Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/bwWpIWTupz_Pu8GodvImc3KN8TQ.roa
File: bwWpIWTupz_Pu8GodvImc3KN8TQ.roa (raw, json)
Hash identifier: xx+spjDz1wV6uu/uQIfc87d3ZQKbbQGJxzhDaVbzVGY=
Subject key identifier: 6F:05:A9:21:64:EE:A7:3F:CF:BB:C1:A8:76:F2:26:73:72:8D:F1:34
Certificate issuer: /CN=adf491488a7cd8448a420945871c0b99672dc66e
Certificate serial: 018DF3CF0982218DBBFE328FB98033F21485
Authority key identifier: AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/bwWpIWTupz_Pu8GodvImc3KN8TQ.roa
Signing time: Thu 29 Feb 2024 07:40:48 +0000
ROA not before: Thu 29 Feb 2024 07:40:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200436
IP address blocks: 217.60.250.0/24 maxlen: 24
217.60.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f3:cf:09:82:21:8d:bb:fe:32:8f:b9:80:33:f2:14:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=adf491488a7cd8448a420945871c0b99672dc66e
Validity
Not Before: Feb 29 07:40:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6f05a92164eea73fcfbbc1a876f22673728df134
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:ca:cb:7a:eb:76:f7:86:8d:4e:57:94:8f:4d:
fc:87:95:09:46:5f:f9:49:fe:14:fa:37:44:46:71:
83:b2:81:43:27:35:fa:f2:97:ab:f4:7e:2e:61:bc:
99:ae:16:47:86:05:14:e6:a2:b3:04:b3:ce:5c:08:
dc:a8:e9:4b:9e:a1:ac:b1:37:ac:d8:d9:88:01:4d:
f3:43:59:b1:6e:ef:66:a6:e3:dc:f6:27:ed:a6:b2:
37:ac:ed:93:fd:91:dc:fe:a0:ba:0a:88:22:3f:98:
18:d7:30:c5:44:36:6f:f2:da:36:d7:7b:2c:73:f4:
59:a2:05:f7:c5:1f:bf:4c:b8:8c:97:24:95:57:eb:
bd:b5:bd:94:3e:f3:5c:b3:5f:fd:bf:c5:f6:dd:81:
39:c4:45:16:13:48:b8:61:45:95:6b:97:e6:a1:88:
44:3c:8f:f2:24:fb:0b:14:be:e5:7a:75:01:21:54:
3a:a5:80:e1:ad:d6:c1:7f:b9:65:40:90:0c:46:5f:
34:39:f1:0d:0c:c6:0b:b6:5c:18:ae:93:e2:5a:bc:
6c:72:7d:89:12:fa:49:25:07:1a:bc:8e:36:21:73:
2a:92:c9:2e:de:7d:50:dc:e1:3b:02:ad:45:42:c8:
57:95:b9:11:ae:66:47:a6:88:7c:fa:21:2a:81:7c:
f9:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:05:A9:21:64:EE:A7:3F:CF:BB:C1:A8:76:F2:26:73:72:8D:F1:34
X509v3 Authority Key Identifier:
keyid:AD:F4:91:48:8A:7C:D8:44:8A:42:09:45:87:1C:0B:99:67:2D:C6:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rfSRSIp82ESKQglFhxwLmWctxm4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/bwWpIWTupz_Pu8GodvImc3KN8TQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/715d15-2810-4827-8dbd-0bee06126b1a/1/rfSRSIp82ESKQglFhxwLmWctxm4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.60.250.0/24
