Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/X6ytfFn_uOFg7_3l9oTkKF5hE6o.roa
File: X6ytfFn_uOFg7_3l9oTkKF5hE6o.roa (raw, json)
Hash identifier: 1NlkPN71466qdjbsGdAj1U1bZpVsQwZ8Jij9QRkoIf0=
Subject key identifier: 5F:AC:AD:7C:59:FF:B8:E1:60:EF:FD:E5:F6:84:E4:28:5E:61:13:AA
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018D9715A87E77D614E5C515DE5105D17844
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/X6ytfFn_uOFg7_3l9oTkKF5hE6o.roa
Signing time: Sun 11 Feb 2024 07:33:15 +0000
ROA not before: Sun 11 Feb 2024 07:33:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204203
IP address blocks: 31.56.174.0/24 maxlen: 24
217.60.254.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:97:15:a8:7e:77:d6:14:e5:c5:15:de:51:05:d1:78:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Feb 11 07:33:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5facad7c59ffb8e160effde5f684e4285e6113aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:bb:7d:04:00:8b:fb:65:14:80:27:f0:f1:83:
20:8b:c2:35:34:8f:63:26:24:40:87:67:17:70:9b:
03:e2:b9:0e:64:47:eb:f4:7a:5f:bc:11:99:71:66:
25:ed:17:7c:5a:df:a4:c7:a4:5f:6a:89:c3:92:fa:
e7:2c:fd:50:2d:51:43:ce:b2:bc:0a:e5:a9:a3:49:
aa:77:ba:b5:f1:89:bc:b0:5c:97:95:30:36:a5:66:
70:ae:22:fc:d2:52:e9:13:3b:97:32:b6:77:fe:d8:
25:c1:b0:d4:70:23:bc:9c:52:a5:72:d3:31:42:18:
a5:0c:10:af:bc:b0:0e:03:f9:c0:f1:ae:3f:f8:2b:
47:8a:b1:39:a9:7c:23:75:f7:b9:82:42:ea:d3:54:
83:4d:8d:52:89:57:9d:6f:59:c1:ff:e2:ed:43:d4:
ba:f6:2b:c8:aa:5e:d7:ea:f5:1e:ac:ba:ae:11:d9:
c6:57:5b:c0:ec:17:7e:8c:c6:91:99:9c:cd:0b:0e:
15:63:d8:75:e2:e6:a4:a5:4a:f8:d4:43:b2:9c:b1:
24:72:cb:30:ac:a8:af:8f:5b:5d:21:ad:7d:6d:f6:
cf:8e:0b:96:d1:89:b2:0f:a0:aa:07:25:c8:b0:d7:
96:79:99:24:ad:c6:ee:47:b8:39:6c:97:5e:c4:a1:
89:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:AC:AD:7C:59:FF:B8:E1:60:EF:FD:E5:F6:84:E4:28:5E:61:13:AA
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/X6ytfFn_uOFg7_3l9oTkKF5hE6o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.174.0/24
217.60.254.0/23
Signature Algorithm: sha256WithRSAEncryption
73:b6:b1:95:18:7c:c9:bc:c7:4f:66:2f:47:22:ee:aa:c7:0b:
d5:5b:c9:33:3e:b9:8c:2b:74:ec:2a:ce:15:e6:c4:3e:71:0a:
16:d2:2a:fc:5c:20:8a:dc:09:13:e5:77:eb:a4:dd:57:0e:fe:
6c:d9:9a:f4:b2:98:cd:a7:81:a8:36:3f:a8:4c:af:09:34:10:
58:37:34:75:36:db:d4:c6:65:02:7b:5f:47:a1:fd:8d:a2:64:
2b:a4:c8:9e:7a:64:4a:6e:b2:6c:e3:50:32:02:2b:c7:84:df:
af:f2:0f:cb:a3:37:16:24:f8:9c:de:35:12:3d:33:1d:fd:cc:
a4:8f:48:0e:76:06:4d:90:d4:d3:10:0c:c8:1b:47:8c:24:ff:
bd:ac:8a:4a:0c:db:c6:e1:43:27:0e:85:ef:c0:85:42:9c:e4:
3c:e3:26:b3:9b:18:11:c4:69:bb:4c:93:2d:12:7b:0d:6d:55:
70:c4:86:10:46:04:97:49:f8:d8:4e:53:d5:a1:b3:d5:02:3f:
4a:74:20:ee:9a:8b:98:dd:fe:00:ac:53:a5:db:da:0b:10:40:
2e:66:34:1a:e5:93:60:52:0f:77:f2:5d:61:9a:a0:87:6a:9b:
00:1e:a5:02:98:1f:3f:c3:c3:1b:db:5e:0c:a8:82:e9:bc:3b:
8b:0e:b2:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2XFah+d9YU5cUV3lEF0XhEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwMjExMDczMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmFjYWQ3YzU5ZmZiOGUxNjBlZmZkZTVmNjg0ZTQyODVlNjExM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7t9BACL+2UUgCfw8YMgi8I1NI9j
JiRAh2cXcJsD4rkOZEfr9HpfvBGZcWYl7Rd8Wt+kx6RfaonDkvrnLP1QLVFDzrK8
CuWpo0mqd7q18Ym8sFyXlTA2pWZwriL80lLpEzuXMrZ3/tglwbDUcCO8nFKlctMx
QhilDBCvvLAOA/nA8a4/+CtHirE5qXwjdfe5gkLq01SDTY1SiVedb1nB/+LtQ9S6
9ivIql7X6vUerLquEdnGV1vA7Bd+jMaRmZzNCw4VY9h14uakpUr41EOynLEkcssw
rKivj1tdIa19bfbPjguW0YmyD6CqByXIsNeWeZkkrcbuR7g5bJdexKGJNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+srXxZ/7jhYO/95faE5CheYROqMB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvWDZ5dGZGbl91T0ZnN18zbDlvVGtLRjVoRTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHziuAwQB
2Tz+MA0GCSqGSIb3DQEBCwUAA4IBAQBztrGVGHzJvMdPZi9HIu6qxwvVW8kzPrmM
K3TsKs4V5sQ+cQoW0ir8XCCK3AkT5XfrpN1XDv5s2Zr0spjNp4GoNj+oTK8JNBBY
NzR1NtvUxmUCe19Hof2NomQrpMieemRKbrJs41AyAivHhN+v8g/LozcWJPic3jUS
PTMd/cykj0gOdgZNkNTTEAzIG0eMJP+9rIpKDNvG4UMnDoXvwIVCnOQ84yazmxgR
xGm7TJMtEnsNbVVwxIYQRgSXSfjYTlPVobPVAj9KdCDumouY3f4ArFOl29oLEEAu
ZjQa5ZNgUg938l1hmqCHapsAHqUCmB8/w8Mb214MqILpvDuLDrL2
-----END CERTIFICATE-----
Generated at Sat May 10 23:04:08 2025 by rpki-client