Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/WF9NJqqRczYpPD9nojrCxdxnPGE.roa
File: WF9NJqqRczYpPD9nojrCxdxnPGE.roa (raw, json)
Hash identifier: f7CGEcjLQHWvOfP+7Z20QFSTkfF/7o4xI0LeeCLIZQY=
Subject key identifier: 58:5F:4D:26:AA:91:73:36:29:3C:3F:67:A2:3A:C2:C5:DC:67:3C:61
Certificate issuer: /CN=4148cbad1748205b4f4334bba638c64c2b21fc0e
Certificate serial: 01905BF1DD6B73E7F33DDE3714CADDFE6006
Authority key identifier: 41:48:CB:AD:17:48:20:5B:4F:43:34:BB:A6:38:C6:4C:2B:21:FC:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QUjLrRdIIFtPQzS7pjjGTCsh_A4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/WF9NJqqRczYpPD9nojrCxdxnPGE.roa
Signing time: Thu 27 Jun 2024 23:04:55 +0000
ROA not before: Thu 27 Jun 2024 23:04:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 196936
IP address blocks: 178.217.96.0/22 maxlen: 22
178.217.96.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:5b:f1:dd:6b:73:e7:f3:3d:de:37:14:ca:dd:fe:60:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4148cbad1748205b4f4334bba638c64c2b21fc0e
Validity
Not Before: Jun 27 23:04:55 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=585f4d26aa917336293c3f67a23ac2c5dc673c61
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:ea:3b:11:ff:99:ba:d7:49:76:5a:77:76:f3:
75:32:0b:b4:40:1c:99:e9:87:c5:cb:38:f0:15:8f:
03:9f:21:2a:4d:7d:33:b3:59:d6:36:d0:16:10:fa:
7d:82:87:38:20:98:aa:f1:9f:22:8e:24:14:b9:5f:
a7:31:26:de:3d:67:1f:b0:2b:ca:43:95:20:ed:98:
31:2a:4b:4e:af:6d:63:cd:4e:57:f7:65:4e:b4:91:
cf:bc:d4:2b:12:d8:82:53:7a:b8:b7:b9:4b:80:9b:
93:0d:0a:20:68:4d:16:47:cf:d0:6e:29:77:d9:27:
dc:f0:9b:0e:47:89:ce:e1:75:63:e5:50:17:36:7f:
af:a3:77:ba:b3:4f:07:8f:6c:54:db:f3:57:dc:f4:
ef:ac:ce:78:e0:7d:61:1a:fa:9e:71:09:3e:ae:f7:
06:ff:50:2f:47:b0:97:c7:fa:96:b4:2f:ea:0d:88:
f5:8c:09:7a:b1:a9:6d:8c:1b:c4:48:7c:7b:62:53:
80:76:89:20:02:ee:39:02:18:d0:26:56:aa:ac:8f:
3f:4b:67:ce:4a:69:ab:a5:b4:2a:be:2d:e5:80:17:
59:7a:dc:15:e9:c9:84:c0:1a:5e:d9:bc:01:15:c3:
11:fa:9b:82:50:77:89:8d:12:7d:6c:ef:93:51:85:
d8:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:5F:4D:26:AA:91:73:36:29:3C:3F:67:A2:3A:C2:C5:DC:67:3C:61
X509v3 Authority Key Identifier:
keyid:41:48:CB:AD:17:48:20:5B:4F:43:34:BB:A6:38:C6:4C:2B:21:FC:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QUjLrRdIIFtPQzS7pjjGTCsh_A4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/WF9NJqqRczYpPD9nojrCxdxnPGE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/QUjLrRdIIFtPQzS7pjjGTCsh_A4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.217.96.0/22
