Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/XoNR4Cbk9JqpTKPsCK6Ir2Yjig8.roa
File: XoNR4Cbk9JqpTKPsCK6Ir2Yjig8.roa (raw, json)
Hash identifier: NP5DcLuPRDN0E64FwuoZhJYZcnVfOqQTjLYKRg155ik=
Subject key identifier: 5E:83:51:E0:26:E4:F4:9A:A9:4C:A3:EC:08:AE:88:AF:66:23:8A:0F
Certificate issuer: /CN=ff017f878432b2fe31f58153b44a81659d50ba20
Certificate serial: 019295A37A6364B07FE81C5806A23AB92FD5
Authority key identifier: FF:01:7F:87:84:32:B2:FE:31:F5:81:53:B4:4A:81:65:9D:50:BA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/XoNR4Cbk9JqpTKPsCK6Ir2Yjig8.roa
Signing time: Wed 16 Oct 2024 14:02:51 +0000
ROA not before: Wed 16 Oct 2024 14:02:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42546
IP address blocks: 178.214.192.0/19 maxlen: 19
178.214.192.0/21 maxlen: 21
178.214.200.0/22 maxlen: 22
178.214.204.0/22 maxlen: 22
178.214.208.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:95:a3:7a:63:64:b0:7f:e8:1c:58:06:a2:3a:b9:2f:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff017f878432b2fe31f58153b44a81659d50ba20
Validity
Not Before: Oct 16 14:02:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5e8351e026e4f49aa94ca3ec08ae88af66238a0f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:f2:16:a0:5a:2a:5a:6f:75:b8:bc:a5:4f:20:
25:35:70:98:2e:20:0f:6b:d4:ed:6a:7f:d0:3c:44:
16:d3:68:00:59:70:21:3c:db:6f:54:a2:08:2f:9e:
c9:25:22:99:fb:bc:1a:69:48:8b:88:50:07:63:e0:
15:12:5a:a4:cd:4b:81:c5:1d:e5:c9:32:a0:f6:99:
00:4e:9b:92:29:86:45:36:31:90:9e:a2:f7:a3:9d:
19:8e:5f:e1:68:14:36:cc:01:24:b1:06:32:d9:88:
1a:a3:1b:99:bb:56:0c:7c:ed:78:0c:c8:fe:e4:5f:
d1:0a:cc:bd:dd:ef:70:b9:29:44:2b:dd:39:cd:10:
32:8b:e2:e3:16:12:17:47:4a:01:e2:11:21:22:71:
17:a8:8f:3f:88:87:3c:e3:b9:65:a6:48:14:c1:de:
50:52:a8:2a:57:94:25:be:80:7a:90:9a:10:dc:66:
11:d0:3c:51:66:70:31:7c:88:4f:00:7f:15:7e:ea:
4f:38:ff:ab:9a:4f:2b:9e:34:35:18:07:36:1f:15:
2a:3c:93:ee:df:91:c5:bd:9e:2c:04:6f:76:0f:e8:
b8:e1:74:bf:e1:d9:0f:03:9a:f1:89:bf:d4:71:58:
27:2c:89:b8:f2:aa:6f:8f:b8:ee:81:3c:6f:c6:05:
e6:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:83:51:E0:26:E4:F4:9A:A9:4C:A3:EC:08:AE:88:AF:66:23:8A:0F
X509v3 Authority Key Identifier:
keyid:FF:01:7F:87:84:32:B2:FE:31:F5:81:53:B4:4A:81:65:9D:50:BA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/XoNR4Cbk9JqpTKPsCK6Ir2Yjig8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.214.192.0/19
Signature Algorithm: sha256WithRSAEncryption
7e:be:91:cd:b8:c9:81:d9:68:d9:30:00:e6:a7:e0:a1:14:10:
71:49:0a:d1:f9:4e:ae:9d:a9:dc:5b:44:98:a3:df:b9:cd:e3:
ea:cb:50:8e:d6:d4:b2:58:46:97:bf:81:4f:b9:67:a4:61:c5:
21:f4:39:40:93:81:97:a3:d3:4d:6f:4a:17:a1:6f:3f:6d:d1:
6c:a1:0e:53:ac:36:6e:8d:2d:d9:eb:1e:68:b8:6f:5a:c4:6c:
cd:b1:6a:a1:24:a7:f3:55:7d:97:bb:fe:a5:7a:a6:d7:52:9e:
b4:3a:e7:37:8f:24:2e:5c:37:d1:a5:97:aa:af:03:c2:43:4f:
48:35:1a:77:e8:c1:2c:72:b4:e4:8b:ad:eb:3b:cb:6d:14:88:
c9:67:4d:b5:6d:c4:e8:c6:b9:49:e9:03:20:fb:6e:39:1c:0f:
43:79:29:c0:75:87:eb:49:41:e5:54:de:cd:e7:4d:0f:0e:00:
4d:7d:fd:66:22:9a:9a:02:ca:a8:bf:7b:83:f6:97:c8:43:3e:
37:92:7d:74:6f:16:20:e2:fd:3e:27:8f:56:65:69:7a:5f:c1:
fd:45:5e:12:4c:23:88:96:1c:9b:a3:9d:4c:a7:ca:8e:c1:e1:
db:07:85:a7:e9:11:d1:15:42:20:4c:0d:3c:21:68:97:d0:6c:
4d:58:cf:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKVo3pjZLB/6BxYBqI6uS/VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMDE3Zjg3ODQzMmIyZmUzMWY1ODE1M2I0NGE4MTY1OWQ1
MGJhMjAwHhcNMjQxMDE2MTQwMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTgzNTFlMDI2ZTRmNDlhYTk0Y2EzZWMwOGFlODhhZjY2MjM4YTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfIWoFoqWm91uLylTyAlNXCYLiAP
a9Ttan/QPEQW02gAWXAhPNtvVKIIL57JJSKZ+7waaUiLiFAHY+AVElqkzUuBxR3l
yTKg9pkATpuSKYZFNjGQnqL3o50Zjl/haBQ2zAEksQYy2YgaoxuZu1YMfO14DMj+
5F/RCsy93e9wuSlEK905zRAyi+LjFhIXR0oB4hEhInEXqI8/iIc847llpkgUwd5Q
UqgqV5QlvoB6kJoQ3GYR0DxRZnAxfIhPAH8VfupPOP+rmk8rnjQ1GAc2HxUqPJPu
35HFvZ4sBG92D+i44XS/4dkPA5rxib/UcVgnLIm48qpvj7jugTxvxgXmfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6DUeAm5PSaqUyj7AiuiK9mI4oPMB8GA1UdIwQY
MBaAFP8Bf4eEMrL+MfWBU7RKgWWdULogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3dGX2g0UXlzdjR4OVlGVHRFcUJaWjFRdWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YTRmZmItMDI4OS00NjZjLWEyZjUt
MzAyMDc3NzNmNzYwLzEvWG9OUjRDYms5SnFwVEtQc0NLNklyMllqaWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YTRmZmItMDI4OS00NjZjLWEyZjUtMzAyMDc3NzNmNzYw
LzEvX3dGX2g0UXlzdjR4OVlGVHRFcUJaWjFRdWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFstbAMA0G
CSqGSIb3DQEBCwUAA4IBAQB+vpHNuMmB2WjZMADmp+ChFBBxSQrR+U6unancW0SY
o9+5zePqy1CO1tSyWEaXv4FPuWekYcUh9DlAk4GXo9NNb0oXoW8/bdFsoQ5TrDZu
jS3Z6x5ouG9axGzNsWqhJKfzVX2Xu/6leqbXUp60Ouc3jyQuXDfRpZeqrwPCQ09I
NRp36MEscrTki63rO8ttFIjJZ021bcToxrlJ6QMg+245HA9DeSnAdYfrSUHlVN7N
500PDgBNff1mIpqaAsqov3uD9pfIQz43kn10bxYg4v0+J49WZWl6X8H9RV4STCOI
lhybo51Mp8qOweHbB4Wn6RHRFUIgTA08IWiX0GxNWM/t
-----END CERTIFICATE-----
Generated at Mon Apr 21 03:18:10 2025 by rpki-client