Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/2GVc3CTqDKw2hiVYV-E7jhCjT0s.roa
File: 2GVc3CTqDKw2hiVYV-E7jhCjT0s.roa (raw, json)
Hash identifier: KF/mOFC5tlDU+RATya1n7B2Fluy2rXuaECxa85X+OK4=
Subject key identifier: D8:65:5C:DC:24:EA:0C:AC:36:86:25:58:57:E1:3B:8E:10:A3:4F:4B
Certificate issuer: /CN=63495a4cecbeafb3eadf6ed0349bb0b96da464ee
Certificate serial: 018CCA2ABEF9973A3CC14C279FAD3104D170
Authority key identifier: 63:49:5A:4C:EC:BE:AF:B3:EA:DF:6E:D0:34:9B:B0:B9:6D:A4:64:EE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/2GVc3CTqDKw2hiVYV-E7jhCjT0s.roa
Signing time: Tue 02 Jan 2024 12:34:08 +0000
ROA not before: Tue 02 Jan 2024 12:34:08 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8468
IP address blocks: 178.16.224.0/21 maxlen: 21
178.16.237.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2a:be:f9:97:3a:3c:c1:4c:27:9f:ad:31:04:d1:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63495a4cecbeafb3eadf6ed0349bb0b96da464ee
Validity
Not Before: Jan 2 12:34:08 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d8655cdc24ea0cac3686255857e13b8e10a34f4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:2f:9b:e5:d7:ac:10:a0:51:6e:c4:85:e8:c5:
61:86:0f:15:49:f1:d2:0d:67:37:b8:61:46:a8:2f:
cd:ed:f2:6f:5e:db:a2:60:61:f8:47:86:2c:5c:70:
db:1d:07:c9:ae:f5:f2:e2:96:ce:cd:fd:87:cf:fd:
c5:91:96:a3:53:c3:00:1b:ad:84:f7:78:25:8a:c0:
8d:37:1a:0a:7d:eb:9f:68:3b:5d:d5:f6:85:b2:ea:
7d:99:22:80:84:42:54:19:7d:e2:cc:24:65:b1:bb:
0c:1e:17:fb:90:81:b2:da:11:09:01:ad:e7:88:0b:
0e:f8:fc:a5:d8:d7:a2:b5:af:0b:95:9c:ac:ca:3e:
93:9e:82:08:c1:57:5d:bb:17:56:bb:78:fb:b6:a8:
69:99:46:fb:4e:95:ae:b2:72:4e:09:8a:df:24:43:
40:3a:1f:73:5b:49:26:20:6a:0b:41:95:4b:99:09:
37:e3:17:52:98:df:fc:b6:53:59:d3:08:ba:0a:91:
8e:35:2d:a6:38:e3:10:13:42:02:b1:aa:a4:ea:31:
b2:5d:61:15:6d:40:3b:61:d8:43:d9:00:d2:1b:9e:
81:ce:fd:aa:53:c9:10:02:68:1b:79:9b:46:7f:b7:
61:f5:e1:b6:0e:0a:dd:64:e5:ea:15:8d:0c:45:08:
8e:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:65:5C:DC:24:EA:0C:AC:36:86:25:58:57:E1:3B:8E:10:A3:4F:4B
X509v3 Authority Key Identifier:
keyid:63:49:5A:4C:EC:BE:AF:B3:EA:DF:6E:D0:34:9B:B0:B9:6D:A4:64:EE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/2GVc3CTqDKw2hiVYV-E7jhCjT0s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.16.224.0/21
178.16.237.0/24
Signature Algorithm: sha256WithRSAEncryption
d3:83:b2:d7:b9:a3:c1:ae:b7:fa:45:94:ec:03:cb:83:80:4a:
be:6d:2e:5b:10:e6:88:a0:0f:8e:06:5e:a8:57:a8:f8:c7:c9:
2e:d2:71:ae:e7:2c:0b:7f:26:a9:27:69:d9:e2:3e:62:df:b8:
4d:02:3f:f5:3b:20:db:40:7f:7c:7d:19:92:cf:ca:12:3c:3d:
98:28:0c:38:4f:7b:6e:21:1b:5a:df:c8:71:44:fc:fd:53:46:
b8:bd:31:7e:4f:23:6e:eb:3a:88:f9:04:d8:e2:bb:a3:df:eb:
0e:e1:35:8e:e8:2e:94:ab:9d:4c:5c:88:3d:cf:88:c3:6f:8e:
a0:d8:1f:51:0e:79:06:e7:e6:9e:7e:8e:fa:ef:63:43:0e:7d:
34:68:f2:b8:a7:96:c0:5b:58:e4:d0:d9:3d:39:a4:4c:98:93:
13:03:91:e2:81:d7:d4:8c:74:4e:8d:2f:cb:ed:79:e6:e4:27:
93:18:6b:12:ce:9e:88:7d:e0:4c:a4:c7:45:d5:07:08:5b:c3:
59:85:6f:58:cf:3e:c8:8c:b8:d4:c5:e2:e4:ee:3a:87:5e:ec:
ca:97:ce:01:ca:95:af:7e:80:e5:ab:11:a4:de:c6:43:c2:d8:
9f:65:4f:90:9b:b3:a2:53:83:80:67:6e:79:f4:d8:c9:6b:38:
4c:47:f9:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKr75lzo8wUwnn60xBNFwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNDk1YTRjZWNiZWFmYjNlYWRmNmVkMDM0OWJiMGI5NmRh
NDY0ZWUwHhcNMjQwMTAyMTIzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODY1NWNkYzI0ZWEwY2FjMzY4NjI1NTg1N2UxM2I4ZTEwYTM0ZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAri+b5desEKBRbsSF6MVhhg8VSfHS
DWc3uGFGqC/N7fJvXtuiYGH4R4YsXHDbHQfJrvXy4pbOzf2Hz/3FkZajU8MAG62E
93glisCNNxoKfeufaDtd1faFsup9mSKAhEJUGX3izCRlsbsMHhf7kIGy2hEJAa3n
iAsO+Pyl2Neita8LlZysyj6TnoIIwVdduxdWu3j7tqhpmUb7TpWusnJOCYrfJENA
Oh9zW0kmIGoLQZVLmQk34xdSmN/8tlNZ0wi6CpGONS2mOOMQE0ICsaqk6jGyXWEV
bUA7YdhD2QDSG56Bzv2qU8kQAmgbeZtGf7dh9eG2DgrdZOXqFY0MRQiO/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNhlXNwk6gysNoYlWFfhO44Qo09LMB8GA1UdIwQY
MBaAFGNJWkzsvq+z6t9u0DSbsLltpGTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTBsYVRPeS1yN1BxMzI3UU5KdXd1VzJrWk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xZmRlMTgtMjg3My00ZmUwLTg2OWMt
MzgyMGY3ZWUyY2I4LzEvMkdWYzNDVHFES3cyaGlWWVYtRTdqaENqVDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xZmRlMTgtMjg3My00ZmUwLTg2OWMtMzgyMGY3ZWUyY2I4
LzEvWTBsYVRPeS1yN1BxMzI3UU5KdXd1VzJrWk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDshDgAwQA
shDtMA0GCSqGSIb3DQEBCwUAA4IBAQDTg7LXuaPBrrf6RZTsA8uDgEq+bS5bEOaI
oA+OBl6oV6j4x8ku0nGu5ywLfyapJ2nZ4j5i37hNAj/1OyDbQH98fRmSz8oSPD2Y
KAw4T3tuIRta38hxRPz9U0a4vTF+TyNu6zqI+QTY4ruj3+sO4TWO6C6Uq51MXIg9
z4jDb46g2B9RDnkG5+aefo7672NDDn00aPK4p5bAW1jk0Nk9OaRMmJMTA5HigdfU
jHROjS/L7Xnm5CeTGGsSzp6IfeBMpMdF1QcIW8NZhW9Yzz7IjLjUxeLk7jqHXuzK
l84BypWvfoDlqxGk3sZDwtifZU+Qm7OiU4OAZ2559NjJazhMR/ni
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:12:22 2025 by rpki-client