Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/76275a-6f41-4804-837b-89799deadc47/1/tdJ4WgxAp3EfnloSvfUBkopxqIM.roa
File: tdJ4WgxAp3EfnloSvfUBkopxqIM.roa (raw, json)
Hash identifier: 3hHkmQ3PSWNTskSd8mEg4EdcjHOTt6tLLxp7LMIG4mA=
Subject key identifier: B5:D2:78:5A:0C:40:A7:71:1F:9E:5A:12:BD:F5:01:92:8A:71:A8:83
Certificate issuer: /CN=5dc67c6be367ab9e941d1427d050449447b8865c
Certificate serial: 01856DCAFF39388CB8CBC4427773D399DDF6
Authority key identifier: 5D:C6:7C:6B:E3:67:AB:9E:94:1D:14:27:D0:50:44:94:47:B8:86:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XcZ8a-Nnq56UHRQn0FBElEe4hlw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/76275a-6f41-4804-837b-89799deadc47/1/tdJ4WgxAp3EfnloSvfUBkopxqIM.roa
Signing time: Sun 01 Jan 2023 14:44:58 +0000
ROA not before: Sun 01 Jan 2023 14:44:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205240
IP address blocks: 193.218.203.0/24 maxlen: 24
2a0f:99c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:ca:ff:39:38:8c:b8:cb:c4:42:77:73:d3:99:dd:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5dc67c6be367ab9e941d1427d050449447b8865c
Validity
Not Before: Jan 1 14:44:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b5d2785a0c40a7711f9e5a12bdf501928a71a883
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:6d:6a:f4:e7:2f:fa:be:4c:c7:af:46:d7:e0:
4f:d0:22:a7:27:01:50:52:6e:bd:cd:a4:51:2f:91:
12:67:a0:c4:76:ed:c7:b6:0e:2b:a9:f0:49:c1:65:
3f:e8:f7:f5:0a:95:50:6b:7c:8b:8f:33:b8:db:a8:
67:ad:e4:74:76:47:e9:47:64:d9:9b:f8:26:71:fe:
c0:6f:35:a9:6c:8a:9b:80:a6:52:57:ca:5c:9e:72:
8e:65:b6:e6:15:5c:4e:9a:9b:90:6a:20:c6:0f:cd:
d5:aa:28:40:fe:d3:a8:40:69:0d:c9:bf:f2:44:b6:
c4:a2:f6:22:93:d1:13:e3:e7:f0:06:03:65:8e:12:
d2:b5:87:7e:ad:bf:06:b9:d0:1c:ec:b3:13:99:a6:
b7:e6:c3:2d:62:4d:17:d6:fe:9f:aa:58:53:3d:6d:
d9:e1:eb:51:50:9e:86:bc:0f:28:e3:5c:49:c1:2b:
d9:7d:3a:95:b9:67:f5:59:3c:c7:75:01:e8:6b:a6:
e2:fc:f9:e8:30:e6:be:2a:5e:ed:2c:e7:f0:27:b2:
61:b3:57:5d:84:b2:d5:49:c3:12:2b:0e:de:23:88:
0b:f3:3f:cf:df:84:bf:f8:fd:e1:af:bf:8a:57:7b:
bf:47:f7:cd:09:84:7a:d9:9d:69:05:77:9a:e4:b1:
b8:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:D2:78:5A:0C:40:A7:71:1F:9E:5A:12:BD:F5:01:92:8A:71:A8:83
X509v3 Authority Key Identifier:
keyid:5D:C6:7C:6B:E3:67:AB:9E:94:1D:14:27:D0:50:44:94:47:B8:86:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XcZ8a-Nnq56UHRQn0FBElEe4hlw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/76275a-6f41-4804-837b-89799deadc47/1/tdJ4WgxAp3EfnloSvfUBkopxqIM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/76275a-6f41-4804-837b-89799deadc47/1/XcZ8a-Nnq56UHRQn0FBElEe4hlw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.218.203.0/24
