Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/MCVnJ9sqPOUtyYG7sKhnY7wKlWc.roa
File: MCVnJ9sqPOUtyYG7sKhnY7wKlWc.roa (raw, json)
Hash identifier: 7g9xkAwpSyLZQhOHlVprpXMKoBGvshWT4rYZkWv7pUY=
Subject key identifier: 30:25:67:27:DB:2A:3C:E5:2D:C9:81:BB:B0:A8:67:63:BC:0A:95:67
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 01862E430CC63B811A80D6ADD33DE790CADB
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/MCVnJ9sqPOUtyYG7sKhnY7wKlWc.roa
Signing time: Tue 07 Feb 2023 23:43:11 +0000
ROA not before: Tue 07 Feb 2023 23:43:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 176.114.88.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:2e:43:0c:c6:3b:81:1a:80:d6:ad:d3:3d:e7:90:ca:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Feb 7 23:43:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=30256727db2a3ce52dc981bbb0a86763bc0a9567
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:4e:ad:f3:2b:3e:3d:b0:c1:d8:b9:10:2a:4c:
45:94:09:e0:25:c2:8c:e5:83:e3:9d:3b:d2:02:eb:
03:be:61:19:45:dc:64:34:29:a1:ab:01:ad:a4:3f:
ca:b6:1f:73:99:1f:d3:d5:ad:c6:3c:07:18:27:39:
dd:c5:a1:e7:f0:6e:86:a5:bf:9a:ab:86:8f:4e:7b:
b8:0c:e6:45:28:9d:26:52:72:74:fd:41:b6:fb:d1:
d8:8c:13:f7:96:5b:34:b3:3c:27:53:cd:b0:0f:a5:
9c:f8:e4:b6:d5:8b:44:fd:b3:08:a0:5c:20:61:0f:
6c:69:0c:86:cf:6c:e2:9a:41:51:d6:a7:61:97:47:
3b:6b:de:48:71:44:35:9a:3f:0d:0a:c1:5d:55:0d:
1c:64:89:eb:26:e0:68:9e:1b:be:24:d2:2d:ae:a8:
33:46:8e:16:84:5f:6b:ca:1e:98:08:70:e3:b1:3a:
96:fa:91:f8:8b:bd:d8:8e:6c:af:e6:00:4f:1b:86:
f1:e8:88:c9:12:2a:4e:79:aa:07:5e:4e:ce:1c:a2:
92:73:58:f7:08:70:5d:36:3e:2f:0b:9c:72:a1:0b:
98:86:f4:d0:87:5c:ad:f4:3c:d6:d1:43:18:61:88:
25:b1:25:94:76:ca:05:dc:69:71:f4:e0:a7:90:92:
f9:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:25:67:27:DB:2A:3C:E5:2D:C9:81:BB:B0:A8:67:63:BC:0A:95:67
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/MCVnJ9sqPOUtyYG7sKhnY7wKlWc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.88.0/22
Signature Algorithm: sha256WithRSAEncryption
05:d5:47:bf:1d:17:1d:0e:00:54:2e:d0:46:4b:de:78:41:22:
35:7e:ba:13:f8:70:32:14:70:65:70:c8:d5:c5:dc:61:10:35:
56:dd:4e:54:18:2b:16:77:12:ac:22:3c:37:65:23:9b:71:8a:
5a:70:ba:08:b9:af:c0:4a:f8:78:d5:5f:4e:87:05:c5:72:1e:
77:8a:0a:6e:b2:f4:5b:c1:ce:4c:ce:85:93:0e:6f:1c:51:9a:
db:ac:86:8d:46:aa:04:f7:85:64:69:a4:65:77:a4:96:56:32:
0f:8d:82:53:8b:6f:c6:a0:88:0c:18:d7:a7:a5:1f:18:16:b9:
40:a1:0e:6f:bf:a3:d6:a5:51:2e:22:ba:d1:92:56:8f:bc:20:
86:94:88:79:bf:2f:ac:08:0e:6a:53:71:79:04:68:48:b4:b8:
7d:c1:2b:e5:50:81:9d:2c:0c:79:26:75:f7:5f:f4:f7:1c:af:
87:c6:1e:b6:b1:46:2d:fe:f1:b1:5d:f9:f0:da:c2:07:b2:ff:
4b:44:f5:5a:2e:d8:b0:a2:8d:5e:cd:7f:cf:ca:4d:fe:c8:5e:
2a:47:3d:90:b6:5f:c1:8e:52:73:50:d8:06:93:f8:65:8c:f2:
7f:5a:ed:66:8e:50:ac:e9:d4:92:96:3e:fd:9c:35:27:2c:2e:
fc:a4:4c:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYYuQwzGO4EagNat0z3nkMrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjMwMjA3MjM0MzExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDI1NjcyN2RiMmEzY2U1MmRjOTgxYmJiMGE4Njc2M2JjMGE5NTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg06t8ys+PbDB2LkQKkxFlAngJcKM
5YPjnTvSAusDvmEZRdxkNCmhqwGtpD/Kth9zmR/T1a3GPAcYJzndxaHn8G6Gpb+a
q4aPTnu4DOZFKJ0mUnJ0/UG2+9HYjBP3lls0szwnU82wD6Wc+OS21YtE/bMIoFwg
YQ9saQyGz2zimkFR1qdhl0c7a95IcUQ1mj8NCsFdVQ0cZInrJuBonhu+JNItrqgz
Ro4WhF9ryh6YCHDjsTqW+pH4i73Yjmyv5gBPG4bx6IjJEipOeaoHXk7OHKKSc1j3
CHBdNj4vC5xyoQuYhvTQh1yt9DzW0UMYYYglsSWUdsoF3Glx9OCnkJL5jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAlZyfbKjzlLcmBu7CoZ2O8CpVnMB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvTUNWbko5c3FQT1V0eVlHN3NLaG5ZN3dLbFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHJYMA0G
CSqGSIb3DQEBCwUAA4IBAQAF1Ue/HRcdDgBULtBGS954QSI1froT+HAyFHBlcMjV
xdxhEDVW3U5UGCsWdxKsIjw3ZSObcYpacLoIua/ASvh41V9OhwXFch53igpusvRb
wc5MzoWTDm8cUZrbrIaNRqoE94VkaaRld6SWVjIPjYJTi2/GoIgMGNenpR8YFrlA
oQ5vv6PWpVEuIrrRklaPvCCGlIh5vy+sCA5qU3F5BGhItLh9wSvlUIGdLAx5JnX3
X/T3HK+Hxh62sUYt/vGxXfnw2sIHsv9LRPVaLtiwoo1ezX/Pyk3+yF4qRz2Qtl/B
jlJzUNgGk/hljPJ/Wu1mjlCs6dSSlj79nDUnLC78pEwa
-----END CERTIFICATE-----
Generated at Mon Apr 28 01:10:34 2025 by rpki-client