Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/a4a577-1925-4df3-920d-fa2088cc5014/1/9vinajDU1fn75MHQOLkL0LJZ0dw.roa
File: 9vinajDU1fn75MHQOLkL0LJZ0dw.roa (raw, json)
Hash identifier: pxxZbvPX4pEVGXZ5fwJvm6y6xPfvogz7O22qSmGSw2M=
Subject key identifier: F6:F8:A7:6A:30:D4:D5:F9:FB:E4:C1:D0:38:B9:0B:D0:B2:59:D1:DC
Certificate issuer: /CN=43668474e7bb3dbdb26adc01838ce7062d70c498
Certificate serial: 018CC80149217B59D4C772006B279DA98684
Authority key identifier: 43:66:84:74:E7:BB:3D:BD:B2:6A:DC:01:83:8C:E7:06:2D:70:C4:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q2aEdOe7Pb2yatwBg4znBi1wxJg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/a4a577-1925-4df3-920d-fa2088cc5014/1/9vinajDU1fn75MHQOLkL0LJZ0dw.roa
Signing time: Tue 02 Jan 2024 02:29:36 +0000
ROA not before: Tue 02 Jan 2024 02:29:36 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209425
IP address blocks: 147.78.163.0/24 maxlen: 24
147.78.160.0/24 maxlen: 24
147.78.161.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:49:21:7b:59:d4:c7:72:00:6b:27:9d:a9:86:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43668474e7bb3dbdb26adc01838ce7062d70c498
Validity
Not Before: Jan 2 02:29:36 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f6f8a76a30d4d5f9fbe4c1d038b90bd0b259d1dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:4d:f3:1c:52:b8:56:99:93:92:31:4c:b9:a2:
3a:af:84:24:16:36:3d:df:68:13:71:38:59:6c:92:
f6:d5:80:51:13:a7:20:c2:b4:5a:23:b7:15:bf:56:
a2:25:87:c5:5d:cd:39:e2:90:d6:98:cd:66:d4:fc:
d6:d8:a1:a2:a8:6b:26:63:e1:b9:77:5d:5a:69:93:
d2:2d:5a:38:55:90:27:b9:76:59:1f:c6:de:5e:bb:
56:c0:37:7a:f4:04:0a:a0:51:c0:27:0d:9a:c3:68:
c6:1b:f9:3a:71:77:81:a5:f0:c9:15:3a:f4:85:69:
a8:52:3d:f4:dd:ca:97:78:56:6a:50:ff:15:6e:4b:
6c:fb:b2:89:c3:c4:d5:ce:f8:4f:e7:db:c3:9f:76:
b1:50:57:fb:6a:50:5a:c3:24:de:29:13:33:07:70:
ac:2b:1f:52:5a:c0:2f:ef:0c:3a:dc:f3:37:4a:9a:
e2:17:c2:df:e0:54:48:63:b2:0e:6c:07:d8:ce:8c:
98:05:07:ca:d1:42:75:5b:ec:a8:72:4d:63:a2:ac:
64:bc:01:66:d5:45:85:48:8f:2f:01:66:d7:0e:a9:
7a:57:5b:e1:3a:b8:75:36:e1:78:e8:0a:ae:47:68:
79:5f:4c:35:02:83:fc:92:30:cf:e6:02:b1:a8:37:
ec:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:F8:A7:6A:30:D4:D5:F9:FB:E4:C1:D0:38:B9:0B:D0:B2:59:D1:DC
X509v3 Authority Key Identifier:
keyid:43:66:84:74:E7:BB:3D:BD:B2:6A:DC:01:83:8C:E7:06:2D:70:C4:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2aEdOe7Pb2yatwBg4znBi1wxJg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a4a577-1925-4df3-920d-fa2088cc5014/1/9vinajDU1fn75MHQOLkL0LJZ0dw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a4a577-1925-4df3-920d-fa2088cc5014/1/Q2aEdOe7Pb2yatwBg4znBi1wxJg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.78.160.0/23