IPv6:
2a0f:99c0::/32
Signature Algorithm: sha256WithRSAEncryption
07:44:f5:a5:2e:fc:5c:d1:a1:5b:2c:e8:09:ee:09:a8:d5:23:
be:08:e7:ac:af:0b:35:ad:e1:19:19:c4:a9:c9:c3:ef:58:92:
78:f9:22:58:a7:74:4e:47:40:6e:f5:0d:86:ab:45:dc:c1:57:
f9:2b:c1:58:94:93:33:0b:21:96:e7:fc:68:7d:f3:cb:d5:66:
63:7c:ba:c7:9b:a3:af:c1:82:35:23:03:cf:57:f8:5c:36:87:
af:70:90:f5:25:d0:59:43:96:97:4c:25:d5:ca:41:b0:34:78:
1d:6b:18:15:f4:78:82:4a:fc:b6:67:bd:e9:61:75:ce:4c:c4:
40:b8:19:f8:bd:c1:96:66:58:87:e5:c1:bc:d2:7e:72:48:da:
42:36:c5:8b:64:ad:de:25:e5:f6:aa:9f:31:af:0c:88:9e:37:
aa:0f:bc:41:cb:9f:b3:06:a7:c6:eb:9b:5f:9d:5b:80:44:02:
b1:dd:bc:37:a1:7d:14:57:4e:9a:08:bc:f8:b7:ec:e8:9d:b2:
fd:14:09:f9:f9:62:52:72:9b:24:1f:2b:15:26:84:72:fa:7f:
8b:6e:dc:24:ac:b8:08:84:8f:b7:c8:76:80:1c:c1:9a:3e:0e:
c1:e1:1a:c1:db:19:54:18:f6:45:2d:04:80:7d:66:77:6f:3f:
50:84:95:44
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtyv85OIy4y8RCd3PTmd32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYzY3YzZiZTM2N2FiOWU5NDFkMTQyN2QwNTA0NDk0NDdi
ODg2NWMwHhcNMjMwMTAxMTQ0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWQyNzg1YTBjNDBhNzcxMWY5ZTVhMTJiZGY1MDE5MjhhNzFhODgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv21q9Ocv+r5Mx69G1+BP0CKnJwFQ
Um69zaRRL5ESZ6DEdu3Htg4rqfBJwWU/6Pf1CpVQa3yLjzO426hnreR0dkfpR2TZ
m/gmcf7AbzWpbIqbgKZSV8pcnnKOZbbmFVxOmpuQaiDGD83VqihA/tOoQGkNyb/y
RLbEovYik9ET4+fwBgNljhLStYd+rb8GudAc7LMTmaa35sMtYk0X1v6fqlhTPW3Z
4etRUJ6GvA8o41xJwSvZfTqVuWf1WTzHdQHoa6bi/PnoMOa+Kl7tLOfwJ7Jhs1dd
hLLVScMSKw7eI4gL8z/P34S/+P3hr7+KV3u/R/fNCYR62Z1pBXea5LG4hwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLXSeFoMQKdxH55aEr31AZKKcaiDMB8GA1UdIwQY
MBaAFF3GfGvjZ6uelB0UJ9BQRJRHuIZcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGNaOGEtTm5xNTZVSFJRbjBGQkVsRWU0aGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy83NjI3NWEtNmY0MS00ODA0LTgzN2It
ODk3OTlkZWFkYzQ3LzEvdGRKNFdneEFwM0VmbmxvU3ZmVUJrb3B4cUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy83NjI3NWEtNmY0MS00ODA0LTgzN2ItODk3OTlkZWFkYzQ3
LzEvWGNaOGEtTm5xNTZVSFJRbjBGQkVsRWU0aGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwdrLMA0E
AgACMAcDBQAqD5nAMA0GCSqGSIb3DQEBCwUAA4IBAQAHRPWlLvxc0aFbLOgJ7gmo
1SO+COesrws1reEZGcSpycPvWJJ4+SJYp3ROR0Bu9Q2Gq0XcwVf5K8FYlJMzCyGW
5/xoffPL1WZjfLrHm6OvwYI1IwPPV/hcNoevcJD1JdBZQ5aXTCXVykGwNHgdaxgV
9HiCSvy2Z73pYXXOTMRAuBn4vcGWZliH5cG80n5ySNpCNsWLZK3eJeX2qp8xrwyI
njeqD7xBy5+zBqfG65tfnVuARAKx3bw3oX0UV06aCLz4t+zonbL9FAn5+WJScpsk
HysVJoRy+n+LbtwkrLgIhI+3yHaAHMGaPg7B4RrB2xlUGPZFLQSAfWZ3bz9QhJVE
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:25:40 2025 by rpki-client