Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/XYJd6AW2KjJAnw1QEQ_lvpGQDUg.roa
File: XYJd6AW2KjJAnw1QEQ_lvpGQDUg.roa (raw, json)
Hash identifier: F0J6r1Lq/GrrUHznnNSZQ+rDzFpme+Xu3EcczqHhjfE=
Subject key identifier: 5D:82:5D:E8:05:B6:2A:32:40:9F:0D:50:11:0F:E5:BE:91:90:0D:48
Certificate issuer: /CN=ff017f878432b2fe31f58153b44a81659d50ba20
Certificate serial: 019376EC2F7046D0DD4523B82A6E4A681A94
Authority key identifier: FF:01:7F:87:84:32:B2:FE:31:F5:81:53:B4:4A:81:65:9D:50:BA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/XYJd6AW2KjJAnw1QEQ_lvpGQDUg.roa
Signing time: Fri 29 Nov 2024 07:56:50 +0000
ROA not before: Fri 29 Nov 2024 07:56:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42546
IP address blocks: 178.214.192.0/21 maxlen: 21
178.214.193.0/24 maxlen: 24
178.214.208.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:76:ec:2f:70:46:d0:dd:45:23:b8:2a:6e:4a:68:1a:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff017f878432b2fe31f58153b44a81659d50ba20
Validity
Not Before: Nov 29 07:56:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5d825de805b62a32409f0d50110fe5be91900d48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:88:c2:cb:7d:6b:c3:97:61:5e:29:bb:84:2a:
4a:3a:53:f2:95:08:77:9b:5e:67:5b:6f:2a:70:de:
11:e7:87:b4:7d:e5:67:70:25:a5:34:fc:55:f3:4e:
51:66:9a:41:50:b6:9c:2f:a5:ee:39:d9:b8:a9:42:
c0:2f:7b:c6:9a:0f:9c:48:c0:3b:f8:b2:02:35:ae:
f1:5e:d1:27:27:5e:3b:d9:1c:68:31:ef:c7:77:69:
32:51:03:ba:69:2c:69:fc:9e:32:55:63:92:44:07:
97:bd:be:d9:ab:a1:78:c5:7c:14:4d:27:cd:7a:f5:
4f:ec:92:44:7a:7f:2e:77:a0:e8:02:15:0e:77:22:
6f:55:3a:ca:cd:8f:04:7d:e1:a0:03:39:fd:aa:b3:
58:6e:a7:0b:59:5d:5b:39:70:45:5d:cf:04:e8:fb:
35:4d:05:a7:91:6c:54:22:da:02:60:43:ba:3e:47:
02:db:88:8e:94:02:9f:16:63:99:fb:c0:c7:b1:7f:
e1:a7:e1:0a:25:59:03:56:22:e5:a9:b0:d1:de:7f:
2b:e6:f1:61:be:59:c0:6d:18:29:c8:6b:6b:41:d6:
e6:3b:f7:ab:67:8e:4f:a9:8d:41:13:ea:8d:3c:b9:
44:a1:e6:5e:26:87:fa:9c:6d:0b:a4:45:c1:99:41:
12:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:82:5D:E8:05:B6:2A:32:40:9F:0D:50:11:0F:E5:BE:91:90:0D:48
X509v3 Authority Key Identifier:
keyid:FF:01:7F:87:84:32:B2:FE:31:F5:81:53:B4:4A:81:65:9D:50:BA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/XYJd6AW2KjJAnw1QEQ_lvpGQDUg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.214.192.0/21
178.214.208.0/20
Signature Algorithm: sha256WithRSAEncryption
4c:c9:d3:ac:68:47:8c:e9:2c:e7:a3:36:38:95:46:a2:64:73:
c8:44:42:1d:39:f5:b9:16:ae:05:10:d3:35:71:4b:e9:b4:60:
61:5f:ef:12:80:60:b2:05:22:4d:4b:00:d5:91:0e:05:43:e5:
40:9b:c5:87:40:fd:a2:ff:19:57:6d:3d:f4:ef:be:c6:4c:a0:
34:b7:a1:4f:ba:c7:97:32:ab:83:56:91:b1:cc:1d:d9:fb:b6:
de:30:58:b0:ce:82:62:1e:2e:5f:59:65:2f:2a:f2:de:f3:d3:
1f:58:3f:bb:17:e9:df:4d:41:2c:6b:2d:18:dc:30:9f:42:27:
89:17:f2:52:3b:b8:d0:29:af:94:b6:e7:b1:18:89:40:0c:ce:
50:25:f3:d7:a6:53:68:f1:90:83:da:5c:d4:7a:0b:61:6c:8c:
cc:69:dd:5f:72:bc:84:02:f0:7b:9a:aa:1d:0d:f2:b1:13:11:
11:ac:7b:79:40:80:ca:c2:93:4f:e0:34:41:a0:b6:90:55:f9:
fb:bd:81:57:5e:cd:40:b8:53:55:3e:c1:f5:20:e7:21:67:1e:
49:35:ce:94:45:df:9e:f5:46:67:37:c9:71:9c:10:90:ca:53:
2f:5d:33:33:21:5d:13:63:6d:ef:50:e2:99:6e:17:6c:89:42:
d9:e0:6f:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZN27C9wRtDdRSO4Km5KaBqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMDE3Zjg3ODQzMmIyZmUzMWY1ODE1M2I0NGE4MTY1OWQ1
MGJhMjAwHhcNMjQxMTI5MDc1NjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDgyNWRlODA1YjYyYTMyNDA5ZjBkNTAxMTBmZTViZTkxOTAwZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYjCy31rw5dhXim7hCpKOlPylQh3
m15nW28qcN4R54e0feVncCWlNPxV805RZppBULacL6XuOdm4qULAL3vGmg+cSMA7
+LICNa7xXtEnJ1472RxoMe/Hd2kyUQO6aSxp/J4yVWOSRAeXvb7Zq6F4xXwUTSfN
evVP7JJEen8ud6DoAhUOdyJvVTrKzY8EfeGgAzn9qrNYbqcLWV1bOXBFXc8E6Ps1
TQWnkWxUItoCYEO6PkcC24iOlAKfFmOZ+8DHsX/hp+EKJVkDViLlqbDR3n8r5vFh
vlnAbRgpyGtrQdbmO/erZ45PqY1BE+qNPLlEoeZeJof6nG0LpEXBmUESwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF2CXegFtioyQJ8NUBEP5b6RkA1IMB8GA1UdIwQY
MBaAFP8Bf4eEMrL+MfWBU7RKgWWdULogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3dGX2g0UXlzdjR4OVlGVHRFcUJaWjFRdWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YTRmZmItMDI4OS00NjZjLWEyZjUt
MzAyMDc3NzNmNzYwLzEvWFlKZDZBVzJLakpBbncxUUVRX2x2cEdRRFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YTRmZmItMDI4OS00NjZjLWEyZjUtMzAyMDc3NzNmNzYw
LzEvX3dGX2g0UXlzdjR4OVlGVHRFcUJaWjFRdWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDstbAAwQE
stbQMA0GCSqGSIb3DQEBCwUAA4IBAQBMydOsaEeM6SznozY4lUaiZHPIREIdOfW5
Fq4FENM1cUvptGBhX+8SgGCyBSJNSwDVkQ4FQ+VAm8WHQP2i/xlXbT30777GTKA0
t6FPuseXMquDVpGxzB3Z+7beMFiwzoJiHi5fWWUvKvLe89MfWD+7F+nfTUEsay0Y
3DCfQieJF/JSO7jQKa+UtuexGIlADM5QJfPXplNo8ZCD2lzUegthbIzMad1fcryE
AvB7mqodDfKxExERrHt5QIDKwpNP4DRBoLaQVfn7vYFXXs1AuFNVPsH1IOchZx5J
Nc6URd+e9UZnN8lxnBCQylMvXTMzIV0TY23vUOKZbhdsiULZ4G+k
-----END CERTIFICATE-----
Generated at Tue Apr 29 00:41:00 2025 by rpki-client