Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/cysD1zDG3O3bTXxRokY3d2npibY.roa
File: cysD1zDG3O3bTXxRokY3d2npibY.roa (raw, json)
Hash identifier: LC/hc77vcdfg/kvm3Bv9KgBodr7sUw/Bq49bqhqP54A=
Subject key identifier: 73:2B:03:D7:30:C6:DC:ED:DB:4D:7C:51:A2:46:37:77:69:E9:89:B6
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 01856CF8812837B1B111AEA2135911B97E71
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/cysD1zDG3O3bTXxRokY3d2npibY.roa
Signing time: Sun 01 Jan 2023 10:55:03 +0000
ROA not before: Sun 01 Jan 2023 10:55:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202349
IP address blocks: 2.56.87.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:f8:81:28:37:b1:b1:11:ae:a2:13:59:11:b9:7e:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Jan 1 10:55:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=732b03d730c6dceddb4d7c51a246377769e989b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:6f:e5:9c:3c:6f:3f:d6:1f:02:a8:65:0d:97:
1d:1b:20:1a:0c:db:fa:cf:69:4c:9c:4f:ad:73:3f:
c2:fd:54:e3:d7:e2:49:5a:44:84:d9:5b:a4:ca:b1:
fb:03:96:23:3f:bf:d4:27:ca:f9:6a:aa:d3:0b:4f:
d4:4d:9d:cd:27:c0:64:4e:0e:26:0d:42:ca:f3:80:
2b:59:3a:15:49:da:a9:a4:fd:5e:3e:10:9c:42:ec:
bb:5b:b9:ec:78:ae:b2:92:8d:5c:c1:d9:f0:18:ce:
44:4b:97:f5:d7:1d:ed:3e:83:f1:91:c5:0e:c6:c2:
da:c3:4b:85:54:4e:65:30:ba:e6:49:50:3a:2b:c9:
65:df:80:97:31:a1:e1:4e:71:d6:03:b5:e6:75:b9:
3d:42:a0:f5:a6:10:1a:da:15:78:24:00:f9:52:7e:
da:9d:fa:82:d6:51:7f:54:5d:7e:2a:12:f2:05:c9:
ee:6e:85:b5:eb:53:d1:ee:63:c6:8c:ae:6d:79:58:
00:f4:c3:c0:94:a9:69:d2:fe:43:1c:7e:a9:0d:50:
94:dc:cd:0e:f5:63:6f:9a:ee:41:c0:8f:b4:9d:6e:
67:91:55:0b:0b:25:35:24:bf:64:77:fd:09:78:75:
8e:8d:dc:92:64:f2:05:14:a6:f9:d0:61:9e:a9:4e:
79:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:2B:03:D7:30:C6:DC:ED:DB:4D:7C:51:A2:46:37:77:69:E9:89:B6
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/cysD1zDG3O3bTXxRokY3d2npibY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.87.0/24
Signature Algorithm: sha256WithRSAEncryption
53:73:d4:ca:47:37:a2:80:44:8d:cb:b9:a6:a8:5e:66:38:72:
95:29:da:a8:c2:66:56:c0:e3:f8:ae:97:91:ad:4f:fe:ad:64:
89:d6:3f:59:05:9b:69:bf:18:64:37:05:fe:60:11:57:b0:e6:
26:ef:6b:77:a5:55:df:48:42:ec:05:89:6b:62:c1:7a:94:f6:
4c:af:be:14:2d:ab:f9:29:fa:e2:6e:ff:f2:f8:dd:22:c2:46:
3a:19:85:15:4f:94:fe:69:f9:c4:11:fd:f6:e9:07:a2:72:a1:
9a:52:29:d4:fd:29:1b:39:d3:c9:a0:27:08:8a:7c:24:68:a2:
32:92:4c:11:6c:05:39:45:27:83:1b:86:82:25:bc:39:ce:90:
8e:04:75:5a:21:61:af:a9:e1:8e:71:7b:23:38:0f:63:41:23:
78:09:cc:a5:e7:05:ad:49:d0:c6:1f:8a:dc:01:a2:d5:12:4f:
67:d1:ee:dc:b2:68:27:61:a7:d0:5a:28:5e:88:04:d2:de:41:
6b:2a:fa:d8:a4:af:09:82:96:d2:bb:21:4d:bb:16:66:92:7f:
48:49:f2:d0:31:61:45:b4:98:10:e5:68:55:ee:a7:56:d8:04:
c6:31:15:96:67:44:10:7e:65:52:88:e0:a6:9a:31:db:0d:08:
c3:96:b6:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs+IEoN7GxEa6iE1kRuX5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjMwMTAxMTA1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzJiMDNkNzMwYzZkY2VkZGI0ZDdjNTFhMjQ2Mzc3NzY5ZTk4OWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02/lnDxvP9YfAqhlDZcdGyAaDNv6
z2lMnE+tcz/C/VTj1+JJWkSE2VukyrH7A5YjP7/UJ8r5aqrTC0/UTZ3NJ8BkTg4m
DULK84ArWToVSdqppP1ePhCcQuy7W7nseK6yko1cwdnwGM5ES5f11x3tPoPxkcUO
xsLaw0uFVE5lMLrmSVA6K8ll34CXMaHhTnHWA7Xmdbk9QqD1phAa2hV4JAD5Un7a
nfqC1lF/VF1+KhLyBcnuboW161PR7mPGjK5teVgA9MPAlKlp0v5DHH6pDVCU3M0O
9WNvmu5BwI+0nW5nkVULCyU1JL9kd/0JeHWOjdySZPIFFKb50GGeqU55YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMrA9cwxtzt2018UaJGN3dp6Ym2MB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvY3lzRDF6REczTzNiVFh4Um9rWTNkMm5waWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhXMA0G
CSqGSIb3DQEBCwUAA4IBAQBTc9TKRzeigESNy7mmqF5mOHKVKdqowmZWwOP4rpeR
rU/+rWSJ1j9ZBZtpvxhkNwX+YBFXsOYm72t3pVXfSELsBYlrYsF6lPZMr74ULav5
Kfribv/y+N0iwkY6GYUVT5T+afnEEf326QeicqGaUinU/SkbOdPJoCcIinwkaKIy
kkwRbAU5RSeDG4aCJbw5zpCOBHVaIWGvqeGOcXsjOA9jQSN4Ccyl5wWtSdDGH4rc
AaLVEk9n0e7csmgnYafQWiheiATS3kFrKvrYpK8JgpbSuyFNuxZmkn9ISfLQMWFF
tJgQ5WhV7qdW2ATGMRWWZ0QQfmVSiOCmmjHbDQjDlra4
-----END CERTIFICATE-----
Generated at Sun Apr 27 15:05:05 2025 by rpki-client