Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/aGHdskbk6PNJDGRJlgzb76cZ1g8.roa
File: aGHdskbk6PNJDGRJlgzb76cZ1g8.roa (raw, json)
Hash identifier: fmvbKeVh6MCr7ogbo/K72eMFbJYqINWzJlRxKEBWPE0=
Subject key identifier: 68:61:DD:B2:46:E4:E8:F3:49:0C:64:49:96:0C:DB:EF:A7:19:D6:0F
Certificate issuer: /CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Certificate serial: 0187A2BE944367B2B101FDC579DB6A0D9CEC
Authority key identifier: 25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/aGHdskbk6PNJDGRJlgzb76cZ1g8.roa
Signing time: Fri 21 Apr 2023 07:36:51 +0000
ROA not before: Fri 21 Apr 2023 07:36:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200845
IP address blocks: 5.158.85.0/24 maxlen: 24
185.178.171.0/24 maxlen: 24
185.178.170.0/24 maxlen: 24
185.178.169.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a2:be:94:43:67:b2:b1:01:fd:c5:79:db:6a:0d:9c:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Validity
Not Before: Apr 21 07:36:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6861ddb246e4e8f3490c6449960cdbefa719d60f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:7c:2e:1c:6f:eb:bd:84:b5:bd:e0:8d:a6:4d:
39:84:05:3a:65:14:ff:da:b1:33:9e:95:35:e8:51:
cf:4f:18:1e:dd:3b:4e:dc:b8:32:39:ad:5c:5c:32:
bf:2d:44:d7:ff:7a:55:a3:90:9f:70:d8:0c:9d:49:
18:cd:36:eb:17:fc:95:b2:1f:42:46:6b:74:2e:12:
8a:01:a6:bb:e4:0d:1d:2a:78:3b:84:a4:dd:b2:13:
35:62:3a:03:90:13:61:d4:9c:af:cc:1b:14:a1:ff:
ae:5c:64:13:07:88:b0:af:8a:a2:61:73:1f:09:f3:
35:7a:18:12:f8:ca:2d:1b:4f:29:a8:f6:6e:42:4d:
a8:c1:1c:21:76:1f:05:97:10:61:26:0d:82:ea:c6:
e1:14:a7:f7:c8:3d:ea:01:0e:77:ae:11:bb:73:48:
19:ce:34:1f:dc:c8:7b:7c:d9:47:59:1c:05:cb:19:
23:3e:b0:4a:bd:c6:a9:0d:8b:a3:93:27:81:54:da:
cb:0f:bf:32:dd:57:3b:8a:d6:cd:60:3d:25:8b:7f:
ad:c5:eb:9c:e4:22:30:cc:c3:c3:14:33:98:98:e1:
bc:bf:01:41:45:ba:e4:01:bf:1c:5e:a3:e6:d8:f0:
08:0e:94:a1:36:09:e6:d0:a1:a2:69:01:5f:d7:fe:
59:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:61:DD:B2:46:E4:E8:F3:49:0C:64:49:96:0C:DB:EF:A7:19:D6:0F
X509v3 Authority Key Identifier:
keyid:25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/aGHdskbk6PNJDGRJlgzb76cZ1g8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.158.85.0/24
185.178.169.0-185.178.171.255
Signature Algorithm: sha256WithRSAEncryption
09:f3:fc:93:d7:ad:9a:b2:c8:cc:eb:dc:c1:df:76:e6:41:dc:
65:f0:2c:92:60:67:b5:0a:19:0d:fd:a1:d7:1d:d4:67:5e:bf:
4b:76:58:95:eb:8f:d2:54:71:09:1b:32:3a:77:f6:e6:9b:3a:
86:d8:97:40:4d:d7:a9:d3:32:b6:65:1a:e6:f0:3c:a1:c5:6b:
da:de:b4:93:1a:23:b4:4d:d0:2d:e7:9d:43:f7:09:51:ec:97:
24:36:ac:8d:f4:17:4f:ed:60:db:ad:e0:9f:7a:1f:36:15:2f:
2b:dc:1b:d0:d0:48:11:3c:6c:30:4d:5c:d9:b5:0b:eb:19:cc:
c0:1f:d2:83:7b:f1:23:f1:af:a3:6b:6a:1f:64:c3:b0:12:65:
81:72:82:cc:93:70:9a:c2:da:ac:ff:61:f9:8e:77:ef:82:36:
b0:a8:ce:81:64:20:f3:a6:ad:01:a7:1e:28:79:02:b4:74:7b:
f1:8e:45:28:1b:5c:b6:99:8b:6d:57:04:8d:34:25:db:e6:f6:
0d:eb:30:af:b3:e1:89:36:e2:65:d7:c7:cd:75:be:08:67:77:
ea:59:d4:ce:46:27:e4:3d:7d:ba:d4:68:28:26:55:71:87:c6:
ca:c0:37:b5:2c:1f:92:a0:0d:9d:27:56:21:a5:62:24:74:ec:
a0:4a:bc:85
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYeivpRDZ7KxAf3FedtqDZzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWU1NTFhZjBiYjVkNzk3N2VhNzNmNjg5NmYyNWYxZWNh
MjhmOWQwHhcNMjMwNDIxMDczNjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODYxZGRiMjQ2ZTRlOGYzNDkwYzY0NDk5NjBjZGJlZmE3MTlkNjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXwuHG/rvYS1veCNpk05hAU6ZRT/
2rEznpU16FHPTxge3TtO3LgyOa1cXDK/LUTX/3pVo5CfcNgMnUkYzTbrF/yVsh9C
Rmt0LhKKAaa75A0dKng7hKTdshM1YjoDkBNh1JyvzBsUof+uXGQTB4iwr4qiYXMf
CfM1ehgS+MotG08pqPZuQk2owRwhdh8FlxBhJg2C6sbhFKf3yD3qAQ53rhG7c0gZ
zjQf3Mh7fNlHWRwFyxkjPrBKvcapDYujkyeBVNrLD78y3Vc7itbNYD0li3+txeuc
5CIwzMPDFDOYmOG8vwFBRbrkAb8cXqPm2PAIDpShNgnm0KGiaQFf1/5ZuQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGhh3bJG5OjzSQxkSZYM2++nGdYPMB8GA1UdIwQY
MBaAFCWuVRrwu115d+pz9olvJfHsoo+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjkt
MjE0MmY4ZmI2NzZlLzEvYUdIZHNrYms2UE5KREdSSmxnemI3NmNaMWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjktMjE0MmY4ZmI2NzZl
LzEvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQABZ5VMAwD
BAC5sqkDBAK5sqgwDQYJKoZIhvcNAQELBQADggEBAAnz/JPXrZqyyMzr3MHfduZB
3GXwLJJgZ7UKGQ39odcd1Gdev0t2WJXrj9JUcQkbMjp39uabOobYl0BN16nTMrZl
GubwPKHFa9retJMaI7RN0C3nnUP3CVHslyQ2rI30F0/tYNut4J96HzYVLyvcG9DQ
SBE8bDBNXNm1C+sZzMAf0oN78SPxr6Nrah9kw7ASZYFygsyTcJrC2qz/YfmOd++C
NrCozoFkIPOmrQGnHih5ArR0e/GORSgbXLaZi21XBI00Jdvm9g3rMK+z4Yk24mXX
x811vghnd+pZ1M5GJ+Q9fbrUaCgmVXGHxsrAN7UsH5KgDZ0nViGlYiR07KBKvIU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:39 2024 by rpki-client on console-ams.rpki-client.org