Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/iV8VhS6Lj89vYLVA8YNF49FwL2I.roa
File: iV8VhS6Lj89vYLVA8YNF49FwL2I.roa (raw, json)
Hash identifier: crYuBB+n45L5ymNHVRjvZrKUwdjrvEpfcfFXuVJ/YsY=
Subject key identifier: 89:5F:15:85:2E:8B:8F:CF:6F:60:B5:40:F1:83:45:E3:D1:70:2F:62
Certificate issuer: /CN=4148cbad1748205b4f4334bba638c64c2b21fc0e
Certificate serial: 01857227D92255AA36DFDFCC2F070FAF20A3
Authority key identifier: 41:48:CB:AD:17:48:20:5B:4F:43:34:BB:A6:38:C6:4C:2B:21:FC:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QUjLrRdIIFtPQzS7pjjGTCsh_A4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/iV8VhS6Lj89vYLVA8YNF49FwL2I.roa
Signing time: Mon 02 Jan 2023 11:04:52 +0000
ROA not before: Mon 02 Jan 2023 11:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 196936
IP address blocks: 178.217.96.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:27:d9:22:55:aa:36:df:df:cc:2f:07:0f:af:20:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4148cbad1748205b4f4334bba638c64c2b21fc0e
Validity
Not Before: Jan 2 11:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=895f15852e8b8fcf6f60b540f18345e3d1702f62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:a7:73:a3:b6:41:5f:7c:a2:73:6c:10:21:26:
40:78:78:1a:6b:97:01:ca:07:92:91:e6:00:b1:e5:
54:f0:0a:84:3f:4d:44:2a:6d:cc:f8:49:d3:f9:3e:
81:18:a6:17:d2:3f:25:29:71:63:df:87:1e:6d:e9:
22:dd:09:d5:4a:c0:71:a3:89:33:96:93:15:1d:e3:
e5:58:17:b0:a0:8f:d2:a6:65:ba:f1:3b:da:0c:75:
6c:37:ff:a7:a4:34:eb:4e:d1:3f:c8:bf:f1:cc:f4:
62:1a:b7:78:31:78:a0:a8:3c:9c:0f:5d:e2:53:39:
44:76:60:56:47:8e:98:ca:11:df:bd:b0:9d:68:4c:
97:fc:81:33:42:ee:50:17:6e:2f:cb:0e:76:bd:e5:
c3:29:76:e2:b9:88:a5:ec:8e:6f:f7:0e:37:0c:c4:
08:84:f8:a4:fd:32:7c:a3:42:0d:ea:c5:11:cc:9a:
87:67:35:81:29:0d:e3:25:35:40:29:58:0b:fb:d6:
15:5a:ed:ae:62:c1:d6:31:a7:b0:41:0e:18:61:4b:
49:be:cb:2c:1e:c7:d5:a7:2c:ab:43:e0:2a:9c:3f:
69:76:43:1e:dc:ec:21:6b:e1:4c:89:d0:44:c9:72:
15:8d:d9:ae:40:d7:38:1c:ae:7b:fe:3b:87:3a:f5:
34:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:5F:15:85:2E:8B:8F:CF:6F:60:B5:40:F1:83:45:E3:D1:70:2F:62
X509v3 Authority Key Identifier:
keyid:41:48:CB:AD:17:48:20:5B:4F:43:34:BB:A6:38:C6:4C:2B:21:FC:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QUjLrRdIIFtPQzS7pjjGTCsh_A4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/iV8VhS6Lj89vYLVA8YNF49FwL2I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/ce21b3-c4de-456d-b538-97975d34fc6c/1/QUjLrRdIIFtPQzS7pjjGTCsh_A4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.217.96.0/21