217.60.253.0/24
Signature Algorithm: sha256WithRSAEncryption
ba:80:ca:24:4c:f0:87:be:8f:fb:e1:e0:62:b9:f6:e4:71:c6:
f7:91:a9:6b:1f:02:5e:f2:12:98:bd:88:c5:7c:fe:98:43:f1:
9c:26:f2:82:9b:69:2a:e9:06:08:10:11:67:04:98:e7:7e:fc:
74:41:55:03:68:d3:38:11:ff:97:53:60:6a:78:cb:a5:54:ba:
3a:d8:ce:17:f2:04:c8:d7:07:a4:04:88:58:93:a0:21:83:c6:
9f:ac:ec:41:dd:85:dd:66:57:ed:f3:6e:e7:6e:a3:02:eb:a1:
1a:b8:85:37:16:d6:53:c3:09:47:df:fe:6d:50:a1:84:da:b7:
17:a6:8b:06:25:1f:0c:17:75:a2:0a:2b:d6:59:70:f0:7b:c2:
20:47:29:1d:e6:d9:91:5e:78:ed:5a:9d:cb:a2:10:b8:ab:e5:
55:52:e2:34:86:8c:f9:a1:fd:9b:ef:4e:ba:4e:ef:bc:35:b9:
15:3b:de:af:55:77:f8:bf:e9:28:31:98:22:3b:be:1f:11:7e:
19:7c:7a:f9:9a:ef:cc:1c:b8:a1:6d:28:fe:f4:4d:0b:12:c5:
0e:a8:6d:c6:6b:2a:ff:d9:ca:4c:a5:75:13:ea:89:34:6b:cc:
7c:c1:d7:b0:52:22:d9:22:8b:97:35:be:84:85:c7:66:12:76:
7c:88:66:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3zzwmCIY27/jKPuYAz8hSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZjQ5MTQ4OGE3Y2Q4NDQ4YTQyMDk0NTg3MWMwYjk5Njcy
ZGM2NmUwHhcNMjQwMjI5MDc0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjA1YTkyMTY0ZWVhNzNmY2ZiYmMxYTg3NmYyMjY3MzcyOGRmMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8rLeut294aNTleUj038h5UJRl/5
Sf4U+jdERnGDsoFDJzX68per9H4uYbyZrhZHhgUU5qKzBLPOXAjcqOlLnqGssTes
2NmIAU3zQ1mxbu9mpuPc9iftprI3rO2T/ZHc/qC6CogiP5gY1zDFRDZv8to213ss
c/RZogX3xR+/TLiMlySVV+u9tb2UPvNcs1/9v8X23YE5xEUWE0i4YUWVa5fmoYhE
PI/yJPsLFL7lenUBIVQ6pYDhrdbBf7llQJAMRl80OfENDMYLtlwYrpPiWrxscn2J
EvpJJQcavI42IXMqksku3n1Q3OE7Aq1FQshXlbkRrmZHpoh8+iEqgXz54wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG8FqSFk7qc/z7vBqHbyJnNyjfE0MB8GA1UdIwQY
MBaAFK30kUiKfNhEikIJRYccC5lnLcZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQt
MGJlZTA2MTI2YjFhLzEvYndXcElXVHVwel9QdThHb2R2SW1jM0tOOFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83MTVkMTUtMjgxMC00ODI3LThkYmQtMGJlZTA2MTI2YjFh
LzEvcmZTUlNJcDgyRVNLUWdsRmh4d0xtV2N0eG00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2Tz6AwQA
2Tz9MA0GCSqGSIb3DQEBCwUAA4IBAQC6gMokTPCHvo/74eBiufbkccb3kalrHwJe
8hKYvYjFfP6YQ/GcJvKCm2kq6QYIEBFnBJjnfvx0QVUDaNM4Ef+XU2BqeMulVLo6
2M4X8gTI1wekBIhYk6Ahg8afrOxB3YXdZlft827nbqMC66EauIU3FtZTwwlH3/5t
UKGE2rcXposGJR8MF3WiCivWWXDwe8IgRykd5tmRXnjtWp3LohC4q+VVUuI0hoz5
of2b7066Tu+8NbkVO96vVXf4v+koMZgiO74fEX4ZfHr5mu/MHLihbSj+9E0LEsUO
qG3Gayr/2cpMpXUT6ok0a8x8wdewUiLZIouXNb6EhcdmEnZ8iGab
-----END CERTIFICATE-----
Generated at Wed May 14 17:11:06 2025 by rpki-client