:
59:96:d1:33:ac:0f:c3:f8:cd:b5:73:24:fd:f1:61:e8:63:43:
ca:56:69:2c:04:3f:ab:d2:5c:52:aa:7e:aa:26:f5:fd:f9:c1:
de:94:74:80:5c:04:81:e0:b1:0e:38:93:9d:70:a0:87:f2:f7:
d6:d4:7a:8a:44:32:1b:a8:cf:16:ce:4b:8b:73:39:71:c4:03:
34:60:1a:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBvEYmBAgeAKH4jTM7w6ZlbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjQwNzAxMTYxMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTVjOTk0MzUwMDFkYTAwMjdlYzE3NzhmMGIwNjVkNmNhMjNlN2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4m0ZoSlpOHASPYl7fHrV+LzzwmC1
g+ecrUkP5OU6qz3DmuafxcZTQJnbqoqUlOxGGE9OGivH1wpK3c5+wHAxk09crlza
CUAO8ju0os8P4iok+Wep4+ufdX4CgJb9uNNKfDKzZksugiWlVjLJMJVdU1eyLRFu
Xg6Oxmh3CC23Xo484MALEBAgMbs7YXv5/Vw82XA3WVMWLPHP1f38psiiwB4PGXNI
4qiNgKuWDKkqQpAoI7zaVrDj7SYIFWsl2Hm5oBA67pEWiVFZaf00MXJWjdUEUDfg
T2w7sBKSibC2+HfhkF3qude0khzIna4I7ywtri11YZMHpfiNAWASsn/1CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlcmUNQAdoAJ+wXePCwZdbKI+e9MB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvbVZ5WlExQUIyZ0FuN0JkNDhMQmwxc29qNTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHVUMA0G
CSqGSIb3DQEBCwUAA4IBAQCcN1ZorKBHVP/9sAul12OuOJAac9NxF6IkMhFuq9Gt
uJdoVosxYOTxTx7AA9o6Hc8rVKtpCWLYn4cfsxAll+HTHwdCNv3kVL+M7HGJGwmg
xr5ye0H2fQPYFpV+VMxnhWrEnJTPqJ40dMwqgmZYI0dbfgU9Yg0SEGbbUgnLjXSO
0jFOwXrRETwpSFJuMTFTj0WjrzK0OQMGkK8sC56dGI4ryPwLSqIkfymr7/3Lp2Nw
TXufPr5ZltEzrA/D+M21cyT98WHoY0PKVmksBD+r0lxSqn6qJvX9+cHelHSAXASB
4LEOOJOdcKCH8vfW1HqKRDIbqM8WzkuLczlxxAM0YBpc
-----END CERTIFICATE-----
Generated at Sun Apr 27 12:16:42 2025 by rpki-client