Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/1b1db0-cee4-441b-93e3-126ce081529a/1/Iaz7vfUetXLSB0X7yqam5QHqcJg.roa
File: Iaz7vfUetXLSB0X7yqam5QHqcJg.roa (raw, json)
Hash identifier: QJKahpg22IbtViu7QeZxrD+wQ4LCb0sgIgppFygPoWo=
Subject key identifier: 21:AC:FB:BD:F5:1E:B5:72:D2:07:45:FB:CA:A6:A6:E5:01:EA:70:98
Certificate issuer: /CN=6531785b623492ed0c99ed79c7db7404ad4cb171
Certificate serial: 0185710C05358D3D5D0F32905B9ED45E7E86
Authority key identifier: 65:31:78:5B:62:34:92:ED:0C:99:ED:79:C7:DB:74:04:AD:4C:B1:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZTF4W2I0ku0Mme15x9t0BK1MsXE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3c/1b1db0-cee4-441b-93e3-126ce081529a/1/Iaz7vfUetXLSB0X7yqam5QHqcJg.roa
Signing time: Mon 02 Jan 2023 05:54:51 +0000
ROA not before: Mon 02 Jan 2023 05:54:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8708
IP address blocks: 185.178.228.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:0c:05:35:8d:3d:5d:0f:32:90:5b:9e:d4:5e:7e:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6531785b623492ed0c99ed79c7db7404ad4cb171
Validity
Not Before: Jan 2 05:54:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=21acfbbdf51eb572d20745fbcaa6a6e501ea7098
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:00:24:54:e5:e0:18:cc:5c:58:e3:80:df:a9:
81:52:73:a1:47:c3:bf:67:90:5b:78:e8:df:6b:95:
ae:44:a3:b8:4b:6e:7f:e0:0e:08:a2:e1:49:1f:2e:
93:72:fc:b2:fc:2d:d2:ad:30:15:01:4d:82:d1:76:
5c:8b:94:a0:01:58:92:0b:c7:1a:79:07:d4:4f:a2:
f4:19:5d:ca:55:af:36:33:47:c2:41:e6:0f:df:fd:
b7:9c:41:c6:62:f6:97:e7:2c:c2:34:f8:48:24:43:
ff:04:36:f9:bb:80:04:ff:aa:89:3d:49:77:95:a5:
1e:9b:8b:78:d1:82:3e:5f:50:58:c3:01:29:30:2b:
58:96:78:61:43:5d:f2:a0:6d:c4:4c:40:ca:52:ae:
0e:3f:fd:26:49:d6:7c:6a:47:a5:27:34:a4:f9:9a:
29:5f:9a:dc:be:7d:ef:2e:c2:3b:f4:c1:82:1a:a5:
0e:0f:01:d7:e1:94:14:6d:d6:8c:02:78:6a:84:90:
99:e6:f7:8e:0b:0f:83:2e:ca:12:cf:23:c9:29:13:
46:db:60:f7:2e:9b:39:3f:66:d9:3a:1f:ab:ba:44:
a9:5b:30:99:3e:17:92:79:3f:88:a5:a0:f7:a1:83:
5b:f3:3f:dd:22:75:7d:63:8c:33:06:ee:ac:2f:dc:
3e:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:AC:FB:BD:F5:1E:B5:72:D2:07:45:FB:CA:A6:A6:E5:01:EA:70:98
X509v3 Authority Key Identifier:
keyid:65:31:78:5B:62:34:92:ED:0C:99:ED:79:C7:DB:74:04:AD:4C:B1:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZTF4W2I0ku0Mme15x9t0BK1MsXE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/1b1db0-cee4-441b-93e3-126ce081529a/1/Iaz7vfUetXLSB0X7yqam5QHqcJg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/1b1db0-cee4-441b-93e3-126ce081529a/1/ZTF4W2I0ku0Mme15x9t0BK1MsXE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.178.228.0/22