Signature Algorithm: sha256WithRSAEncryption
2b:d9:04:48:3e:da:85:71:ff:49:02:76:a9:6f:df:a7:fd:47:
23:c0:f5:09:91:72:0d:1a:6c:a2:4f:ad:51:01:70:f1:e0:17:
53:5f:21:1f:7c:9c:b9:14:ed:dd:59:28:ee:07:bb:ea:cd:3c:
f9:53:3d:39:e0:91:c2:23:b4:b4:20:32:3e:7d:e8:62:2a:69:
0a:c6:2b:27:3f:12:b7:60:b7:27:f1:a6:3b:bf:98:fc:a8:5e:
0c:e9:ff:1a:e8:6b:93:10:33:aa:6c:9b:4d:84:43:64:68:72:
b9:32:51:a5:a6:c0:ac:f4:17:ac:6c:55:1d:50:cd:27:b0:84:
88:f4:ed:fb:94:7e:50:47:10:25:79:e1:d6:e7:cf:ce:ac:ad:
63:df:e2:25:6f:ad:71:3d:77:de:b6:db:96:0b:a2:ad:dc:58:
d3:70:4c:72:de:d7:66:4c:62:a1:21:a8:40:c1:b2:d4:52:8b:
e7:2c:40:14:d6:a0:7c:53:76:b0:4d:18:dd:a2:7d:de:c3:55:
1d:8b:6d:86:e8:7c:7c:d3:fd:04:3e:7f:c8:ed:dc:0d:5c:b7:
9a:83:c2:c5:c3:e5:9a:55:90:68:f7:56:c2:00:f2:e2:41:fd:
60:6c:6d:b1:f7:41:93:b5:da:32:38:20:81:59:cc:79:a8:af:
e5:01:7d:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBb8d1rc+fzPd43FMrd/mAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNDhjYmFkMTc0ODIwNWI0ZjQzMzRiYmE2MzhjNjRjMmIy
MWZjMGUwHhcNMjQwNjI3MjMwNDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODVmNGQyNmFhOTE3MzM2MjkzYzNmNjdhMjNhYzJjNWRjNjczYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+o7Ef+ZutdJdlp3dvN1Mgu0QByZ
6YfFyzjwFY8DnyEqTX0zs1nWNtAWEPp9goc4IJiq8Z8ijiQUuV+nMSbePWcfsCvK
Q5Ug7ZgxKktOr21jzU5X92VOtJHPvNQrEtiCU3q4t7lLgJuTDQogaE0WR8/Qbil3
2Sfc8JsOR4nO4XVj5VAXNn+vo3e6s08Hj2xU2/NX3PTvrM544H1hGvqecQk+rvcG
/1AvR7CXx/qWtC/qDYj1jAl6saltjBvESHx7YlOAdokgAu45AhjQJlaqrI8/S2fO
SmmrpbQqvi3lgBdZetwV6cmEwBpe2bwBFcMR+puCUHeJjRJ9bO+TUYXYWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhfTSaqkXM2KTw/Z6I6wsXcZzxhMB8GA1UdIwQY
MBaAFEFIy60XSCBbT0M0u6Y4xkwrIfwOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVVqTHJSZElJRnRQUXpTN3BqakdUQ3NoX0E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9jZTIxYjMtYzRkZS00NTZkLWI1Mzgt
OTc5NzVkMzRmYzZjLzEvV0Y5TkpxcVJjellwUEQ5bm9qckN4ZHhuUEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9jZTIxYjMtYzRkZS00NTZkLWI1MzgtOTc5NzVkMzRmYzZj
LzEvUVVqTHJSZElJRnRQUXpTN3BqakdUQ3NoX0E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCstlgMA0G
CSqGSIb3DQEBCwUAA4IBAQAr2QRIPtqFcf9JAnapb9+n/UcjwPUJkXINGmyiT61R
AXDx4BdTXyEffJy5FO3dWSjuB7vqzTz5Uz054JHCI7S0IDI+fehiKmkKxisnPxK3
YLcn8aY7v5j8qF4M6f8a6GuTEDOqbJtNhENkaHK5MlGlpsCs9BesbFUdUM0nsISI
9O37lH5QRxAleeHW58/OrK1j3+Ilb61xPXfettuWC6Kt3FjTcExy3tdmTGKhIahA
wbLUUovnLEAU1qB8U3awTRjdon3ew1Udi22G6Hx80/0EPn/I7dwNXLeag8LFw+Wa
VZBo91bCAPLiQf1gbG2x90GTtdoyOCCBWcx5qK/lAX3U
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:24:39 2025 by rpki-client