Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/tbGxtpYPPt4kZCygkUSfQjwLpdE.roa
File: tbGxtpYPPt4kZCygkUSfQjwLpdE.roa (raw, json)
Hash identifier: f1Hc5P52wzaP9grkuFZt9vp9z8A7jMQ7fdI8TuWdsV0=
Subject key identifier: B5:B1:B1:B6:96:0F:3E:DE:24:64:2C:A0:91:44:9F:42:3C:0B:A5:D1
Certificate issuer: /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial: 018D75B423F17944C05C6F7EEA463F9AE6C3
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/tbGxtpYPPt4kZCygkUSfQjwLpdE.roa
Signing time: Sun 04 Feb 2024 19:59:16 +0000
ROA not before: Sun 04 Feb 2024 19:59:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212238
IP address blocks: 83.147.232.0/22 maxlen: 24
178.253.16.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:75:b4:23:f1:79:44:c0:5c:6f:7e:ea:46:3f:9a:e6:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
Validity
Not Before: Feb 4 19:59:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b5b1b1b6960f3ede24642ca091449f423c0ba5d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:96:8c:9f:96:73:e4:a6:fe:17:26:34:08:33:
a8:9e:fa:1f:e8:dd:5f:21:70:1b:b8:a5:a8:9b:7e:
8a:e8:a8:87:52:e9:5f:6f:ee:56:aa:17:b1:7a:e1:
a6:88:7f:34:21:e3:1a:3f:a8:54:d7:37:b9:b4:1b:
0a:bc:5c:cd:64:f8:82:b4:5d:e0:95:8a:dd:36:b7:
18:ce:84:e8:7e:06:66:f0:a2:f2:96:f9:87:d7:af:
a2:58:9a:c5:03:79:72:d2:c4:b2:25:8a:c1:98:ab:
06:e5:57:7c:f2:26:5c:d4:0a:d6:1f:f3:32:7e:4c:
49:db:88:be:0f:6f:02:cf:95:78:11:ec:5e:4d:5f:
d9:d5:9a:3e:16:75:b5:0b:98:9b:8e:57:09:39:55:
06:0a:6a:50:76:62:8f:32:a0:05:ea:4a:05:5d:09:
f9:db:ff:77:0f:26:0d:b2:cf:04:f1:b6:0b:03:1f:
c1:d6:ac:c7:af:6d:2c:0d:9e:37:94:c0:75:8e:38:
92:9d:f7:9f:2e:87:47:2f:88:78:e8:be:40:d5:6c:
92:67:34:3d:c1:91:18:5e:d5:12:d8:ac:87:41:5e:
b8:69:d6:2f:5d:24:54:3b:0d:07:fe:5a:55:3e:ab:
57:82:0d:14:f1:05:94:ed:b7:82:76:3b:f7:40:66:
41:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:B1:B1:B6:96:0F:3E:DE:24:64:2C:A0:91:44:9F:42:3C:0B:A5:D1
X509v3 Authority Key Identifier:
keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/tbGxtpYPPt4kZCygkUSfQjwLpdE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.232.0/22
178.253.16.0/24
Signature Algorithm: sha256WithRSAEncryption
45:dc:c4:ea:4c:37:41:25:0f:5e:b0:28:cb:5d:ae:38:c7:09:
3d:56:be:98:6c:a1:10:1c:f7:da:74:56:74:fe:96:b9:32:e8:
71:b3:47:fd:16:21:2d:74:1a:c8:6a:fb:6a:88:91:07:db:ae:
37:b3:b4:09:49:de:22:b9:6e:5a:ea:82:fb:4b:ef:79:fc:13:
45:47:66:89:85:cf:a4:1c:d4:38:d7:c7:9e:38:53:76:c2:89:
52:84:b6:22:aa:58:fc:eb:f5:93:09:a4:e7:a5:f2:f2:b6:cc:
00:1f:d4:af:49:b2:fa:e3:df:4b:c5:78:59:56:fb:84:63:78:
b5:95:0b:34:c2:98:ba:70:bf:fd:dc:a7:dc:ef:3f:ec:1e:5f:
6f:85:c3:b1:c2:b6:1e:04:85:be:a4:51:6b:9e:d9:55:37:74:
ad:f0:8a:e8:e7:e9:00:46:cc:bb:ec:70:ba:9b:7e:30:7b:f4:
e5:37:f3:23:ed:74:b2:e9:7b:e0:a0:e1:a5:f2:be:33:3c:2e:
b3:1a:78:77:6d:55:cc:4a:79:37:1d:3f:af:df:00:8c:a6:d2:
ca:f9:ad:89:57:a5:2b:0e:0f:1a:e1:79:99:7d:5c:d8:0f:e7:
0b:26:63:7b:09:b3:30:6a:ed:8b:86:ee:65:d2:b3:a2:f7:97:
15:fd:71:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY11tCPxeUTAXG9+6kY/mubDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMjA0MTk1OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWIxYjFiNjk2MGYzZWRlMjQ2NDJjYTA5MTQ0OWY0MjNjMGJhNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZaMn5Zz5Kb+FyY0CDOonvof6N1f
IXAbuKWom36K6KiHUulfb+5WqhexeuGmiH80IeMaP6hU1ze5tBsKvFzNZPiCtF3g
lYrdNrcYzoTofgZm8KLylvmH16+iWJrFA3ly0sSyJYrBmKsG5Vd88iZc1ArWH/My
fkxJ24i+D28Cz5V4EexeTV/Z1Zo+FnW1C5ibjlcJOVUGCmpQdmKPMqAF6koFXQn5
2/93DyYNss8E8bYLAx/B1qzHr20sDZ43lMB1jjiSnfefLodHL4h46L5A1WySZzQ9
wZEYXtUS2KyHQV64adYvXSRUOw0H/lpVPqtXgg0U8QWU7beCdjv3QGZBgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLWxsbaWDz7eJGQsoJFEn0I8C6XRMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvdGJHeHRwWVBQdDRrWkN5Z2tVU2ZRandMcGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCU5PoAwQA
sv0QMA0GCSqGSIb3DQEBCwUAA4IBAQBF3MTqTDdBJQ9esCjLXa44xwk9Vr6YbKEQ
HPfadFZ0/pa5Muhxs0f9FiEtdBrIavtqiJEH2643s7QJSd4iuW5a6oL7S+95/BNF
R2aJhc+kHNQ418eeOFN2wolShLYiqlj86/WTCaTnpfLytswAH9SvSbL6499LxXhZ
VvuEY3i1lQs0wpi6cL/93Kfc7z/sHl9vhcOxwrYeBIW+pFFrntlVN3St8Iro5+kA
Rsy77HC6m34we/TlN/Mj7XSy6XvgoOGl8r4zPC6zGnh3bVXMSnk3HT+v3wCMptLK
+a2JV6UrDg8a4XmZfVzYD+cLJmN7CbMwau2Lhu5l0rOi95cV/XFD
-----END CERTIFICATE-----
Generated at Tue May 6 00:00:16 2025 by rpki-client