Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/2AFO1YD1yGiyRYl0DS6rrjSsZTo.roa
File: 2AFO1YD1yGiyRYl0DS6rrjSsZTo.roa (raw, json)
Hash identifier: vi25eLvoCTHWWw+l7mrKJ/hI4Ni1Tm6/BQ5Dk/gi/Zs=
Subject key identifier: D8:01:4E:D5:80:F5:C8:68:B2:45:89:74:0D:2E:AB:AE:34:AC:65:3A
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 01874634707771B800229D7138B72E8C57DF
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/2AFO1YD1yGiyRYl0DS6rrjSsZTo.roa
Signing time: Mon 03 Apr 2023 08:20:54 +0000
ROA not before: Mon 03 Apr 2023 08:20:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207883
IP address blocks: 176.114.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:46:34:70:77:71:b8:00:22:9d:71:38:b7:2e:8c:57:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Apr 3 08:20:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d8014ed580f5c868b24589740d2eabae34ac653a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:6f:da:b9:4b:d2:3c:b9:63:d2:e5:00:29:84:
6c:02:27:6f:31:7b:eb:6f:ec:2e:10:13:50:b5:0f:
7e:07:6c:78:1f:21:63:c3:80:e3:7f:0b:5d:63:d5:
63:06:a5:3e:5c:bd:a1:88:f5:ad:ec:b8:bc:91:a4:
43:fb:b4:3f:ce:67:68:7a:50:5d:ec:bb:cf:60:fb:
ec:db:c4:2a:fd:b8:54:90:d9:06:2a:72:85:ec:64:
f0:5a:be:0c:bf:a4:89:4e:f4:68:2a:31:95:fa:cc:
3f:f6:51:cb:86:d2:92:28:d8:81:64:29:0a:80:a6:
6c:b2:dc:fa:35:bd:c3:12:80:d2:7b:63:f3:e3:93:
e0:6c:7f:99:87:98:03:36:53:94:57:ce:55:4d:7e:
7c:1a:0c:88:73:53:46:66:f8:16:66:d9:f6:e0:3a:
bd:c1:4d:a2:2c:28:ea:d9:c6:83:26:74:41:76:f5:
7b:31:c7:28:14:8d:73:2b:6d:73:31:4e:e9:1b:b6:
11:ae:00:76:de:8e:da:ea:37:3e:b4:8b:d8:37:d9:
16:3c:c0:05:88:c4:e8:84:00:2f:09:5d:2f:a9:c1:
3a:ba:26:e9:0a:37:9c:6c:62:98:53:c6:69:2d:91:
fa:d7:51:58:b8:88:ac:cb:aa:2a:07:7f:27:c8:05:
26:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:01:4E:D5:80:F5:C8:68:B2:45:89:74:0D:2E:AB:AE:34:AC:65:3A
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/2AFO1YD1yGiyRYl0DS6rrjSsZTo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.88.0/22
Signature Algorithm: sha256WithRSAEncryption
bf:eb:70:45:e9:be:00:9c:4e:af:60:eb:24:07:59:70:23:4b:
f8:19:cb:5e:28:98:0a:d3:b2:d8:2d:09:b1:36:38:fa:9f:12:
b1:b4:ce:85:79:dd:2d:2d:f8:1b:d0:25:8e:59:9b:6f:6d:e7:
49:c2:3e:cd:d3:88:a0:64:59:05:1e:04:b2:af:23:9b:19:41:
f2:fa:2f:c3:63:18:cd:79:7c:60:b4:46:cc:26:9c:32:b8:95:
07:53:fd:e2:45:2c:50:e3:dc:4b:56:9a:73:ff:63:76:7a:13:
35:62:22:b2:6c:cc:b1:ed:40:cb:9e:e0:07:b5:28:86:16:68:
ce:53:c6:50:86:80:cc:8a:34:f7:c5:7a:9c:45:e4:52:4d:48:
8a:8e:2e:82:7a:04:9c:59:e4:a9:c0:7f:65:eb:4b:5f:24:35:
1f:a3:46:90:e5:e0:84:da:3c:a5:2b:e9:98:ed:69:57:e7:10:
4f:e8:ba:0f:c2:84:6f:c3:f1:ee:8d:0d:0c:ab:4d:86:11:31:
67:05:3d:4a:00:4e:7c:36:54:f3:3a:b3:ef:f1:b4:15:ef:04:
e6:87:8a:b6:8c:4b:0a:18:ac:56:72:7b:c4:bd:20:32:9c:c7:
ce:b1:a2:a0:e2:0a:6f:31:81:83:c1:2a:fc:8b:73:58:ae:3d:
c9:12:ff:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdGNHB3cbgAIp1xOLcujFffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwNDAzMDgyMDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODAxNGVkNTgwZjVjODY4YjI0NTg5NzQwZDJlYWJhZTM0YWM2NTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjG/auUvSPLlj0uUAKYRsAidvMXvr
b+wuEBNQtQ9+B2x4HyFjw4DjfwtdY9VjBqU+XL2hiPWt7Li8kaRD+7Q/zmdoelBd
7LvPYPvs28Qq/bhUkNkGKnKF7GTwWr4Mv6SJTvRoKjGV+sw/9lHLhtKSKNiBZCkK
gKZsstz6Nb3DEoDSe2Pz45PgbH+Zh5gDNlOUV85VTX58GgyIc1NGZvgWZtn24Dq9
wU2iLCjq2caDJnRBdvV7MccoFI1zK21zMU7pG7YRrgB23o7a6jc+tIvYN9kWPMAF
iMTohAAvCV0vqcE6uibpCjecbGKYU8ZpLZH611FYuIisy6oqB38nyAUmsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgBTtWA9choskWJdA0uq640rGU6MB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvMkFGTzFZRDF5R2l5UllsMERTNnJyalNzWlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHJYMA0G
CSqGSIb3DQEBCwUAA4IBAQC/63BF6b4AnE6vYOskB1lwI0v4GcteKJgK07LYLQmx
Njj6nxKxtM6Fed0tLfgb0CWOWZtvbedJwj7N04igZFkFHgSyryObGUHy+i/DYxjN
eXxgtEbMJpwyuJUHU/3iRSxQ49xLVppz/2N2ehM1YiKybMyx7UDLnuAHtSiGFmjO
U8ZQhoDMijT3xXqcReRSTUiKji6CegScWeSpwH9l60tfJDUfo0aQ5eCE2jylK+mY
7WlX5xBP6LoPwoRvw/HujQ0Mq02GETFnBT1KAE58NlTzOrPv8bQV7wTmh4q2jEsK
GKxWcnvEvSAynMfOsaKg4gpvMYGDwSr8i3NYrj3JEv++
-----END CERTIFICATE-----
Generated at Mon Apr 28 00:55:12 2025 by rpki-client