Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/r2jiNcmJ5XTmZz4FsjRSWs5Sb0A.roa
File: r2jiNcmJ5XTmZz4FsjRSWs5Sb0A.roa (raw, json)
Hash identifier: CkdcfrWxPpiu2cL2OZCWx5x9X643rJbG7p9pW42LFlc=
Subject key identifier: AF:68:E2:35:C9:89:E5:74:E6:67:3E:05:B2:34:52:5A:CE:52:6F:40
Certificate issuer: /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial: 0185090A61C6DAFC170377878C3FAF3DED3D
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/r2jiNcmJ5XTmZz4FsjRSWs5Sb0A.roa
Signing time: Tue 13 Dec 2022 01:12:33 +0000
ROA not before: Tue 13 Dec 2022 01:12:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202349
IP address blocks: 2.56.87.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:09:0a:61:c6:da:fc:17:03:77:87:8c:3f:af:3d:ed:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Validity
Not Before: Dec 13 01:12:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=af68e235c989e574e6673e05b234525ace526f40
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:be:1f:a2:f1:ad:c9:de:43:5e:03:a6:06:6a:
fd:29:15:ab:59:3f:b0:c5:5a:0c:6b:9d:c6:4f:d0:
a1:ba:5c:e9:56:46:17:0e:16:db:c8:27:67:b6:8b:
11:c4:d1:95:26:03:6a:72:fd:f8:1f:ff:c7:58:ef:
6d:53:2a:c5:ad:5c:3a:ba:26:44:ed:bb:86:e0:64:
e0:c0:92:72:ce:2c:76:66:fe:73:51:ab:74:d3:f4:
e6:11:2a:73:0a:54:a4:de:a5:fc:b8:50:fd:92:49:
f5:ae:63:48:ed:26:35:cc:2f:36:d8:d5:3a:28:c2:
7e:f7:ac:65:33:0b:54:3f:ce:33:6b:e0:ed:12:87:
32:dc:03:a0:97:a7:5f:bd:c4:7c:cf:39:6d:99:32:
b6:f2:df:39:05:54:9f:57:0f:b9:29:ac:9f:92:6f:
08:b0:eb:8a:5d:fb:6d:65:97:f2:5e:01:8e:f3:c2:
1a:2f:d8:4e:2c:3b:47:c2:25:70:8b:a9:32:64:5c:
03:ac:e3:1f:da:a1:96:9d:e9:f9:08:f9:44:f5:7e:
77:cf:f1:6c:f6:27:b9:91:58:36:8d:cb:3d:f2:b4:
d2:5c:2d:da:ca:83:ac:db:18:ac:72:9e:ee:ee:79:
7b:c4:1c:41:fc:e8:4e:d6:5b:e7:6a:83:9f:bb:1a:
b0:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:68:E2:35:C9:89:E5:74:E6:67:3E:05:B2:34:52:5A:CE:52:6F:40
X509v3 Authority Key Identifier:
keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/r2jiNcmJ5XTmZz4FsjRSWs5Sb0A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.87.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:20:b3:d8:d5:ae:35:82:43:2b:6a:79:37:91:34:b3:a5:ba:
fd:fd:b6:66:49:2a:da:eb:a9:4a:ea:30:9d:1d:46:a8:a9:62:
55:35:1a:10:2c:6e:45:ee:d5:22:3f:0d:7e:83:3f:53:22:a0:
9c:f5:c2:57:19:0b:34:35:2b:a1:5f:75:e0:22:2c:10:cf:f5:
dd:cf:49:fc:b4:67:89:7d:cb:85:c3:7a:64:35:4d:21:2d:e0:
fc:1a:a3:38:4e:2a:fc:14:dc:76:78:bd:63:8b:0c:81:27:4c:
af:a3:3b:af:1d:b3:a4:cc:bb:e9:0e:39:81:dd:7a:c1:65:b8:
60:0d:58:fb:7c:60:ac:c4:25:92:aa:a5:3f:5c:b4:bb:c7:f7:
7b:d1:d7:ef:95:7a:fb:3c:df:45:ed:77:0a:a0:84:db:b1:43:
c9:8c:07:dd:a4:37:fd:95:8d:13:f8:af:a3:b4:89:57:01:1c:
4e:2c:30:23:ac:57:19:61:af:24:71:55:6b:d4:e1:dd:da:55:
fd:f1:86:6e:5a:20:9e:72:c0:56:c8:65:05:a0:fd:26:b1:1d:
ce:89:9c:99:d7:ec:00:70:1e:c7:13:f3:5c:77:ee:4a:9a:e9:
79:02:34:4d:57:be:ea:31:1d:4d:1b:c6:bf:3b:1e:5d:4c:67:
0d:7f:75:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYUJCmHG2vwXA3eHjD+vPe09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjIxMjEzMDExMjMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjY4ZTIzNWM5ODllNTc0ZTY2NzNlMDViMjM0NTI1YWNlNTI2ZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhb4fovGtyd5DXgOmBmr9KRWrWT+w
xVoMa53GT9ChulzpVkYXDhbbyCdntosRxNGVJgNqcv34H//HWO9tUyrFrVw6uiZE
7buG4GTgwJJyzix2Zv5zUat00/TmESpzClSk3qX8uFD9kkn1rmNI7SY1zC822NU6
KMJ+96xlMwtUP84za+DtEocy3AOgl6dfvcR8zzltmTK28t85BVSfVw+5Kayfkm8I
sOuKXfttZZfyXgGO88IaL9hOLDtHwiVwi6kyZFwDrOMf2qGWnen5CPlE9X53z/Fs
9ie5kVg2jcs98rTSXC3ayoOs2xiscp7u7nl7xBxB/OhO1lvnaoOfuxqwqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9o4jXJieV05mc+BbI0UlrOUm9AMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvcjJqaU5jbUo1WFRtWno0RnNqUlNXczVTYjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhXMA0G
CSqGSIb3DQEBCwUAA4IBAQArILPY1a41gkMrank3kTSzpbr9/bZmSSra66lK6jCd
HUaoqWJVNRoQLG5F7tUiPw1+gz9TIqCc9cJXGQs0NSuhX3XgIiwQz/Xdz0n8tGeJ
fcuFw3pkNU0hLeD8GqM4Tir8FNx2eL1jiwyBJ0yvozuvHbOkzLvpDjmB3XrBZbhg
DVj7fGCsxCWSqqU/XLS7x/d70dfvlXr7PN9F7XcKoITbsUPJjAfdpDf9lY0T+K+j
tIlXARxOLDAjrFcZYa8kcVVr1OHd2lX98YZuWiCecsBWyGUFoP0msR3OiZyZ1+wA
cB7HE/Ncd+5Kmul5AjRNV77qMR1NG8a/Ox5dTGcNf3XW
-----END CERTIFICATE-----
Generated at Sun Apr 27 22:22:37 2025 by rpki-client