Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/nbI-mduam3seQxgrAAtjzrvRiGk.roa
File: nbI-mduam3seQxgrAAtjzrvRiGk.roa (raw, json)
Hash identifier: QFXouWTkI91Jp0AvKFjiFTaJhVWskFLNsKp83xXjiXQ=
Subject key identifier: 9D:B2:3E:99:DB:9A:9B:7B:1E:43:18:2B:00:0B:63:CE:BB:D1:88:69
Certificate issuer: /CN=ff017f878432b2fe31f58153b44a81659d50ba20
Certificate serial: 01936C7DE3DE5BD0ACFF2BAD20DFF6F6873F
Authority key identifier: FF:01:7F:87:84:32:B2:FE:31:F5:81:53:B4:4A:81:65:9D:50:BA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/nbI-mduam3seQxgrAAtjzrvRiGk.roa
Signing time: Wed 27 Nov 2024 07:20:09 +0000
ROA not before: Wed 27 Nov 2024 07:20:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42546
IP address blocks: 178.214.192.0/21 maxlen: 21
178.214.193.0/24 maxlen: 24
178.214.200.0/22 maxlen: 22
178.214.208.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:6c:7d:e3:de:5b:d0:ac:ff:2b:ad:20:df:f6:f6:87:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff017f878432b2fe31f58153b44a81659d50ba20
Validity
Not Before: Nov 27 07:20:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9db23e99db9a9b7b1e43182b000b63cebbd18869
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:49:3c:e3:b4:86:95:4f:2c:9b:d3:7a:a0:e6:
23:a0:7a:df:4f:4c:bf:a6:80:44:80:1d:4e:f1:5e:
88:00:eb:11:de:dd:5c:10:73:62:1b:01:9d:98:47:
98:d1:1a:3d:b7:07:a9:44:96:7b:9e:a1:a0:bf:4c:
b5:14:fe:49:d1:de:50:21:24:a0:62:e1:29:5a:21:
71:e9:f3:89:68:56:53:e7:16:a7:06:f2:f9:67:0e:
53:c0:c5:77:59:d2:f1:bb:16:7b:a6:43:2f:98:17:
ec:fc:38:0d:9f:62:f5:de:36:fe:8d:91:1c:4b:79:
9e:2a:1d:f3:4d:b8:e1:84:8c:83:66:20:b8:8b:bb:
a1:53:69:59:db:7d:e7:de:ec:88:80:10:31:9f:9a:
98:1a:c8:a8:b8:73:6d:a3:70:f1:d0:23:fc:f7:64:
db:03:f5:d7:b3:a2:ab:68:c1:62:c6:54:ae:33:d3:
bc:47:f7:c5:47:65:ad:c8:96:6c:b7:3e:33:85:14:
e5:80:8d:13:7d:2b:98:48:6f:30:09:96:65:ab:37:
46:bf:e1:d7:7e:da:04:eb:e3:66:f2:ab:47:2d:ea:
a9:7a:81:b2:88:57:e0:9e:74:c0:d6:43:46:41:30:
1d:80:ad:ce:a9:68:c9:eb:f3:ed:b6:a0:44:0e:22:
84:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:B2:3E:99:DB:9A:9B:7B:1E:43:18:2B:00:0B:63:CE:BB:D1:88:69
X509v3 Authority Key Identifier:
keyid:FF:01:7F:87:84:32:B2:FE:31:F5:81:53:B4:4A:81:65:9D:50:BA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/nbI-mduam3seQxgrAAtjzrvRiGk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.214.192.0-178.214.203.255
178.214.208.0/20
Signature Algorithm: sha256WithRSAEncryption
8c:e2:6b:7a:2e:9c:af:de:7b:09:4d:ba:3d:2a:35:c9:74:a9:
92:c4:c4:d0:c9:cc:16:29:11:2a:e2:a8:c1:04:1a:0d:9f:cd:
fc:9d:9f:7c:94:ce:cb:72:d1:a7:66:d0:d3:6a:f1:8a:8d:c0:
25:01:8e:c7:37:58:70:7c:c5:31:2c:9f:1b:56:b3:d4:e4:87:
50:de:b9:5b:87:28:58:fe:90:40:ef:70:87:60:3b:df:c1:bb:
11:fa:b9:7f:e1:85:ea:ef:29:aa:11:89:9f:23:e9:ab:9a:47:
76:6b:e3:cb:f5:a3:73:17:b9:6d:86:6b:76:26:e5:de:77:05:
01:d9:d4:1d:db:18:2f:89:f9:d9:59:82:fe:a8:00:74:a0:b7:
5a:3d:b8:cc:af:11:6e:d8:bf:99:5a:af:da:46:f9:43:52:1a:
a5:9f:e3:e2:51:55:b1:20:ab:89:fb:e4:ac:72:40:9e:48:f4:
26:a0:bc:15:7b:f7:73:da:88:e7:a6:c8:42:54:e6:66:a7:78:
3f:2c:5f:db:9b:27:8d:ff:8e:3b:93:b6:da:00:b4:03:af:a9:
b5:ef:15:8d:70:ce:bc:0e:a8:fa:f0:43:ad:e9:2c:7c:7f:8e:
80:08:b5:d8:2f:eb:50:7a:6a:dd:27:c3:67:11:36:4d:a6:d7:
eb:38:be:a0
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZNsfePeW9Cs/yutIN/29oc/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMDE3Zjg3ODQzMmIyZmUzMWY1ODE1M2I0NGE4MTY1OWQ1
MGJhMjAwHhcNMjQxMTI3MDcyMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGIyM2U5OWRiOWE5YjdiMWU0MzE4MmIwMDBiNjNjZWJiZDE4ODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0k847SGlU8sm9N6oOYjoHrfT0y/
poBEgB1O8V6IAOsR3t1cEHNiGwGdmEeY0Ro9twepRJZ7nqGgv0y1FP5J0d5QISSg
YuEpWiFx6fOJaFZT5xanBvL5Zw5TwMV3WdLxuxZ7pkMvmBfs/DgNn2L13jb+jZEc
S3meKh3zTbjhhIyDZiC4i7uhU2lZ233n3uyIgBAxn5qYGsiouHNto3Dx0CP892Tb
A/XXs6KraMFixlSuM9O8R/fFR2WtyJZstz4zhRTlgI0TfSuYSG8wCZZlqzdGv+HX
ftoE6+Nm8qtHLeqpeoGyiFfgnnTA1kNGQTAdgK3OqWjJ6/PttqBEDiKESwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJ2yPpnbmpt7HkMYKwALY8670YhpMB8GA1UdIwQY
MBaAFP8Bf4eEMrL+MfWBU7RKgWWdULogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3dGX2g0UXlzdjR4OVlGVHRFcUJaWjFRdWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YTRmZmItMDI4OS00NjZjLWEyZjUt
MzAyMDc3NzNmNzYwLzEvbmJJLW1kdWFtM3NlUXhnckFBdGp6cnZSaUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YTRmZmItMDI4OS00NjZjLWEyZjUtMzAyMDc3NzNmNzYw
LzEvX3dGX2g0UXlzdjR4OVlGVHRFcUJaWjFRdWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAay1sAD
BAKy1sgDBASy1tAwDQYJKoZIhvcNAQELBQADggEBAIzia3ounK/eewlNuj0qNcl0
qZLExNDJzBYpESriqMEEGg2fzfydn3yUzsty0adm0NNq8YqNwCUBjsc3WHB8xTEs
nxtWs9Tkh1DeuVuHKFj+kEDvcIdgO9/BuxH6uX/hhervKaoRiZ8j6auaR3Zr48v1
o3MXuW2Ga3Ym5d53BQHZ1B3bGC+J+dlZgv6oAHSgt1o9uMyvEW7Yv5lar9pG+UNS
GqWf4+JRVbEgq4n75KxyQJ5I9CagvBV793PaiOemyEJU5maneD8sX9ubJ43/jjuT
ttoAtAOvqbXvFY1wzrwOqPrwQ63pLHx/joAItdgv61B6at0nw2cRNk2m1+s4vqA=
-----END CERTIFICATE-----
Generated at Tue Apr 29 09:20:45 2025 by rpki-client