Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/EFXxZDXkhplY7B9e7wnrOEYTz6o.roa
File: EFXxZDXkhplY7B9e7wnrOEYTz6o.roa (raw, json)
Hash identifier: jnOyvpT3kzL7qHRiLRGGyPn/ABAL/gzxX3uuBVaMxwg=
Subject key identifier: 10:55:F1:64:35:E4:86:99:58:EC:1F:5E:EF:09:EB:38:46:13:CF:AA
Certificate issuer: /CN=423d93054f063cf8a291861735f90059ab9ec169
Certificate serial: 01856F6FE8BAEC0F16E5C2920D9804B4DF59
Authority key identifier: 42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/EFXxZDXkhplY7B9e7wnrOEYTz6o.roa
Signing time: Sun 01 Jan 2023 22:24:42 +0000
ROA not before: Sun 01 Jan 2023 22:24:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206495
IP address blocks: 185.188.112.0/24 maxlen: 24
185.188.113.0/24 maxlen: 24
185.188.115.0/24 maxlen: 24
185.188.114.0/24 maxlen: 24
178.157.0.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:6f:e8:ba:ec:0f:16:e5:c2:92:0d:98:04:b4:df:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=423d93054f063cf8a291861735f90059ab9ec169
Validity
Not Before: Jan 1 22:24:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1055f16435e4869958ec1f5eef09eb384613cfaa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:f9:4d:39:78:b7:ef:fc:0b:ad:c7:86:76:f0:
21:41:f4:d4:0d:e9:a8:3a:f6:05:a4:16:14:bb:99:
ad:d3:11:5b:93:65:b8:14:09:09:85:7f:ca:13:80:
f0:28:bc:40:22:82:15:9c:0b:bf:19:4b:ea:f8:9d:
8e:a2:5a:d3:3c:e7:a8:d5:f7:e1:76:d9:26:65:f3:
fc:3c:45:48:0e:be:64:1b:2b:69:57:31:27:92:f1:
12:e2:45:31:b6:a3:fd:a0:5a:fd:90:54:fa:ed:79:
45:95:b4:73:8f:83:0f:1b:45:fa:80:6c:1c:63:8c:
04:67:22:4e:84:98:7d:d4:8d:80:32:57:00:4d:74:
32:2a:11:dd:95:6e:ae:7a:43:f6:44:20:da:49:72:
ce:b2:7f:07:70:8f:d6:c6:0c:e7:a4:50:d3:80:d3:
ac:cc:2b:9a:8c:9d:8a:3e:16:5d:a2:fd:05:88:8a:
81:c6:fe:4f:0d:96:45:f0:60:3b:52:c6:c6:a0:e2:
89:b7:91:a1:9b:2f:57:22:bd:c0:ef:5d:d2:fb:e6:
dc:53:6f:28:96:3d:76:d8:5b:be:6b:d8:2e:ef:9b:
06:a2:8f:fb:55:04:5b:31:0d:2a:0a:9a:3f:82:b1:
78:36:86:b6:1b:44:6a:22:19:e5:8d:91:20:03:f0:
95:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:55:F1:64:35:E4:86:99:58:EC:1F:5E:EF:09:EB:38:46:13:CF:AA
X509v3 Authority Key Identifier:
keyid:42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/EFXxZDXkhplY7B9e7wnrOEYTz6o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.157.0.0/23
185.188.112.0/22
Signature Algorithm: sha256WithRSAEncryption
1a:44:e6:13:2a:f4:ab:e0:b4:90:4b:53:fa:ba:06:fd:ef:18:
e3:6b:db:1e:15:d1:08:ea:29:07:ef:f6:1b:f5:95:ad:78:4d:
f2:36:22:7a:1f:dd:0c:c1:6e:01:61:21:90:f8:f9:46:89:fe:
2b:c4:72:ca:b3:92:37:65:2c:9c:27:1b:8e:6d:84:74:82:8c:
bf:74:32:7c:63:d9:df:c9:79:2a:6a:2d:30:31:4a:34:08:c5:
ee:78:2e:80:c9:b6:40:8c:24:38:17:24:56:e4:2d:35:35:5a:
fc:18:55:2f:e5:26:74:53:2f:1f:63:d7:ad:a1:f0:90:47:19:
d5:70:90:05:ec:5d:7c:8a:fd:d7:d1:4f:52:41:b0:17:07:96:
0a:7e:6a:14:80:eb:fc:9f:bd:4d:f8:10:8b:6d:01:e4:36:2c:
c0:09:af:06:e2:18:9b:b9:21:4f:1f:87:b4:a7:54:00:69:64:
d5:0d:5a:19:59:83:d9:af:34:ef:76:2d:6c:9f:cf:8f:dc:48:
45:f6:35:30:24:a0:a8:aa:ea:a2:40:0a:bd:3a:f1:c8:ad:f8:
63:14:2f:6a:72:b2:a7:13:f7:03:f4:4c:ba:8f:c4:14:aa:5d:
81:10:33:48:66:02:33:5d:00:fc:03:93:25:fd:80:f4:d2:69:
c0:e7:c3:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvb+i67A8W5cKSDZgEtN9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyM2Q5MzA1NGYwNjNjZjhhMjkxODYxNzM1ZjkwMDU5YWI5
ZWMxNjkwHhcNMjMwMTAxMjIyNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDU1ZjE2NDM1ZTQ4Njk5NThlYzFmNWVlZjA5ZWIzODQ2MTNjZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvlNOXi37/wLrceGdvAhQfTUDemo
OvYFpBYUu5mt0xFbk2W4FAkJhX/KE4DwKLxAIoIVnAu/GUvq+J2OolrTPOeo1ffh
dtkmZfP8PEVIDr5kGytpVzEnkvES4kUxtqP9oFr9kFT67XlFlbRzj4MPG0X6gGwc
Y4wEZyJOhJh91I2AMlcATXQyKhHdlW6uekP2RCDaSXLOsn8HcI/WxgznpFDTgNOs
zCuajJ2KPhZdov0FiIqBxv5PDZZF8GA7UsbGoOKJt5Ghmy9XIr3A713S++bcU28o
lj122Fu+a9gu75sGoo/7VQRbMQ0qCpo/grF4Noa2G0RqIhnljZEgA/CVRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBBV8WQ15IaZWOwfXu8J6zhGE8+qMB8GA1UdIwQY
MBaAFEI9kwVPBjz4opGGFzX5AFmrnsFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgt
NWYxYjY5MDQ4ZmUyLzEvRUZYeFpEWGtocGxZN0I5ZTd3bnJPRVlUejZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgtNWYxYjY5MDQ4ZmUy
LzEvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBsp0AAwQC
ubxwMA0GCSqGSIb3DQEBCwUAA4IBAQAaROYTKvSr4LSQS1P6ugb97xjja9seFdEI
6ikH7/Yb9ZWteE3yNiJ6H90MwW4BYSGQ+PlGif4rxHLKs5I3ZSycJxuObYR0goy/
dDJ8Y9nfyXkqai0wMUo0CMXueC6AybZAjCQ4FyRW5C01NVr8GFUv5SZ0Uy8fY9et
ofCQRxnVcJAF7F18iv3X0U9SQbAXB5YKfmoUgOv8n71N+BCLbQHkNizACa8G4hib
uSFPH4e0p1QAaWTVDVoZWYPZrzTvdi1sn8+P3EhF9jUwJKCoquqiQAq9OvHIrfhj
FC9qcrKnE/cD9Ey6j8QUql2BEDNIZgIzXQD8A5Ml/YD00mnA58OH
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:30:57 2025 by rpki-client