Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/FQrEG_WCBmigOJELc8dJHMyUdsQ.roa
File: FQrEG_WCBmigOJELc8dJHMyUdsQ.roa (raw, json)
Hash identifier: Syai5MdY1aqDUElryeJ9wV8i/I2VwjgQcvfCp1kch2A=
Subject key identifier: 15:0A:C4:1B:F5:82:06:68:A0:38:91:0B:73:C7:49:1C:CC:94:76:C4
Certificate issuer: /CN=4148cbad1748205b4f4334bba638c64c2b21fc0e
Certificate serial: 018C45666F09E83C2582D3CAB0630A60CD22
Authority key identifier: 41:48:CB:AD:17:48:20:5B:4F:43:34:BB:A6:38:C6:4C:2B:21:FC:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QUjLrRdIIFtPQzS7pjjGTCsh_A4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/FQrEG_WCBmigOJELc8dJHMyUdsQ.roa
Signing time: Thu 07 Dec 2023 17:49:49 +0000
ROA not before: Thu 07 Dec 2023 17:49:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 196936
IP address blocks: 178.217.96.0/22 maxlen: 22
178.217.96.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:45:66:6f:09:e8:3c:25:82:d3:ca:b0:63:0a:60:cd:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4148cbad1748205b4f4334bba638c64c2b21fc0e
Validity
Not Before: Dec 7 17:49:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=150ac41bf5820668a038910b73c7491ccc9476c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:35:0e:ca:95:96:3f:51:ea:8b:ef:b2:2a:1e:
89:25:c8:83:f8:3d:3d:2b:e0:e4:40:76:56:19:6a:
10:46:9c:d7:39:3d:7d:05:3c:a2:cc:7f:49:54:75:
f9:53:d9:08:b5:aa:1e:21:05:11:bf:d2:c4:55:76:
9a:58:87:ad:36:cf:ae:f8:4b:dc:a2:8f:36:20:c8:
e1:5c:ac:1c:13:f4:a7:6d:e2:c7:91:a5:ce:d3:1e:
4f:a5:8a:17:02:99:05:01:85:2f:ac:52:53:11:da:
ca:f7:21:85:cc:cf:c4:cf:99:a2:d3:19:83:8a:96:
7f:73:f5:0a:e2:e4:53:c1:e3:3e:c1:3e:a3:62:86:
0f:35:86:d5:71:0f:f2:bd:c2:06:2e:fe:50:b6:76:
a0:b0:76:e1:a9:c0:87:3d:0d:21:cf:3f:f8:be:f1:
75:e9:41:73:18:38:e5:c0:01:b9:49:18:76:36:68:
75:ca:1d:e1:63:8d:7a:53:09:4e:0d:c9:6a:4a:0c:
2e:29:4a:c8:20:67:d1:e5:0a:75:7e:0a:58:17:99:
b3:96:9d:eb:71:34:34:ac:61:60:b0:2a:60:39:ab:
9b:b2:d3:fc:15:97:c0:81:e8:90:51:09:58:8c:60:
fa:ad:6b:8d:d6:00:e9:1a:50:02:c5:29:42:1d:5c:
5a:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:0A:C4:1B:F5:82:06:68:A0:38:91:0B:73:C7:49:1C:CC:94:76:C4
X509v3 Authority Key Identifier:
keyid:41:48:CB:AD:17:48:20:5B:4F:43:34:BB:A6:38:C6:4C:2B:21:FC:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QUjLrRdIIFtPQzS7pjjGTCsh_A4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/FQrEG_WCBmigOJELc8dJHMyUdsQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/QUjLrRdIIFtPQzS7pjjGTCsh_A4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.217.96.0/21
