Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/A1mB1ZEW3lV1mZoTpKQL8k-rpe0.roa
File: A1mB1ZEW3lV1mZoTpKQL8k-rpe0.roa (raw, json)
Hash identifier: KeUfnriDAOQm8Pih0PqJd+U8ZOSgzQLvEXKJTAMuY9k=
Subject key identifier: 03:59:81:D5:91:16:DE:55:75:99:9A:13:A4:A4:0B:F2:4F:AB:A5:ED
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 019427B58AA22E18CB4D7F88BDBA97ADDD5E
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/A1mB1ZEW3lV1mZoTpKQL8k-rpe0.roa
Signing time: Thu 02 Jan 2025 15:49:56 +0000
ROA not before: Thu 02 Jan 2025 15:49:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211373
IP address blocks: 178.253.33.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:8a:a2:2e:18:cb:4d:7f:88:bd:ba:97:ad:dd:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Jan 2 15:49:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=035981d59116de5575999a13a4a40bf24faba5ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f1:1c:c5:c7:88:a0:ad:40:d9:db:9e:5c:5b:
24:f9:74:49:88:13:dd:2b:35:88:3c:bf:7d:1b:f5:
9d:07:f2:73:0d:fe:ba:a7:a9:ce:15:d4:76:16:a2:
9d:c4:16:78:73:e9:f9:4a:10:57:8a:08:f0:71:db:
bb:fd:b3:77:41:60:ea:d2:58:2a:62:54:8d:fc:36:
2d:bd:b6:a1:ef:c9:ed:9e:a3:f4:b9:f1:89:83:33:
71:df:48:f5:35:8b:ea:c5:73:a1:01:ca:2c:d0:41:
09:9d:34:e7:a2:56:79:42:60:3e:7e:b8:a1:f6:c3:
a9:7f:06:40:4f:1f:fb:e6:df:62:a6:05:b0:c2:3e:
a5:5d:aa:d0:d8:8c:56:30:51:5e:82:33:4f:20:f9:
98:24:c8:fd:17:a1:03:02:cb:be:c7:dc:1e:7a:eb:
24:73:8f:be:8f:84:4a:75:c8:60:01:72:5a:de:a5:
a6:74:4b:81:6d:83:e0:f4:86:b5:c9:f7:5f:a1:1c:
d6:2a:65:d5:e0:21:42:bf:93:3b:f9:1c:8d:29:61:
06:19:fd:44:ac:9b:f9:bd:1d:cc:1b:ac:a2:30:f8:
41:05:85:71:02:84:62:80:57:07:8c:61:c5:16:77:
3a:a4:96:7e:79:eb:c5:ef:a4:d9:a9:26:e1:c6:86:
7a:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:59:81:D5:91:16:DE:55:75:99:9A:13:A4:A4:0B:F2:4F:AB:A5:ED
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/A1mB1ZEW3lV1mZoTpKQL8k-rpe0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.253.33.0/24
Signature Algorithm: sha256WithRSAEncryption
02:a4:51:d0:01:0b:d3:37:f0:11:3a:a4:5e:c9:19:01:ef:6e:
d5:40:c1:d2:5d:6c:92:7c:8e:d9:7b:7b:28:7f:ab:f2:d7:0f:
03:f9:32:02:03:23:2f:da:33:fe:3e:20:c4:43:1f:01:32:ee:
94:60:48:4b:2d:07:e1:a8:1c:24:03:0f:a1:83:9b:07:b0:b8:
c7:f7:5d:ec:99:29:88:0f:87:2d:1d:8a:9b:58:9b:fc:c1:00:
8f:3d:3b:0e:3d:76:31:6c:71:72:6c:44:45:22:04:4c:f5:07:
a9:e0:59:a6:78:34:47:7b:42:ec:2f:0a:d9:96:06:5f:82:9f:
73:08:4d:09:1c:11:b1:d0:eb:06:bf:e1:46:ab:f7:5a:dc:f2:
81:bc:06:a6:e5:0b:b9:53:74:36:17:4a:8c:ca:9e:53:2c:d1:
e8:f2:dd:53:38:6a:15:ea:42:a1:44:1b:99:0c:b0:76:f4:63:
91:ac:94:c1:35:d7:83:75:b7:76:ed:7c:7f:e9:29:de:10:84:
92:af:9a:a9:ee:97:4a:d6:2e:39:ff:c2:e2:cf:cd:13:af:a4:
21:bb:3e:9f:36:e9:43:0b:f7:28:fd:5c:02:63:18:e6:30:c5:
6c:e7:84:2e:b3:72:93:0c:48:78:97:de:da:53:8a:e1:01:f2:
d8:f8:db:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYqiLhjLTX+IvbqXrd1eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjUwMTAyMTU0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzU5ODFkNTkxMTZkZTU1NzU5OTlhMTNhNGE0MGJmMjRmYWJhNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/EcxceIoK1A2dueXFsk+XRJiBPd
KzWIPL99G/WdB/JzDf66p6nOFdR2FqKdxBZ4c+n5ShBXigjwcdu7/bN3QWDq0lgq
YlSN/DYtvbah78ntnqP0ufGJgzNx30j1NYvqxXOhAcos0EEJnTTnolZ5QmA+frih
9sOpfwZATx/75t9ipgWwwj6lXarQ2IxWMFFegjNPIPmYJMj9F6EDAsu+x9weeusk
c4++j4RKdchgAXJa3qWmdEuBbYPg9Ia1yfdfoRzWKmXV4CFCv5M7+RyNKWEGGf1E
rJv5vR3MG6yiMPhBBYVxAoRigFcHjGHFFnc6pJZ+eevF76TZqSbhxoZ65wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANZgdWRFt5VdZmaE6SkC/JPq6XtMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvQTFtQjFaRVczbFYxbVpvVHBLUUw4ay1ycGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0hMA0G
CSqGSIb3DQEBCwUAA4IBAQACpFHQAQvTN/AROqReyRkB727VQMHSXWySfI7Ze3so
f6vy1w8D+TICAyMv2jP+PiDEQx8BMu6UYEhLLQfhqBwkAw+hg5sHsLjH913smSmI
D4ctHYqbWJv8wQCPPTsOPXYxbHFybERFIgRM9Qep4FmmeDRHe0LsLwrZlgZfgp9z
CE0JHBGx0OsGv+FGq/da3PKBvAam5Qu5U3Q2F0qMyp5TLNHo8t1TOGoV6kKhRBuZ
DLB29GORrJTBNdeDdbd27Xx/6SneEISSr5qp7pdK1i45/8Liz80Tr6Qhuz6fNulD
C/co/VwCYxjmMMVs54Qus3KTDEh4l97aU4rhAfLY+NtK
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:41:58 2025 by rpki-client