Signature Algorithm: sha256WithRSAEncryption
27:04:b7:7e:a9:53:c8:3e:e6:4e:4b:5b:86:85:5b:82:95:8e:
a7:53:17:93:bd:0c:83:0a:f6:bd:5a:4f:75:fc:34:1b:9b:40:
bd:ec:f0:a3:de:0b:60:02:fa:c3:0f:65:d8:8c:c4:06:83:6b:
a3:33:c0:81:cb:1d:38:55:d7:04:79:c7:15:f6:c0:15:87:f0:
e9:17:fd:27:c2:b8:ba:0d:47:cc:0a:2b:56:5c:f5:c8:90:92:
e2:e9:17:e4:57:eb:96:b8:da:0a:8c:a7:c7:7e:68:12:fa:b4:
6d:ee:6c:a9:03:2f:94:8d:0f:ba:0b:e8:06:a7:bb:70:09:fb:
0a:37:e0:f0:55:27:6a:00:37:60:40:2d:07:b6:fd:ef:b2:25:
b6:5e:eb:4d:17:ef:14:fc:b3:b1:55:00:fc:0a:ff:e2:88:8e:
37:9c:e3:e1:64:14:c2:5d:4f:90:6d:0c:16:47:7a:3e:d3:21:
f7:84:93:3d:44:d0:47:9f:5a:55:65:59:19:4b:9c:06:ab:a6:
81:14:4d:eb:f1:49:ce:ce:04:4c:17:28:e5:1e:cb:5c:af:b6:
b3:66:4e:e3:b4:d1:82:19:bb:f7:58:a8:06:26:6e:04:c6:d9:
83:73:37:75:01:2e:51:ce:6d:11:a1:6e:a6:06:e9:fb:5c:0c:
7b:04:d1:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVyJ9kiVao239/MLwcPryCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNDhjYmFkMTc0ODIwNWI0ZjQzMzRiYmE2MzhjNjRjMmIy
MWZjMGUwHhcNMjMwMTAyMTEwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTVmMTU4NTJlOGI4ZmNmNmY2MGI1NDBmMTgzNDVlM2QxNzAyZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqdzo7ZBX3yic2wQISZAeHgaa5cB
ygeSkeYAseVU8AqEP01EKm3M+EnT+T6BGKYX0j8lKXFj34cebeki3QnVSsBxo4kz
lpMVHePlWBewoI/SpmW68TvaDHVsN/+npDTrTtE/yL/xzPRiGrd4MXigqDycD13i
UzlEdmBWR46YyhHfvbCdaEyX/IEzQu5QF24vyw52veXDKXbiuYil7I5v9w43DMQI
hPik/TJ8o0IN6sURzJqHZzWBKQ3jJTVAKVgL+9YVWu2uYsHWMaewQQ4YYUtJvsss
HsfVpyyrQ+AqnD9pdkMe3Owha+FMidBEyXIVjdmuQNc4HK57/juHOvU0WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlfFYUui4/Pb2C1QPGDRePRcC9iMB8GA1UdIwQY
MBaAFEFIy60XSCBbT0M0u6Y4xkwrIfwOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVVqTHJSZElJRnRQUXpTN3BqakdUQ3NoX0E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9jZTIxYjMtYzRkZS00NTZkLWI1Mzgt
OTc5NzVkMzRmYzZjLzEvaVY4VmhTNkxqODl2WUxWQThZTkY0OUZ3TDJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9jZTIxYjMtYzRkZS00NTZkLWI1MzgtOTc5NzVkMzRmYzZj
LzEvUVVqTHJSZElJRnRQUXpTN3BqakdUQ3NoX0E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstlgMA0G
CSqGSIb3DQEBCwUAA4IBAQAnBLd+qVPIPuZOS1uGhVuClY6nUxeTvQyDCva9Wk91
/DQbm0C97PCj3gtgAvrDD2XYjMQGg2ujM8CByx04VdcEeccV9sAVh/DpF/0nwri6
DUfMCitWXPXIkJLi6RfkV+uWuNoKjKfHfmgS+rRt7mypAy+UjQ+6C+gGp7twCfsK
N+DwVSdqADdgQC0Htv3vsiW2XutNF+8U/LOxVQD8Cv/iiI43nOPhZBTCXU+QbQwW
R3o+0yH3hJM9RNBHn1pVZVkZS5wGq6aBFE3r8UnOzgRMFyjlHstcr7azZk7jtNGC
Gbv3WKgGJm4ExtmDczd1AS5Rzm0RoW6mBun7XAx7BNGo
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:30:29 2025 by rpki-client