Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/Xe4OeKXBdbSbCjd-3M65DEFALO8.roa
File: Xe4OeKXBdbSbCjd-3M65DEFALO8.roa (raw, json)
Hash identifier: paHFMxUKkmBfZhQeDLZix31YLl/obD2aa6e+wI0HsQw=
Subject key identifier: 5D:EE:0E:78:A5:C1:75:B4:9B:0A:37:7E:DC:CE:B9:0C:41:40:2C:EF
Certificate issuer: /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial: 0182115BE0AF7F1B0AE6B64694E1287EB6BF
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/Xe4OeKXBdbSbCjd-3M65DEFALO8.roa
Signing time: Mon 18 Jul 2022 12:50:10 +0000
ROA not before: Mon 18 Jul 2022 12:50:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 58061
IP address blocks: 212.40.181.0/24 maxlen: 24
195.180.177.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:11:5b:e0:af:7f:1b:0a:e6:b6:46:94:e1:28:7e:b6:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Validity
Not Before: Jul 18 12:50:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5dee0e78a5c175b49b0a377edcceb90c41402cef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:60:3e:26:8c:3a:ba:87:4a:a9:52:2b:71:c1:
17:bc:ae:a0:33:38:40:00:41:f3:dc:ae:61:46:bf:
5a:19:64:63:8e:a2:27:e9:be:18:05:62:f8:1f:f7:
23:1b:6b:e8:04:84:03:f0:41:d9:de:a3:cc:94:eb:
33:05:80:4c:87:69:67:89:e7:65:d7:26:5a:32:75:
e0:02:48:cf:42:76:e1:97:90:12:d3:f7:7d:34:b5:
09:82:9d:52:44:de:57:99:46:da:79:56:48:f1:51:
0a:53:24:02:38:f5:4c:96:1c:3c:37:96:de:57:e8:
fc:1c:d5:17:ef:55:3f:d2:58:ca:a8:e7:d2:1a:e1:
e4:4c:b3:25:6f:c5:19:81:20:70:75:46:7b:61:3f:
18:7f:c6:c1:ec:2e:f8:bc:82:2d:b0:44:e3:ad:e3:
2b:db:d0:6a:d1:00:cd:65:07:7a:11:55:e9:7b:3f:
68:1a:a4:9f:28:44:cf:dd:d5:4e:98:b8:91:a4:7a:
22:7c:e7:02:a2:a0:7c:53:80:54:bc:61:a3:1d:47:
17:2f:03:28:e6:39:c4:34:08:8f:f2:79:33:05:17:
ac:52:ea:60:dd:46:6e:b7:3b:49:8c:9e:95:8a:39:
a2:ce:af:94:e2:1e:4a:00:ec:59:1c:09:d3:c0:c1:
db:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:EE:0E:78:A5:C1:75:B4:9B:0A:37:7E:DC:CE:B9:0C:41:40:2C:EF
X509v3 Authority Key Identifier:
keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/Xe4OeKXBdbSbCjd-3M65DEFALO8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.180.177.0/24
212.40.181.0/24
Signature Algorithm: sha256WithRSAEncryption
75:64:df:97:64:65:52:ae:e7:e9:a5:0c:ec:cd:b5:ed:6e:bd:
08:aa:9d:0b:1d:c5:f3:ae:0a:31:89:72:72:96:02:9d:26:69:
f2:69:e1:f7:d0:02:15:34:a5:d9:c5:66:bd:bf:88:28:95:da:
88:37:5e:3d:dc:2d:20:3c:52:d3:b3:6d:55:b7:ce:6e:80:af:
c8:6c:46:82:c9:63:3f:51:65:d0:f3:3b:f4:61:bc:e6:62:f3:
64:e0:bf:fc:b7:83:da:48:25:db:ad:ce:90:97:49:3d:d4:b5:
47:4f:14:89:31:ea:e1:06:4d:49:c5:33:85:2c:10:af:8d:13:
cd:fc:35:40:31:1e:d6:bb:35:80:26:64:46:ec:43:a3:02:1c:
b6:87:e1:44:54:d7:11:75:dd:9b:ab:56:90:aa:65:32:11:62:
42:96:63:a4:c8:af:7e:7c:92:1d:e3:68:76:21:8b:9e:90:0c:
bf:b7:59:12:46:0c:2b:01:70:81:ce:24:bd:5f:2b:30:3e:43:
90:e5:8b:3b:8c:82:94:61:f1:ea:af:a3:30:67:93:69:9d:5e:
7d:35:93:b5:af:b6:80:33:a8:ee:cb:91:c6:04:f6:21:16:5c:
4e:5d:9e:09:b9:98:09:ab:79:25:23:52:ff:3b:25:d2:5a:43:
ad:11:fc:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYIRW+CvfxsK5rZGlOEofra/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjIwNzE4MTI1MDEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGVlMGU3OGE1YzE3NWI0OWIwYTM3N2VkY2NlYjkwYzQxNDAyY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmA+Jow6uodKqVIrccEXvK6gMzhA
AEHz3K5hRr9aGWRjjqIn6b4YBWL4H/cjG2voBIQD8EHZ3qPMlOszBYBMh2lniedl
1yZaMnXgAkjPQnbhl5AS0/d9NLUJgp1SRN5XmUbaeVZI8VEKUyQCOPVMlhw8N5be
V+j8HNUX71U/0ljKqOfSGuHkTLMlb8UZgSBwdUZ7YT8Yf8bB7C74vIItsETjreMr
29Bq0QDNZQd6EVXpez9oGqSfKETP3dVOmLiRpHoifOcCoqB8U4BUvGGjHUcXLwMo
5jnENAiP8nkzBResUupg3UZutztJjJ6Vijmizq+U4h5KAOxZHAnTwMHbFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF3uDnilwXW0mwo3ftzOuQxBQCzvMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvWGU0T2VLWEJkYlNiQ2pkLTNNNjVERUZBTE84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw7SxAwQA
1Ci1MA0GCSqGSIb3DQEBCwUAA4IBAQB1ZN+XZGVSrufppQzszbXtbr0Iqp0LHcXz
rgoxiXJylgKdJmnyaeH30AIVNKXZxWa9v4goldqIN1493C0gPFLTs21Vt85ugK/I
bEaCyWM/UWXQ8zv0YbzmYvNk4L/8t4PaSCXbrc6Ql0k91LVHTxSJMerhBk1JxTOF
LBCvjRPN/DVAMR7WuzWAJmRG7EOjAhy2h+FEVNcRdd2bq1aQqmUyEWJClmOkyK9+
fJId42h2IYuekAy/t1kSRgwrAXCBziS9XyswPkOQ5Ys7jIKUYfHqr6MwZ5NpnV59
NZO1r7aAM6juy5HGBPYhFlxOXZ4JuZgJq3klI1L/OyXSWkOtEfzu
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:58:55 2025 by rpki-client