Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/XN1yWgph_zXXQnWudtSrH0kmgSI.roa
File: XN1yWgph_zXXQnWudtSrH0kmgSI.roa (raw, json)
Hash identifier: coTtAT0CaQv1LyOot3a6uQnEXl4oGZgYwGp8N7exqAk=
Subject key identifier: 5C:DD:72:5A:0A:61:FF:35:D7:42:75:AE:76:D4:AB:1F:49:26:81:22
Certificate issuer: /CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Certificate serial: 0C1694A1
Authority key identifier: AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/XN1yWgph_zXXQnWudtSrH0kmgSI.roa
Signing time: Fri 22 Apr 2022 15:18:33 +0000
ROA not before: Fri 22 Apr 2022 15:18:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60783
IP address blocks: 185.25.232.0/22 maxlen: 24
185.198.208.0/22 maxlen: 24
2a0a:8fc0::/29 maxlen: 29
2a04:3480::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 202806433 (0xc1694a1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Validity
Not Before: Apr 22 15:18:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5cdd725a0a61ff35d74275ae76d4ab1f49268122
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:d1:a3:86:17:28:5f:36:79:a5:8c:40:06:26:
b2:04:d5:d3:f3:3d:27:06:1d:69:c8:22:b1:14:3a:
f0:2a:15:ae:4c:4d:10:e2:3f:c4:9c:93:3c:46:65:
4d:d4:76:13:06:4c:d0:d0:a2:be:73:1a:d8:1b:9d:
3f:86:94:dc:a4:08:72:60:58:fb:ba:79:98:76:d8:
54:31:83:0a:20:64:c8:24:6a:50:65:dd:83:43:87:
88:33:a1:41:df:4b:01:b5:27:d9:95:92:04:19:54:
74:cc:ff:09:ad:37:2a:ff:83:64:18:6e:16:da:f2:
25:5b:0e:ff:07:38:f2:84:3e:06:4f:ec:7b:47:92:
09:e7:a1:43:6b:4c:06:27:a3:f0:2f:df:ba:c5:53:
4e:b3:51:04:00:ba:11:b7:b5:3e:27:76:2e:9a:f2:
36:a1:02:e9:17:1d:37:ef:e8:16:a5:1e:34:14:14:
0e:b1:8f:fa:50:03:73:3f:59:45:f7:ac:bf:9f:95:
cd:4e:ad:32:64:1b:bb:96:4f:7a:81:c0:e5:6d:5e:
67:16:2e:c1:90:82:20:17:c0:bc:56:d2:c1:6a:0e:
b1:70:cd:60:a8:c7:28:97:46:7e:8e:9b:73:db:31:
37:27:b2:99:36:30:5e:de:ea:a4:63:52:6b:02:da:
9e:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:DD:72:5A:0A:61:FF:35:D7:42:75:AE:76:D4:AB:1F:49:26:81:22
X509v3 Authority Key Identifier:
keyid:AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/XN1yWgph_zXXQnWudtSrH0kmgSI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.25.232.0/22
185.198.208.0/22
IPv6:
2a04:3480::/29
2a0a:8fc0::/29
Signature Algorithm: sha256WithRSAEncryption
3a:9f:e5:7c:c2:b2:84:63:d9:1f:11:cb:0c:62:e1:76:b9:65:
23:40:15:fd:f8:ef:8e:92:60:97:a3:f2:59:8e:01:c4:9a:65:
81:ed:4a:81:79:7c:d2:5e:d0:6c:4f:b7:b0:84:9c:a9:f8:0d:
c7:9a:9d:af:d3:f6:d2:e3:22:22:04:aa:65:38:0b:3c:e4:e7:
c5:3e:79:7d:23:16:78:3f:4e:21:d3:5c:04:0c:74:fe:bd:5d:
9a:91:d2:d5:88:3c:b5:df:5e:16:99:15:da:56:d7:6c:be:81:
43:e7:cc:17:61:7f:56:1a:86:5e:75:a7:3e:ca:2f:98:80:6c:
b8:39:80:b1:4b:b7:85:d8:35:2a:e7:05:8b:25:dd:fc:9f:ca:
b6:6a:8c:80:d8:98:79:c2:c3:c1:c1:aa:11:95:09:ba:69:73:
b4:9d:6e:fb:f3:89:af:65:91:61:41:39:6d:2b:8d:40:51:2c:
65:7a:b7:e3:e7:6e:f3:72:94:eb:18:10:3f:f5:5a:ce:63:77:
82:42:5b:de:12:98:ad:d5:50:9c:89:00:d5:5a:8f:4c:95:7d:
d8:c2:72:19:2b:36:8d:78:2e:9d:aa:77:7f:6f:dd:59:54:41:
9f:8c:d5:89:ac:4c:88:cd:e1:e3:dc:28:5b:33:cc:0a:c8:29:
5a:bb:2d:f3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIEDBaUoTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
YWIxZGIwZTAwODIwODc2ZGZhMjBiZWM5YjcxOWFhNzk1YWNjMWRlMB4XDTIyMDQy
MjE1MTgzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWNkZDcyNWEwYTYx
ZmYzNWQ3NDI3NWFlNzZkNGFiMWY0OTI2ODEyMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJvRo4YXKF82eaWMQAYmsgTV0/M9JwYdacgisRQ68CoVrkxN
EOI/xJyTPEZlTdR2EwZM0NCivnMa2BudP4aU3KQIcmBY+7p5mHbYVDGDCiBkyCRq
UGXdg0OHiDOhQd9LAbUn2ZWSBBlUdMz/Ca03Kv+DZBhuFtryJVsO/wc48oQ+Bk/s
e0eSCeehQ2tMBiej8C/fusVTTrNRBAC6Ebe1Pid2LpryNqEC6RcdN+/oFqUeNBQU
DrGP+lADcz9ZRfesv5+VzU6tMmQbu5ZPeoHA5W1eZxYuwZCCIBfAvFbSwWoOsXDN
YKjHKJdGfo6bc9sxNyeymTYwXt7qpGNSawLangcCAwEAAaOCAiUwggIhMB0GA1Ud
DgQWBBRc3XJaCmH/NddCda521KsfSSaBIjAfBgNVHSMEGDAWgBSqsdsOAIIIdt+i
C+ybcZqnlazB3jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FySGJEZ0NDQ0hiZm9ndnNtM0dhcDVXc3dkNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjUvNmFkZDA3LWU2YWQtNGRiYS05YjhiLTIzZTM4MTM2NTFkNC8x
L1hOMXlXZ3BoX3pYWFFuV3VkdFNySDBrbWdTSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUv
NmFkZDA3LWU2YWQtNGRiYS05YjhiLTIzZTM4MTM2NTFkNC8xL3FySGJEZ0NDQ0hi
Zm9ndnNtM0dhcDVXc3dkNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA7
BggrBgEFBQcBBwEB/wQsMCowEgQCAAEwDAMEArkZ6AMEArnG0DAUBAIAAjAOAwUD
KgQ0gAMFAyoKj8AwDQYJKoZIhvcNAQELBQADggEBADqf5XzCsoRj2R8Rywxi4Xa5
ZSNAFf34746SYJej8lmOAcSaZYHtSoF5fNJe0GxPt7CEnKn4Dceana/T9tLjIiIE
qmU4Czzk58U+eX0jFng/TiHTXAQMdP69XZqR0tWIPLXfXhaZFdpW12y+gUPnzBdh
f1Yahl51pz7KL5iAbLg5gLFLt4XYNSrnBYsl3fyfyrZqjIDYmHnCw8HBqhGVCbpp
c7Sdbvvzia9lkWFBOW0rjUBRLGV6t+PnbvNylOsYED/1Ws5jd4JCW94SmK3VUJyJ
ANVaj0yVfdjCchkrNo14Lp2qd39v3VlUQZ+M1YmsTIjN4ePcKFszzArIKVq7LfM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:25 2023 by rpki-client on console-fra.rpki-client.org