Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8kLkYTLXiZJg7wBvFkwFxas1qts.roa
File: 8kLkYTLXiZJg7wBvFkwFxas1qts.roa (raw, json)
Hash identifier: CNnhnidBHxRdY8zjRjPIOPOEFIOLB44Gh58hWtzj25A=
Subject key identifier: F2:42:E4:61:32:D7:89:92:60:EF:00:6F:16:4C:05:C5:AB:35:AA:DB
Certificate issuer: /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial: 0188706FA9F065B1F74DCB35580962ED83C4
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8kLkYTLXiZJg7wBvFkwFxas1qts.roa
Signing time: Wed 31 May 2023 06:12:25 +0000
ROA not before: Wed 31 May 2023 06:12:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50693
IP address blocks: 178.20.204.0/24 maxlen: 24
178.20.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:70:6f:a9:f0:65:b1:f7:4d:cb:35:58:09:62:ed:83:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Validity
Not Before: May 31 06:12:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f242e46132d7899260ef006f164c05c5ab35aadb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:01:db:d8:d3:9b:d2:36:eb:95:df:e6:e2:74:
d4:f4:3a:93:1f:93:89:5b:66:73:98:30:09:66:da:
42:81:70:3f:f4:fb:52:9f:a3:45:7c:14:a6:5a:fa:
a6:71:25:51:cb:72:f1:f1:ae:a0:f2:52:f3:d1:bb:
6b:c3:5b:d3:4e:de:f0:b7:d9:10:cf:91:01:2d:75:
a6:5c:21:5c:32:7b:11:7e:08:68:f6:03:63:cd:d2:
3a:4b:a6:d7:cf:84:4c:a6:eb:88:6f:e2:e1:ef:13:
64:e3:e3:54:17:e0:96:5e:7b:2f:67:75:00:f8:4e:
e9:85:0f:76:2b:29:d2:65:e8:20:5a:4c:f2:5b:05:
8c:dd:34:15:56:cc:7e:5c:7d:3a:a5:d1:e8:f3:3c:
7a:be:cd:47:12:6c:33:ec:5c:f6:d1:02:13:8d:18:
ff:d4:20:34:0d:1a:e9:d0:a7:c7:22:fb:f5:d4:4e:
50:cf:c5:6d:e5:2f:31:36:35:0d:4b:ea:83:3a:6c:
f6:eb:c6:7f:12:7c:08:af:ab:04:a4:03:f2:8b:81:
99:44:5d:54:76:ea:53:b5:04:73:b2:dc:02:79:69:
c0:c5:23:73:97:2e:d3:c9:d2:38:51:fd:b3:91:74:
f0:b8:d3:f9:df:c7:c7:20:5d:e0:f8:b9:ab:ac:33:
84:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:42:E4:61:32:D7:89:92:60:EF:00:6F:16:4C:05:C5:AB:35:AA:DB
X509v3 Authority Key Identifier:
keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/8kLkYTLXiZJg7wBvFkwFxas1qts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.20.204.0/24
178.20.207.0/24
Signature Algorithm: sha256WithRSAEncryption
19:73:f2:e0:4b:a6:05:cc:f6:e8:d5:72:ac:87:37:38:5a:da:
e4:e7:f6:e0:c6:57:67:16:97:73:a3:75:35:9c:b8:a6:f3:01:
0f:3d:40:94:4b:a6:70:f6:59:44:79:3f:ef:95:6e:e6:5d:c7:
ee:81:1d:2c:5e:d3:ae:6f:6d:cd:4a:22:61:cd:8e:f5:a8:51:
ee:15:2e:9c:ae:5a:51:5d:87:96:b5:3c:34:e9:98:36:86:46:
88:71:6e:99:24:38:87:83:29:34:ea:74:9c:dc:ab:b0:3a:19:
ea:46:e1:bb:eb:f9:19:f1:fb:82:f4:3d:bf:af:d1:c8:b6:28:
3d:60:18:eb:0f:b2:ec:87:a2:f9:45:1b:53:eb:ad:9e:c1:9a:
df:d9:7a:70:ff:ef:32:23:18:ba:2f:4d:16:00:9e:fb:be:bc:
9c:0a:97:ea:aa:48:f8:7b:91:31:24:fc:cb:cf:a8:aa:5f:54:
a0:6c:cc:c4:8e:54:28:a1:57:82:aa:16:4f:e1:a8:39:9c:10:
c5:e9:db:b5:60:68:4e:09:e5:97:e6:6a:4f:14:c8:3a:80:d8:
36:09:f5:fe:e8:f3:13:56:27:d1:d6:ce:b6:f3:71:94:1d:c8:
db:92:94:36:23:77:b9:50:3e:a2:30:40:c1:e9:79:0f:fd:09:
d1:06:7b:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYhwb6nwZbH3Tcs1WAli7YPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjMwNTMxMDYxMjI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQyZTQ2MTMyZDc4OTkyNjBlZjAwNmYxNjRjMDVjNWFiMzVhYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgHb2NOb0jbrld/m4nTU9DqTH5OJ
W2ZzmDAJZtpCgXA/9PtSn6NFfBSmWvqmcSVRy3Lx8a6g8lLz0btrw1vTTt7wt9kQ
z5EBLXWmXCFcMnsRfgho9gNjzdI6S6bXz4RMpuuIb+Lh7xNk4+NUF+CWXnsvZ3UA
+E7phQ92KynSZeggWkzyWwWM3TQVVsx+XH06pdHo8zx6vs1HEmwz7Fz20QITjRj/
1CA0DRrp0KfHIvv11E5Qz8Vt5S8xNjUNS+qDOmz268Z/EnwIr6sEpAPyi4GZRF1U
dupTtQRzstwCeWnAxSNzly7TydI4Uf2zkXTwuNP538fHIF3g+LmrrDOEkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPJC5GEy14mSYO8AbxZMBcWrNarbMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvOGtMa1lUTFhpWkpnN3dCdkZrd0Z4YXMxcXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAshTMAwQA
shTPMA0GCSqGSIb3DQEBCwUAA4IBAQAZc/LgS6YFzPbo1XKshzc4Wtrk5/bgxldn
Fpdzo3U1nLim8wEPPUCUS6Zw9llEeT/vlW7mXcfugR0sXtOub23NSiJhzY71qFHu
FS6crlpRXYeWtTw06Zg2hkaIcW6ZJDiHgyk06nSc3KuwOhnqRuG76/kZ8fuC9D2/
r9HItig9YBjrD7Lsh6L5RRtT662ewZrf2Xpw/+8yIxi6L00WAJ77vrycCpfqqkj4
e5ExJPzLz6iqX1SgbMzEjlQooVeCqhZP4ag5nBDF6du1YGhOCeWX5mpPFMg6gNg2
CfX+6PMTVifR1s6283GUHcjbkpQ2I3e5UD6iMEDB6XkP/QnRBnsT
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:17:40 2025 by rpki-client