Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/tnppNfaaqarR7ny6hnX79E2BcQ8.roa
File: tnppNfaaqarR7ny6hnX79E2BcQ8.roa (raw, json)
Hash identifier: lCcI7ndOZQnHsG7WZSCEqxRIqpl3Il1W3k6ZvK6d70Q=
Subject key identifier: B6:7A:69:35:F6:9A:A9:AA:D1:EE:7C:BA:86:75:FB:F4:4D:81:71:0F
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 01922DA6A4FF499E7579F1862A42BE5BD2C4
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/tnppNfaaqarR7ny6hnX79E2BcQ8.roa
Signing time: Thu 26 Sep 2024 09:25:48 +0000
ROA not before: Thu 26 Sep 2024 09:25:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210541
IP address blocks: 31.42.114.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:2d:a6:a4:ff:49:9e:75:79:f1:86:2a:42:be:5b:d2:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Sep 26 09:25:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b67a6935f69aa9aad1ee7cba8675fbf44d81710f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:1d:92:8a:aa:2b:09:8b:0d:a5:bd:9a:14:51:
75:9b:b2:44:9a:5d:bb:f5:8c:f6:f9:16:22:12:de:
36:98:fb:3b:e8:02:48:10:cc:80:92:81:e4:a1:54:
76:28:29:16:58:c8:6e:8c:40:78:ee:5e:98:f6:02:
4a:fe:cf:ee:eb:2a:0c:08:22:88:97:08:16:f1:66:
1b:4e:af:bb:a0:9c:5b:31:7f:5d:b9:48:50:b7:f2:
90:60:ec:88:1e:8f:f0:13:8c:da:fc:00:54:4d:7b:
42:23:f5:70:06:fa:23:0a:94:87:1b:c9:63:6f:36:
6b:4d:f1:56:0a:cb:fe:16:c8:83:ac:ba:23:51:e3:
36:b0:b4:ed:c9:39:72:0e:ad:7c:96:b7:7e:dd:19:
e6:48:c7:57:1d:11:7d:fe:28:c7:8a:04:00:60:12:
b5:7f:84:37:cd:fd:bf:c3:f3:64:4e:1b:60:c5:91:
74:e3:2c:c5:a1:ac:fc:f3:67:58:1b:c5:c4:36:aa:
ca:67:a3:3c:ec:74:1f:52:04:7a:02:07:f9:6f:3c:
c1:93:9b:91:24:a6:0b:d1:5f:98:c3:1c:e9:1e:83:
f2:34:52:8c:ed:da:a0:c0:0a:5c:c1:c3:c9:0d:ba:
3b:b5:42:86:9c:27:90:b3:1e:fa:df:14:3a:d3:34:
26:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:7A:69:35:F6:9A:A9:AA:D1:EE:7C:BA:86:75:FB:F4:4D:81:71:0F
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/tnppNfaaqarR7ny6hnX79E2BcQ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.114.0/24
Signature Algorithm: sha256WithRSAEncryption
73:01:1d:a5:6f:bd:85:e8:6a:cf:2f:fc:97:80:c6:2b:bb:45:
a1:87:04:4f:c7:1d:54:f1:65:1f:43:a2:ff:9c:dd:9d:13:40:
6c:3a:b7:78:73:1d:a2:c2:02:f5:9f:f3:0d:4b:09:bc:ba:63:
79:00:8f:39:f9:0c:8c:0b:ff:4e:72:28:15:57:9f:88:4a:79:
13:71:93:45:3c:75:cc:86:59:05:84:33:64:8d:97:c1:39:b8:
cb:d7:fb:0a:df:df:79:04:57:73:7c:8f:9d:04:82:35:16:f4:
48:39:95:b2:f7:4a:08:30:c1:b1:dd:ac:b0:9f:a2:01:08:fd:
3f:47:64:c7:f2:e5:87:8b:7a:c5:18:4b:72:26:54:f2:38:b9:
76:ea:fb:a3:1b:7a:9f:b4:92:fb:66:83:97:af:d5:2a:e9:fd:
4c:1f:8b:9c:fe:0a:3b:6c:d9:16:a2:c7:bd:84:75:6d:d5:3a:
15:c3:ea:6d:d6:58:be:aa:be:06:20:e0:86:08:56:23:9d:40:
9a:43:d4:69:ab:a4:68:e0:be:c9:3d:f9:09:cf:74:e1:6a:ac:
47:cb:f2:6f:a5:a9:56:d9:25:fa:b3:d0:f3:13:b6:3e:e9:47:
ca:d0:20:3a:7c:21:5e:a0:41:f9:aa:4a:73:f6:8e:ee:7a:74:
18:0c:c0:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZItpqT/SZ51efGGKkK+W9LEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjQwOTI2MDkyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjdhNjkzNWY2OWFhOWFhZDFlZTdjYmE4Njc1ZmJmNDRkODE3MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnx2SiqorCYsNpb2aFFF1m7JEml27
9Yz2+RYiEt42mPs76AJIEMyAkoHkoVR2KCkWWMhujEB47l6Y9gJK/s/u6yoMCCKI
lwgW8WYbTq+7oJxbMX9duUhQt/KQYOyIHo/wE4za/ABUTXtCI/VwBvojCpSHG8lj
bzZrTfFWCsv+FsiDrLojUeM2sLTtyTlyDq18lrd+3RnmSMdXHRF9/ijHigQAYBK1
f4Q3zf2/w/NkThtgxZF04yzFoaz882dYG8XENqrKZ6M87HQfUgR6Agf5bzzBk5uR
JKYL0V+YwxzpHoPyNFKM7dqgwApcwcPJDbo7tUKGnCeQsx763xQ60zQm8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZ6aTX2mqmq0e58uoZ1+/RNgXEPMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvdG5wcE5mYWFxYXJSN255NmhuWDc5RTJCY1E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHypyMA0G
CSqGSIb3DQEBCwUAA4IBAQBzAR2lb72F6GrPL/yXgMYru0WhhwRPxx1U8WUfQ6L/
nN2dE0BsOrd4cx2iwgL1n/MNSwm8umN5AI85+QyMC/9OcigVV5+ISnkTcZNFPHXM
hlkFhDNkjZfBObjL1/sK3995BFdzfI+dBII1FvRIOZWy90oIMMGx3aywn6IBCP0/
R2TH8uWHi3rFGEtyJlTyOLl26vujG3qftJL7ZoOXr9Uq6f1MH4uc/go7bNkWose9
hHVt1ToVw+pt1li+qr4GIOCGCFYjnUCaQ9Rpq6Ro4L7JPfkJz3ThaqxHy/JvpalW
2SX6s9DzE7Y+6UfK0CA6fCFeoEH5qkpz9o7uenQYDMCX
-----END CERTIFICATE-----
Generated at Sat May 10 10:43:57 2025 by rpki-client