Signature Algorithm: sha256WithRSAEncryption
62:f2:ae:82:02:45:45:b2:1b:fb:b2:3a:1a:ee:c7:5f:c3:36:
67:69:b3:c8:53:bc:61:bc:f8:fd:37:44:73:73:c9:b3:43:33:
a9:33:ba:53:27:c6:59:e7:32:d6:8a:bb:dc:04:a8:87:49:96:
90:5e:81:9e:c7:3d:f1:42:db:e4:c0:b7:47:2f:84:59:37:fe:
84:6d:f7:bd:2b:72:79:f3:ce:b8:4b:02:1d:b1:7a:7b:6a:44:
d0:ee:35:01:a6:16:9f:c7:10:ae:39:09:17:69:22:ec:62:fa:
51:4f:2a:2b:5f:c6:de:97:45:8a:41:51:da:76:09:9f:5f:2f:
51:f0:30:7a:5c:99:2e:07:00:41:3d:a9:63:17:b2:a7:e5:8e:
ee:89:7b:cb:58:e1:d2:be:a9:fc:de:44:16:ac:94:dc:b2:c4:
85:d5:0f:f9:23:c0:57:6c:47:1a:64:cb:09:b6:e2:54:19:a9:
29:bb:42:6a:b6:a0:26:af:b2:02:6c:5d:c3:19:a1:18:10:5f:
43:29:7f:dd:64:0d:ac:c4:7a:cb:07:46:96:75:b8:f0:07:3a:
e4:63:20:51:f4:c2:32:68:32:c5:76:5f:97:3d:57:91:1f:12:
6e:92:05:31:31:04:c5:88:72:9e:b1:d5:6a:03:02:f4:38:1f:
8d:e5:bb:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxDAU1jT1dDzKQW57UXn6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1MzE3ODViNjIzNDkyZWQwYzk5ZWQ3OWM3ZGI3NDA0YWQ0
Y2IxNzEwHhcNMjMwMTAyMDU1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFjZmJiZGY1MWViNTcyZDIwNzQ1ZmJjYWE2YTZlNTAxZWE3MDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugAkVOXgGMxcWOOA36mBUnOhR8O/
Z5BbeOjfa5WuRKO4S25/4A4IouFJHy6Tcvyy/C3SrTAVAU2C0XZci5SgAViSC8ca
eQfUT6L0GV3KVa82M0fCQeYP3/23nEHGYvaX5yzCNPhIJEP/BDb5u4AE/6qJPUl3
laUem4t40YI+X1BYwwEpMCtYlnhhQ13yoG3ETEDKUq4OP/0mSdZ8akelJzSk+Zop
X5rcvn3vLsI79MGCGqUODwHX4ZQUbdaMAnhqhJCZ5veOCw+DLsoSzyPJKRNG22D3
Lps5P2bZOh+rukSpWzCZPheSeT+IpaD3oYNb8z/dInV9Y4wzBu6sL9w+xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGs+731HrVy0gdF+8qmpuUB6nCYMB8GA1UdIwQY
MBaAFGUxeFtiNJLtDJntecfbdAStTLFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlRGNFcySTBrdTBNbWUxNXg5dDBCSzFNc1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8xYjFkYjAtY2VlNC00NDFiLTkzZTMt
MTI2Y2UwODE1MjlhLzEvSWF6N3ZmVWV0WExTQjBYN3lxYW01UUhxY0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8xYjFkYjAtY2VlNC00NDFiLTkzZTMtMTI2Y2UwODE1Mjlh
LzEvWlRGNFcySTBrdTBNbWUxNXg5dDBCSzFNc1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubLkMA0G
CSqGSIb3DQEBCwUAA4IBAQBi8q6CAkVFshv7sjoa7sdfwzZnabPIU7xhvPj9N0Rz
c8mzQzOpM7pTJ8ZZ5zLWirvcBKiHSZaQXoGexz3xQtvkwLdHL4RZN/6Ebfe9K3J5
8864SwIdsXp7akTQ7jUBphafxxCuOQkXaSLsYvpRTyorX8bel0WKQVHadgmfXy9R
8DB6XJkuBwBBPaljF7Kn5Y7uiXvLWOHSvqn83kQWrJTcssSF1Q/5I8BXbEcaZMsJ
tuJUGakpu0JqtqAmr7ICbF3DGaEYEF9DKX/dZA2sxHrLB0aWdbjwBzrkYyBR9MIy
aDLFdl+XPVeRHxJukgUxMQTFiHKesdVqAwL0OB+N5bsu
-----END CERTIFICATE-----
Generated at Tue May 13 15:05:49 2025 by rpki-client