Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/m4l4m5QamhpDUZ7pQpbf1LyULDY.roa
File: m4l4m5QamhpDUZ7pQpbf1LyULDY.roa (raw, json)
Hash identifier: TrQ9PPJhR4nXzeJhDKgXLr1ZZo4zjGAZ16d3deVqT7I=
Subject key identifier: 9B:89:78:9B:94:1A:9A:1A:43:51:9E:E9:42:96:DF:D4:BC:94:2C:36
Certificate issuer: /CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Certificate serial: 01856C8A6247A81A604334DE45569D7A96DE
Authority key identifier: 25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/m4l4m5QamhpDUZ7pQpbf1LyULDY.roa
Signing time: Sun 01 Jan 2023 08:54:46 +0000
ROA not before: Sun 01 Jan 2023 08:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200845
IP address blocks: 185.178.171.0/24 maxlen: 24
185.178.169.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:8a:62:47:a8:1a:60:43:34:de:45:56:9d:7a:96:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Validity
Not Before: Jan 1 08:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9b89789b941a9a1a43519ee94296dfd4bc942c36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:26:b5:a1:9c:59:09:85:ba:9d:5d:ad:2b:16:
a2:73:4c:c4:18:da:0a:03:a1:ee:2a:b0:60:b5:19:
b2:65:2d:39:96:0e:ac:01:dd:2a:b3:aa:ce:03:94:
90:a5:f7:cb:4a:11:68:ae:a4:5c:c0:e1:06:d8:6d:
0e:2f:be:92:b1:05:d5:d4:36:e5:9d:71:94:4c:b0:
9b:6f:de:58:4f:85:7c:bf:d2:19:d6:5d:57:92:90:
ea:c0:e3:28:cf:7c:ec:22:f6:34:5f:5e:2f:3a:d7:
65:9d:29:3f:b1:8c:d8:00:86:c2:ae:a8:0c:17:dd:
79:ce:5e:d9:d2:d0:bb:92:7e:62:8c:75:b8:2d:36:
a9:c5:7e:3b:58:3b:4c:dc:dd:d2:e1:30:c3:c2:94:
0c:11:ec:c7:24:0d:29:59:d2:e6:b6:62:37:0e:e7:
c3:5d:a8:fd:b1:f0:60:97:3b:fb:9e:3b:a3:1d:fb:
4b:94:a1:0a:3d:0a:dc:2a:ae:9f:bc:1b:3c:88:e9:
b9:4e:1d:18:58:84:0b:a9:ef:41:07:ba:75:41:52:
6a:fa:ee:2b:64:66:b4:e6:0b:6c:91:9f:39:86:78:
f8:3f:96:5d:88:5a:b3:58:68:f4:e8:68:fe:2a:d9:
8c:bf:06:38:f0:08:d0:19:a6:02:0a:26:94:b2:83:
56:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:89:78:9B:94:1A:9A:1A:43:51:9E:E9:42:96:DF:D4:BC:94:2C:36
X509v3 Authority Key Identifier:
keyid:25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/m4l4m5QamhpDUZ7pQpbf1LyULDY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.178.169.0/24
185.178.171.0/24
Signature Algorithm: sha256WithRSAEncryption
21:2f:6f:bb:28:6b:05:66:2f:47:18:12:c8:aa:5c:18:e4:f1:
27:3e:cb:be:e4:16:92:30:c5:b2:ee:56:6c:cb:33:d3:ec:81:
6c:eb:5d:ed:17:38:ac:1d:b3:66:e5:09:21:24:05:f1:89:ed:
70:d2:35:29:df:68:c9:be:3b:45:b4:9e:da:74:14:ca:29:61:
69:21:a2:a5:d2:04:75:ab:33:2b:66:89:a5:61:39:67:18:71:
e1:4c:70:6d:ad:72:58:96:47:6f:e1:2a:37:ca:b5:79:22:ae:
75:c1:86:be:85:85:ca:52:e8:fd:81:26:9a:ad:a3:93:7d:d0:
0f:46:c9:00:9f:38:b2:c1:aa:0e:1a:78:91:df:9e:3e:2c:cf:
8e:ca:e1:c0:6f:ef:e3:b4:b3:47:3e:05:41:ef:0b:ac:6e:9c:
b1:73:0c:b1:38:1c:4f:4b:77:46:1f:62:86:9d:0e:cd:23:f5:
46:2f:6e:19:84:8b:c2:cc:8e:bc:be:15:1e:2d:41:38:9d:3c:
8d:80:c4:97:db:0b:63:dc:6e:c7:58:48:a1:3b:2b:f4:5e:cf:
78:0d:a4:e8:48:bf:e9:df:1c:00:4f:c0:63:61:b2:c3:f4:4c:
32:c2:5e:dd:79:40:79:68:b1:e9:fc:2e:b3:9e:e0:90:1d:de:
9b:ee:cb:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVsimJHqBpgQzTeRVadepbeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWU1NTFhZjBiYjVkNzk3N2VhNzNmNjg5NmYyNWYxZWNh
MjhmOWQwHhcNMjMwMTAxMDg1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjg5Nzg5Yjk0MWE5YTFhNDM1MTllZTk0Mjk2ZGZkNGJjOTQyYzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSa1oZxZCYW6nV2tKxaic0zEGNoK
A6HuKrBgtRmyZS05lg6sAd0qs6rOA5SQpffLShForqRcwOEG2G0OL76SsQXV1Dbl
nXGUTLCbb95YT4V8v9IZ1l1XkpDqwOMoz3zsIvY0X14vOtdlnSk/sYzYAIbCrqgM
F915zl7Z0tC7kn5ijHW4LTapxX47WDtM3N3S4TDDwpQMEezHJA0pWdLmtmI3DufD
Xaj9sfBglzv7njujHftLlKEKPQrcKq6fvBs8iOm5Th0YWIQLqe9BB7p1QVJq+u4r
ZGa05gtskZ85hnj4P5ZdiFqzWGj06Gj+KtmMvwY48AjQGaYCCiaUsoNWJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJuJeJuUGpoaQ1Ge6UKW39S8lCw2MB8GA1UdIwQY
MBaAFCWuVRrwu115d+pz9olvJfHsoo+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjkt
MjE0MmY4ZmI2NzZlLzEvbTRsNG01UWFtaHBEVVo3cFFwYmYxTHlVTERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjktMjE0MmY4ZmI2NzZl
LzEvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubKpAwQA
ubKrMA0GCSqGSIb3DQEBCwUAA4IBAQAhL2+7KGsFZi9HGBLIqlwY5PEnPsu+5BaS
MMWy7lZsyzPT7IFs613tFzisHbNm5QkhJAXxie1w0jUp32jJvjtFtJ7adBTKKWFp
IaKl0gR1qzMrZomlYTlnGHHhTHBtrXJYlkdv4So3yrV5Iq51wYa+hYXKUuj9gSaa
raOTfdAPRskAnziywaoOGniR354+LM+OyuHAb+/jtLNHPgVB7wusbpyxcwyxOBxP
S3dGH2KGnQ7NI/VGL24ZhIvCzI68vhUeLUE4nTyNgMSX2wtj3G7HWEihOyv0Xs94
DaToSL/p3xwAT8BjYbLD9Ewywl7deUB5aLHp/C6znuCQHd6b7stR
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:39 2024 by rpki-client on console-ams.rpki-client.org