Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/vn5t1Rj4kbWLxMuJHI6wLs2SdfM.roa
File: vn5t1Rj4kbWLxMuJHI6wLs2SdfM.roa (raw, json)
Hash identifier: NaQmpIV/io9XC9Ah3XmPnxy9XE0b3I0XaaHh0nIpSro=
Subject key identifier: BE:7E:6D:D5:18:F8:91:B5:8B:C4:CB:89:1C:8E:B0:2E:CD:92:75:F3
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018FEC9547871EC503E1F31334F7D3955D9B
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/vn5t1Rj4kbWLxMuJHI6wLs2SdfM.roa
Signing time: Thu 06 Jun 2024 08:05:57 +0000
ROA not before: Thu 06 Jun 2024 08:05:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209372
IP address blocks: 78.136.248.0/23 maxlen: 24
78.136.250.0/23 maxlen: 24
78.136.252.0/23 maxlen: 24
78.136.254.0/24 maxlen: 24
78.136.255.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:ec:95:47:87:1e:c5:03:e1:f3:13:34:f7:d3:95:5d:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jun 6 08:05:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=be7e6dd518f891b58bc4cb891c8eb02ecd9275f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:1f:57:3c:31:0a:8a:3a:a3:b0:a6:ce:d0:72:
13:31:6d:c4:47:f2:93:b1:a5:fb:22:49:d6:ee:db:
60:ad:80:cb:38:d6:33:a9:22:6c:bd:5c:29:d0:0c:
cd:dd:61:a3:2d:cc:79:28:96:04:35:f9:f5:5c:28:
9a:d8:ca:ed:ee:ee:69:e5:10:10:11:88:13:b5:70:
f9:6d:ad:ec:26:bf:8a:25:69:9d:63:cc:80:f3:1a:
b1:e9:9d:c4:be:f3:a5:b8:87:3c:8a:66:b9:c2:8b:
08:d2:55:37:16:fb:90:63:24:78:52:84:9e:d4:91:
d8:d9:50:63:1d:77:f1:91:5a:74:d0:d4:ab:b8:34:
37:fa:6d:47:54:eb:5f:80:e3:78:5c:4d:e4:51:4b:
c2:0c:5b:58:2b:c2:6b:95:2b:dc:15:e1:ba:0c:5a:
3e:07:88:58:a2:c8:07:63:c0:fb:6d:56:1e:61:01:
aa:fb:30:7e:df:d5:79:fa:d3:3e:ac:2f:03:57:86:
75:71:f6:26:66:15:53:19:b4:d9:cd:a6:39:27:c0:
6f:d7:4c:c8:13:85:fa:60:53:83:e7:2c:98:0b:61:
93:8c:49:91:2d:b2:cb:f8:35:1f:90:01:13:f4:9e:
a9:21:12:a7:c3:45:23:06:a6:3c:ca:4c:2f:8c:43:
3d:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:7E:6D:D5:18:F8:91:B5:8B:C4:CB:89:1C:8E:B0:2E:CD:92:75:F3
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/vn5t1Rj4kbWLxMuJHI6wLs2SdfM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0/21
Signature Algorithm: sha256WithRSAEncryption
44:02:67:34:00:d7:32:f0:2c:4e:c4:70:57:80:dd:88:68:73:
16:f7:65:b5:54:44:98:71:6a:77:d0:06:00:20:5b:39:92:90:
c5:f7:96:61:48:61:50:a8:66:11:4c:4b:81:04:53:9d:0e:ef:
de:17:cd:4b:fd:b9:5d:2e:61:0f:10:50:36:aa:3e:0c:ee:07:
77:47:2a:2f:f7:8d:95:32:71:65:9a:9e:2d:66:9b:a1:c7:16:
72:43:35:e5:84:8c:a7:43:7e:e1:54:f2:9f:84:d0:f8:5a:2a:
49:27:50:12:d4:8f:86:dd:f8:a4:11:ce:d0:82:8d:0b:e7:9d:
37:8b:e8:89:af:2a:aa:10:b1:43:a8:94:1e:20:7a:f1:9a:97:
56:df:6f:06:59:b9:20:b4:ee:7e:94:de:2e:f6:5c:df:86:5b:
4e:cb:13:d9:0e:3c:a5:49:51:fb:a9:32:00:1b:4a:ea:b5:e8:
8d:25:73:6d:ff:14:88:df:27:23:83:dd:0d:35:d7:e8:e0:73:
72:fb:50:39:1c:38:7d:14:c7:e3:99:57:ea:57:68:70:e3:94:
a7:11:70:0f:1e:0f:b8:88:1f:b6:8e:c4:90:b2:cc:e7:8b:f1:
d9:04:eb:c7:bc:06:08:fa:74:d5:c8:83:80:76:f2:f8:c9:d0:
1c:ca:97:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/slUeHHsUD4fMTNPfTlV2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjQwNjA2MDgwNTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTdlNmRkNTE4Zjg5MWI1OGJjNGNiODkxYzhlYjAyZWNkOTI3NWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx9XPDEKijqjsKbO0HITMW3ER/KT
saX7IknW7ttgrYDLONYzqSJsvVwp0AzN3WGjLcx5KJYENfn1XCia2Mrt7u5p5RAQ
EYgTtXD5ba3sJr+KJWmdY8yA8xqx6Z3EvvOluIc8ima5wosI0lU3FvuQYyR4UoSe
1JHY2VBjHXfxkVp00NSruDQ3+m1HVOtfgON4XE3kUUvCDFtYK8JrlSvcFeG6DFo+
B4hYosgHY8D7bVYeYQGq+zB+39V5+tM+rC8DV4Z1cfYmZhVTGbTZzaY5J8Bv10zI
E4X6YFOD5yyYC2GTjEmRLbLL+DUfkAET9J6pIRKnw0UjBqY8ykwvjEM9qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5+bdUY+JG1i8TLiRyOsC7NknXzMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvdm41dDFSajRrYldMeE11SkhJNndMczJTZGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDToj4MA0G
CSqGSIb3DQEBCwUAA4IBAQBEAmc0ANcy8CxOxHBXgN2IaHMW92W1VESYcWp30AYA
IFs5kpDF95ZhSGFQqGYRTEuBBFOdDu/eF81L/bldLmEPEFA2qj4M7gd3Ryov942V
MnFlmp4tZpuhxxZyQzXlhIynQ37hVPKfhND4WipJJ1AS1I+G3fikEc7Qgo0L5503
i+iJryqqELFDqJQeIHrxmpdW328GWbkgtO5+lN4u9lzfhltOyxPZDjylSVH7qTIA
G0rqteiNJXNt/xSI3ycjg90NNdfo4HNy+1A5HDh9FMfjmVfqV2hw45SnEXAPHg+4
iB+2jsSQsszni/HZBOvHvAYI+nTVyIOAdvL4ydAcypdR
-----END CERTIFICATE-----
Generated at Tue Apr 22 11:31:52 2025 by rpki-client