Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/dsk0BvSO9my5_jE8ScdjROSo9kU.roa
File: dsk0BvSO9my5_jE8ScdjROSo9kU.roa (raw, json)
Hash identifier: VGYNyWy12jkk9stCXPt0yYFDmXOWqua0bdskRRddKUM=
Subject key identifier: 76:C9:34:06:F4:8E:F6:6C:B9:FE:31:3C:49:C7:63:44:E4:A8:F6:45
Certificate issuer: /CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Certificate serial: 01879F1EFF27743503B58F52B4A10BEACBBC
Authority key identifier: 25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/dsk0BvSO9my5_jE8ScdjROSo9kU.roa
Signing time: Thu 20 Apr 2023 14:43:41 +0000
ROA not before: Thu 20 Apr 2023 14:43:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200845
IP address blocks: 185.178.171.0/24 maxlen: 24
185.178.170.0/24 maxlen: 24
185.178.169.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:9f:1e:ff:27:74:35:03:b5:8f:52:b4:a1:0b:ea:cb:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Validity
Not Before: Apr 20 14:43:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=76c93406f48ef66cb9fe313c49c76344e4a8f645
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:5e:fb:86:b5:4d:82:e9:a9:93:aa:bc:f6:ab:
10:56:a0:bb:a0:cd:92:ad:3c:cf:7b:06:b8:1a:b4:
a5:be:95:2b:db:f4:69:75:c9:b9:8f:c9:f5:79:bd:
66:c8:c8:3c:21:5f:b3:20:af:64:33:1b:bb:11:a8:
a5:c0:c4:a1:f2:cb:5d:95:6e:31:4a:b7:8b:e4:89:
8b:4e:c6:d7:3a:0a:8b:6a:4a:a3:cc:43:c3:a6:77:
4c:61:4c:cc:05:bc:89:2d:9b:27:1a:a8:89:c6:81:
44:95:16:ad:e8:64:2a:f6:49:21:3e:de:da:4a:c7:
3d:1a:14:54:ad:cf:d3:21:0f:bf:f0:f0:fa:a7:7a:
88:67:1c:33:a2:9f:d0:dc:79:d8:b2:5f:7f:fc:df:
6e:51:15:0b:1a:80:f2:3a:ed:85:c7:29:34:3e:28:
84:1a:37:f1:be:23:b7:89:e3:0d:4d:d1:2f:3c:9e:
0e:a3:07:fe:3c:e0:ea:6d:69:20:69:c6:c4:c6:5e:
dd:86:12:4e:2e:ac:01:c4:2f:c0:9b:f8:35:62:b9:
e0:8c:a8:ac:d9:70:8e:1d:0e:a0:13:36:90:ea:9a:
da:93:e7:4f:9d:01:3f:4a:d6:a0:ec:38:91:4c:91:
74:0f:a5:68:6e:4e:4b:3d:73:e9:c0:86:51:e1:60:
b4:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:C9:34:06:F4:8E:F6:6C:B9:FE:31:3C:49:C7:63:44:E4:A8:F6:45
X509v3 Authority Key Identifier:
keyid:25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/dsk0BvSO9my5_jE8ScdjROSo9kU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.178.169.0-185.178.171.255
Signature Algorithm: sha256WithRSAEncryption
29:f0:5b:be:27:fd:a2:f2:12:64:59:93:94:56:5b:31:36:b4:
39:b5:52:bc:d9:46:08:1d:0d:67:ff:17:1a:eb:d3:c8:90:cd:
7c:9b:b6:6a:0d:9a:da:73:ed:cf:30:4c:83:d3:48:e2:69:25:
ac:7f:56:6f:46:5f:4e:92:62:93:94:bb:db:f9:83:63:f5:8f:
4c:95:f5:75:60:22:28:7d:c6:95:fb:7e:ab:57:2c:95:99:c1:
62:19:f7:7a:5b:f6:79:1e:f7:1b:d2:c8:ed:cb:05:05:00:c9:
b3:88:ed:c2:1a:bf:f9:d4:af:6f:4b:65:89:48:8c:c3:88:c8:
9d:c8:6c:83:ac:57:93:0f:d1:8c:bb:60:e8:72:d8:80:f6:fd:
9a:75:0a:58:29:44:34:ed:76:e5:76:ab:16:bc:8b:98:31:00:
89:1b:a8:41:0b:e7:30:42:44:1a:34:94:02:52:9c:87:15:db:
c3:ff:52:34:ce:6c:fc:9c:0c:49:5e:e6:67:9c:a9:be:3f:4c:
d6:51:d8:98:50:64:a6:b6:4d:4b:33:6b:a2:5a:23:43:90:5d:
d6:3c:5c:89:d1:78:b9:f0:86:1d:42:95:9e:2f:06:28:4a:14:
d5:69:94:ad:a3:7c:c4:0b:b9:40:6f:e9:d9:a5:f1:1a:21:d0:
30:29:7d:2e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYefHv8ndDUDtY9StKEL6su8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWU1NTFhZjBiYjVkNzk3N2VhNzNmNjg5NmYyNWYxZWNh
MjhmOWQwHhcNMjMwNDIwMTQ0MzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmM5MzQwNmY0OGVmNjZjYjlmZTMxM2M0OWM3NjM0NGU0YThmNjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2l77hrVNgumpk6q89qsQVqC7oM2S
rTzPewa4GrSlvpUr2/Rpdcm5j8n1eb1myMg8IV+zIK9kMxu7EailwMSh8stdlW4x
SreL5ImLTsbXOgqLakqjzEPDpndMYUzMBbyJLZsnGqiJxoFElRat6GQq9kkhPt7a
Ssc9GhRUrc/TIQ+/8PD6p3qIZxwzop/Q3HnYsl9//N9uURULGoDyOu2Fxyk0PiiE
GjfxviO3ieMNTdEvPJ4Oowf+PODqbWkgacbExl7dhhJOLqwBxC/Am/g1YrngjKis
2XCOHQ6gEzaQ6prak+dPnQE/Stag7DiRTJF0D6Vobk5LPXPpwIZR4WC0dwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHbJNAb0jvZsuf4xPEnHY0TkqPZFMB8GA1UdIwQY
MBaAFCWuVRrwu115d+pz9olvJfHsoo+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjkt
MjE0MmY4ZmI2NzZlLzEvZHNrMEJ2U085bXk1X2pFOFNjZGpST1NvOWtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjktMjE0MmY4ZmI2NzZl
LzEvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5sqkD
BAK5sqgwDQYJKoZIhvcNAQELBQADggEBACnwW74n/aLyEmRZk5RWWzE2tDm1UrzZ
RggdDWf/Fxrr08iQzXybtmoNmtpz7c8wTIPTSOJpJax/Vm9GX06SYpOUu9v5g2P1
j0yV9XVgIih9xpX7fqtXLJWZwWIZ93pb9nke9xvSyO3LBQUAybOI7cIav/nUr29L
ZYlIjMOIyJ3IbIOsV5MP0Yy7YOhy2ID2/Zp1ClgpRDTtduV2qxa8i5gxAIkbqEEL
5zBCRBo0lAJSnIcV28P/UjTObPycDEle5mecqb4/TNZR2JhQZKa2TUsza6JaI0OQ
XdY8XInReLnwhh1ClZ4vBihKFNVplK2jfMQLuUBv6dml8Roh0DApfS4=
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:56:07 2025 by rpki-client