147.78.163.0/24
Signature Algorithm: sha256WithRSAEncryption
74:39:07:c3:76:0f:6e:e8:a3:e3:e9:74:64:0b:03:ea:57:72:
55:d0:44:3a:49:7e:14:cd:b1:56:05:be:c4:6e:0e:42:06:62:
e7:9a:a5:1c:07:10:9c:d1:4a:ad:24:5a:50:f3:80:6c:be:40:
7b:20:0e:f5:c7:a7:82:e8:1d:6e:89:14:bd:0b:ff:30:64:5a:
81:28:0f:60:e2:27:91:98:ec:bf:d9:7a:57:f7:68:2b:ab:dd:
cb:c6:c3:05:a8:cf:eb:99:bd:8d:30:24:08:78:12:ba:89:15:
02:d8:57:39:fa:a5:bd:c4:aa:44:c8:10:ae:2c:8b:7e:32:2d:
84:10:34:bd:27:dd:64:36:8f:9a:c3:80:4e:5c:ec:44:de:7a:
dc:a1:49:bf:c0:aa:a2:85:7b:e0:85:7d:79:12:73:f3:dd:b7:
ee:84:4a:ff:93:65:47:84:e4:6c:ee:62:a7:aa:fc:83:c3:cf:
b2:a9:0e:8c:48:0d:8b:27:25:dc:43:fa:4f:7d:21:91:2b:c2:
34:72:36:6b:5d:87:c4:22:f5:3e:3d:93:75:a9:80:be:2c:84:
75:69:c7:ba:2c:eb:b0:12:e4:78:ae:b5:cf:28:89:7a:f8:5a:
73:e0:b9:c3:9a:29:76:1e:8d:c2:68:9e:af:61:82:fa:1c:af:
9b:39:88:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAUkhe1nUx3IAayedqYaEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjY4NDc0ZTdiYjNkYmRiMjZhZGMwMTgzOGNlNzA2MmQ3
MGM0OTgwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmY4YTc2YTMwZDRkNWY5ZmJlNGMxZDAzOGI5MGJkMGIyNTlkMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjE3zHFK4VpmTkjFMuaI6r4QkFjY9
32gTcThZbJL21YBRE6cgwrRaI7cVv1aiJYfFXc054pDWmM1m1PzW2KGiqGsmY+G5
d11aaZPSLVo4VZAnuXZZH8beXrtWwDd69AQKoFHAJw2aw2jGG/k6cXeBpfDJFTr0
hWmoUj303cqXeFZqUP8Vbkts+7KJw8TVzvhP59vDn3axUFf7alBawyTeKRMzB3Cs
Kx9SWsAv7ww63PM3SpriF8Lf4FRIY7IObAfYzoyYBQfK0UJ1W+yock1joqxkvAFm
1UWFSI8vAWbXDql6V1vhOrh1NuF46AquR2h5X0w1AoP8kjDP5gKxqDfsTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPb4p2ow1NX5++TB0Di5C9CyWdHcMB8GA1UdIwQY
MBaAFENmhHTnuz29smrcAYOM5wYtcMSYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJhRWRPZTdQYjJ5YXR3Qmc0em5CaTF3eEpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9hNGE1NzctMTkyNS00ZGYzLTkyMGQt
ZmEyMDg4Y2M1MDE0LzEvOXZpbmFqRFUxZm43NU1IUU9Ma0wwTEpaMGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9hNGE1NzctMTkyNS00ZGYzLTkyMGQtZmEyMDg4Y2M1MDE0
LzEvUTJhRWRPZTdQYjJ5YXR3Qmc0em5CaTF3eEpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBk06gAwQA
k06jMA0GCSqGSIb3DQEBCwUAA4IBAQB0OQfDdg9u6KPj6XRkCwPqV3JV0EQ6SX4U
zbFWBb7Ebg5CBmLnmqUcBxCc0UqtJFpQ84BsvkB7IA71x6eC6B1uiRS9C/8wZFqB
KA9g4ieRmOy/2XpX92grq93LxsMFqM/rmb2NMCQIeBK6iRUC2Fc5+qW9xKpEyBCu
LIt+Mi2EEDS9J91kNo+aw4BOXOxE3nrcoUm/wKqihXvghX15EnPz3bfuhEr/k2VH
hORs7mKnqvyDw8+yqQ6MSA2LJyXcQ/pPfSGRK8I0cjZrXYfEIvU+PZN1qYC+LIR1
ace6LOuwEuR4rrXPKIl6+Fpz4LnDmil2Ho3CaJ6vYYL6HK+bOYjk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:07 2024 by rpki-client on console-fra.rpki-client.org