Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/VxW05ryU3sstfRye0AjrAnyIOmY.roa
File: VxW05ryU3sstfRye0AjrAnyIOmY.roa (raw, json)
Hash identifier: RjkpQpu+1YZpIjdu0ImHBDU/8w5nxKz2MXiTJodYQuw=
Subject key identifier: 57:15:B4:E6:BC:94:DE:CB:2D:7D:1C:9E:D0:08:EB:02:7C:88:3A:66
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 018EF1AFFB1104E3721204348BEE5C2F41F1
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/VxW05ryU3sstfRye0AjrAnyIOmY.roa
Signing time: Thu 18 Apr 2024 14:50:25 +0000
ROA not before: Thu 18 Apr 2024 14:50:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15596
IP address blocks: 31.42.119.0/24 maxlen: 24
31.42.120.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f1:af:fb:11:04:e3:72:12:04:34:8b:ee:5c:2f:41:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Apr 18 14:50:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5715b4e6bc94decb2d7d1c9ed008eb027c883a66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:e2:26:33:10:99:5b:ef:2f:90:d5:45:59:7f:
5a:72:61:d0:4f:bd:bd:c2:65:a0:c3:fa:48:f6:59:
82:80:1f:66:41:52:13:a7:3b:6b:04:b9:4b:0e:28:
85:fb:d6:29:ba:85:1c:8a:89:65:7f:94:ea:d5:e3:
3b:54:2e:4b:e8:b2:ba:92:39:4a:77:f5:81:30:4e:
79:7e:5e:78:09:44:a6:22:36:bd:c6:6a:2a:95:b2:
b9:45:ea:dd:dc:f4:97:bb:1f:bf:4c:e3:34:5d:69:
12:9b:fa:f6:9e:23:2c:b8:5b:66:22:11:d4:fa:e1:
39:a2:75:6a:7c:c4:3d:7a:23:4b:a3:90:4b:03:47:
d4:e7:2b:97:e7:b1:91:02:2e:e2:15:0f:4d:66:a4:
1f:36:c5:8e:3c:5a:2a:e3:96:e2:f1:a2:84:db:55:
73:e8:46:3e:ab:aa:7f:16:fd:a3:f3:74:b1:4b:e6:
7f:f1:1c:bc:d5:a8:ce:5c:aa:04:ee:b3:2e:2b:3b:
96:b0:d9:3f:65:5d:91:60:6d:8c:18:a9:ad:a7:9f:
bc:ae:06:fe:cf:3a:1a:7c:6b:de:e4:0a:72:64:04:
88:9b:66:1c:fd:e6:9d:54:f3:9c:3d:33:85:40:de:
ca:5f:4c:21:fd:f0:b7:e6:ae:d5:6a:17:b4:98:be:
57:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:15:B4:E6:BC:94:DE:CB:2D:7D:1C:9E:D0:08:EB:02:7C:88:3A:66
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/VxW05ryU3sstfRye0AjrAnyIOmY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.119.0-31.42.123.255
Signature Algorithm: sha256WithRSAEncryption
67:9c:8e:ce:ce:18:0e:0f:54:b1:51:15:e8:00:93:50:30:55:
ff:b4:80:85:40:86:a3:5c:ac:7e:ec:32:e4:f9:7c:28:2f:37:
4b:9c:b6:f0:5a:9b:f2:e5:0c:62:49:37:02:f7:0c:27:a9:90:
f7:65:ac:68:cc:54:2e:77:e0:e1:d4:b9:a6:9f:b9:39:98:05:
d8:6d:04:7e:b9:ff:b9:f7:68:c9:af:b8:9e:4d:22:68:0e:09:
d8:d7:07:8f:27:70:d5:68:47:c0:e9:2e:9d:b4:a6:b8:c3:7b:
ee:cd:d5:ab:af:ec:46:62:4c:cd:a2:c3:ba:ba:99:17:11:fd:
40:dd:52:fb:e8:18:1c:52:c9:74:2d:3b:b3:fc:8a:8a:fb:f5:
2e:98:2f:ff:dc:5c:5a:7d:f9:dd:ca:6c:b6:3d:64:a4:c5:32:
1c:62:df:84:cb:b4:ec:06:d8:1e:e2:01:48:4e:ed:7f:ee:da:
46:a2:c9:b0:d1:3b:5c:89:65:09:bf:37:ea:ea:97:c9:ab:13:
a5:6e:5e:16:4a:25:1b:d1:b4:64:29:c0:b8:c7:fb:67:6c:5a:
c6:49:ec:a1:f3:d8:86:55:91:1d:ec:d5:bb:c7:20:c6:54:78:
c2:a1:86:3a:03:89:82:5d:d7:80:a3:f9:d7:55:4e:fe:63:9f:
8b:d2:0b:f2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY7xr/sRBONyEgQ0i+5cL0HxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjQwNDE4MTQ1MDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE1YjRlNmJjOTRkZWNiMmQ3ZDFjOWVkMDA4ZWIwMjdjODgzYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOImMxCZW+8vkNVFWX9acmHQT729
wmWgw/pI9lmCgB9mQVITpztrBLlLDiiF+9YpuoUciollf5Tq1eM7VC5L6LK6kjlK
d/WBME55fl54CUSmIja9xmoqlbK5Rerd3PSXux+/TOM0XWkSm/r2niMsuFtmIhHU
+uE5onVqfMQ9eiNLo5BLA0fU5yuX57GRAi7iFQ9NZqQfNsWOPFoq45bi8aKE21Vz
6EY+q6p/Fv2j83SxS+Z/8Ry81ajOXKoE7rMuKzuWsNk/ZV2RYG2MGKmtp5+8rgb+
zzoafGve5ApyZASIm2Yc/eadVPOcPTOFQN7KX0wh/fC35q7Vahe0mL5XnQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFcVtOa8lN7LLX0cntAI6wJ8iDpmMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvVnhXMDVyeVUzc3N0ZlJ5ZTBBanJBbnlJT21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAfKncD
BAIfKngwDQYJKoZIhvcNAQELBQADggEBAGecjs7OGA4PVLFRFegAk1AwVf+0gIVA
hqNcrH7sMuT5fCgvN0uctvBam/LlDGJJNwL3DCepkPdlrGjMVC534OHUuaafuTmY
BdhtBH65/7n3aMmvuJ5NImgOCdjXB48ncNVoR8DpLp20prjDe+7N1auv7EZiTM2i
w7q6mRcR/UDdUvvoGBxSyXQtO7P8ior79S6YL//cXFp9+d3KbLY9ZKTFMhxi34TL
tOwG2B7iAUhO7X/u2kaiybDRO1yJZQm/N+rql8mrE6VuXhZKJRvRtGQpwLjH+2ds
WsZJ7KHz2IZVkR3s1bvHIMZUeMKhhjoDiYJd14Cj+ddVTv5jn4vSC/I=
-----END CERTIFICATE-----
Generated at Wed Apr 30 05:44:34 2025 by rpki-client