Signature Algorithm: sha256WithRSAEncryption
a8:22:41:59:39:1d:17:69:06:2e:67:36:81:3c:36:e5:6d:f8:
8d:37:47:e3:6d:5a:64:9b:75:ee:d8:c9:26:0d:00:c0:ff:83:
8b:29:c2:12:98:0e:32:72:71:bf:01:a8:e5:f9:87:54:ec:7c:
db:4f:2e:d9:97:f5:89:dd:54:e4:35:8e:30:4b:06:b1:d2:3c:
f1:37:97:7a:56:42:7c:82:a9:9e:f2:13:fa:e1:bf:03:6b:f3:
fa:4e:eb:83:c3:aa:9a:98:03:99:12:54:bf:d7:92:6e:71:d5:
10:78:6d:1f:10:7d:4e:8e:6a:68:4f:4e:02:9f:c5:9d:ad:0b:
07:ea:51:92:31:d6:c0:57:5c:4a:6b:7f:6e:d3:96:2b:ee:6e:
3e:9d:f7:bc:77:0c:98:cf:76:12:e3:29:f5:67:71:13:ca:7a:
99:55:4c:63:1a:12:66:bf:1a:0c:15:0d:07:43:e3:5b:cd:95:
d5:9f:8b:43:e0:a6:dc:d1:38:32:3b:85:26:d9:57:d7:46:e5:
9b:37:9d:1e:c4:7c:41:5d:4f:33:3a:2c:a9:60:fe:cf:c2:09:
bc:49:83:4a:59:68:44:b7:77:9c:0f:54:b4:75:45:ff:96:13:
f7:1b:81:01:e6:1b:9d:c6:b1:9e:53:3a:c8:24:2e:b7:3e:ce:
37:78:45:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYxFZm8J6DwlgtPKsGMKYM0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNDhjYmFkMTc0ODIwNWI0ZjQzMzRiYmE2MzhjNjRjMmIy
MWZjMGUwHhcNMjMxMjA3MTc0OTQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTBhYzQxYmY1ODIwNjY4YTAzODkxMGI3M2M3NDkxY2NjOTQ3NmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTUOypWWP1Hqi++yKh6JJciD+D09
K+DkQHZWGWoQRpzXOT19BTyizH9JVHX5U9kItaoeIQURv9LEVXaaWIetNs+u+Evc
oo82IMjhXKwcE/SnbeLHkaXO0x5PpYoXApkFAYUvrFJTEdrK9yGFzM/Ez5mi0xmD
ipZ/c/UK4uRTweM+wT6jYoYPNYbVcQ/yvcIGLv5QtnagsHbhqcCHPQ0hzz/4vvF1
6UFzGDjlwAG5SRh2Nmh1yh3hY416UwlODclqSgwuKUrIIGfR5Qp1fgpYF5mzlp3r
cTQ0rGFgsCpgOaubstP8FZfAgeiQUQlYjGD6rWuN1gDpGlACxSlCHVxaKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUKxBv1ggZooDiRC3PHSRzMlHbEMB8GA1UdIwQY
MBaAFEFIy60XSCBbT0M0u6Y4xkwrIfwOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVVqTHJSZElJRnRQUXpTN3BqakdUQ3NoX0E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9jZTIxYjMtYzRkZS00NTZkLWI1Mzgt
OTc5NzVkMzRmYzZjLzEvRlFyRUdfV0NCbWlnT0pFTGM4ZEpITXlVZHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9jZTIxYjMtYzRkZS00NTZkLWI1MzgtOTc5NzVkMzRmYzZj
LzEvUVVqTHJSZElJRnRQUXpTN3BqakdUQ3NoX0E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstlgMA0G
CSqGSIb3DQEBCwUAA4IBAQCoIkFZOR0XaQYuZzaBPDblbfiNN0fjbVpkm3Xu2Mkm
DQDA/4OLKcISmA4ycnG/Aajl+YdU7HzbTy7Zl/WJ3VTkNY4wSwax0jzxN5d6VkJ8
gqme8hP64b8Da/P6TuuDw6qamAOZElS/15JucdUQeG0fEH1OjmpoT04Cn8WdrQsH
6lGSMdbAV1xKa39u05Yr7m4+nfe8dwyYz3YS4yn1Z3ETynqZVUxjGhJmvxoMFQ0H
Q+NbzZXVn4tD4Kbc0TgyO4Um2VfXRuWbN50exHxBXU8zOiypYP7Pwgm8SYNKWWhE
t3ecD1S0dUX/lhP3G4EB5hudxrGeUzrIJC63Ps43eEUz
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:32:46 2025 by rpki-client