Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Rg98YjtteGYkxt9h72erx61_2kM.roa
File: Rg98YjtteGYkxt9h72erx61_2kM.roa (raw, json)
Hash identifier: OP3WZawjlQTsmU9JFxI3FSvzfQKpVItgz+HV3QCnwHo=
Subject key identifier: 46:0F:7C:62:3B:6D:78:66:24:C6:DF:61:EF:67:AB:C7:AD:7F:DA:43
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018F14546ED51E2ECC906A7F93FF004E9EFB
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Rg98YjtteGYkxt9h72erx61_2kM.roa
Signing time: Thu 25 Apr 2024 08:17:08 +0000
ROA not before: Thu 25 Apr 2024 08:17:08 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60068
IP address blocks: 2.56.103.0/24 maxlen: 24
2.59.22.0/24 maxlen: 24
45.131.215.0/24 maxlen: 24
103.114.40.0/22 maxlen: 24
185.155.200.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:14:54:6e:d5:1e:2e:cc:90:6a:7f:93:ff:00:4e:9e:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Apr 25 08:17:08 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=460f7c623b6d786624c6df61ef67abc7ad7fda43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:c4:87:0a:72:13:4c:9f:69:49:31:74:65:4f:
ff:12:0b:c3:93:17:d0:95:9f:5e:57:b3:94:ea:16:
e3:b1:e3:3b:13:0a:20:d9:98:82:1b:3c:db:cf:58:
f0:8c:e0:d1:e4:eb:ff:ba:1f:c8:aa:ab:c9:5d:10:
41:77:9c:57:4e:fb:d3:ac:77:7b:b9:43:ad:6b:9f:
2d:04:0f:23:66:50:d7:2a:99:90:24:c0:d5:df:0a:
43:2e:ff:f9:db:53:e7:01:49:76:3e:dd:c0:ea:f4:
b6:8d:e9:8f:b8:db:70:fb:19:fe:dc:ce:6b:ca:8c:
50:ff:ae:79:32:95:a9:47:de:b7:83:01:1c:91:c6:
3c:4b:28:f6:af:d0:e3:96:39:e5:3d:5c:e4:34:78:
a0:92:06:52:e2:dc:62:22:c0:32:c4:26:03:eb:28:
2d:74:3c:a6:8d:78:34:0e:7d:28:2f:1c:4d:27:6c:
23:81:9f:dc:ec:aa:b0:94:df:16:43:66:d4:47:c8:
a1:1a:42:c5:c5:a9:43:6a:84:99:48:6e:4c:fb:cd:
13:58:10:c8:4f:4b:eb:8a:f6:bd:8b:7b:8b:82:0a:
2c:70:a6:12:bb:75:8d:15:8a:b6:e5:42:87:f5:a4:
69:5d:ef:9e:1e:b8:54:08:24:14:e9:76:5b:6f:15:
48:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:0F:7C:62:3B:6D:78:66:24:C6:DF:61:EF:67:AB:C7:AD:7F:DA:43
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Rg98YjtteGYkxt9h72erx61_2kM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.103.0/24
2.59.22.0/24
45.131.215.0/24
103.114.40.0/22
185.155.200.0/24
Signature Algorithm: sha256WithRSAEncryption
29:9f:fc:f2:cc:a1:b4:ef:fd:35:51:e2:55:ef:42:b1:f1:a9:
e1:64:ea:38:5c:c0:e6:e2:31:90:cc:68:e4:88:87:43:3f:eb:
86:12:76:69:ee:36:b4:53:f1:c7:9e:3a:13:8f:f3:fb:fa:85:
a7:11:ae:42:b7:ff:f1:5e:a7:ca:d6:d1:a4:bd:4d:b5:b9:6d:
aa:09:b7:3a:d2:bc:b1:43:0e:bc:e5:ec:a4:79:42:4a:93:96:
cb:b7:17:da:0c:fb:fa:92:7e:7c:84:41:b9:ad:18:b4:9b:6e:
ab:74:a9:73:f7:ef:68:81:6c:4a:ca:4d:56:75:91:06:f7:24:
a3:bd:bd:1d:95:b6:9d:ca:4b:58:03:e9:87:c9:62:3c:42:9e:
ad:8a:74:32:81:82:d3:db:f1:2f:3f:b5:8c:fa:7f:6d:28:21:
85:d5:0b:4b:75:98:e4:d6:ed:01:1f:4a:60:64:b5:ce:3e:7f:
29:80:21:67:88:e1:d0:ef:72:b0:cf:1d:60:62:0d:36:51:25:
ed:64:d3:7c:c2:b4:a6:7b:b7:1f:c6:5b:1e:88:42:66:db:5d:
41:ea:e5:c5:a1:4d:46:9f:5f:6c:55:3a:42:0a:23:35:b0:6f:
3e:88:c0:b1:b4:21:20:1b:3e:6d:5e:83:47:fd:c3:61:b1:fc:
b1:6f:6a:fb
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY8UVG7VHi7MkGp/k/8ATp77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNDI1MDgxNzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjBmN2M2MjNiNmQ3ODY2MjRjNmRmNjFlZjY3YWJjN2FkN2ZkYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMSHCnITTJ9pSTF0ZU//EgvDkxfQ
lZ9eV7OU6hbjseM7Ewog2ZiCGzzbz1jwjODR5Ov/uh/IqqvJXRBBd5xXTvvTrHd7
uUOta58tBA8jZlDXKpmQJMDV3wpDLv/521PnAUl2Pt3A6vS2jemPuNtw+xn+3M5r
yoxQ/655MpWpR963gwEckcY8Syj2r9DjljnlPVzkNHigkgZS4txiIsAyxCYD6ygt
dDymjXg0Dn0oLxxNJ2wjgZ/c7KqwlN8WQ2bUR8ihGkLFxalDaoSZSG5M+80TWBDI
T0vriva9i3uLggoscKYSu3WNFYq25UKH9aRpXe+eHrhUCCQU6XZbbxVIsQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEYPfGI7bXhmJMbfYe9nq8etf9pDMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUmc5OFlqdHRlR1lreHQ5aDcyZXJ4NjFfMmtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAAjhnAwQA
AjsWAwQALYPXAwQCZ3IoAwQAuZvIMA0GCSqGSIb3DQEBCwUAA4IBAQApn/zyzKG0
7/01UeJV70Kx8anhZOo4XMDm4jGQzGjkiIdDP+uGEnZp7ja0U/HHnjoTj/P7+oWn
Ea5Ct//xXqfK1tGkvU21uW2qCbc60ryxQw685eykeUJKk5bLtxfaDPv6kn58hEG5
rRi0m26rdKlz9+9ogWxKyk1WdZEG9ySjvb0dlbadyktYA+mHyWI8Qp6tinQygYLT
2/EvP7WM+n9tKCGF1QtLdZjk1u0BH0pgZLXOPn8pgCFniOHQ73Kwzx1gYg02USXt
ZNN8wrSme7cfxlseiEJm211B6uXFoU1Gn19sVTpCCiM1sG8+iMCxtCEgGz5tXoNH
/cNhsfyxb2r7
-----END CERTIFICATE-----
Generated at Mon May 12 18:28:16 2025 by rpki-client