Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/YK-y1hz1cNBvKVicZ7mvtw7keq8.roa
File: YK-y1hz1cNBvKVicZ7mvtw7keq8.roa (raw, json)
Hash identifier: NWOZVEeQ8NPmYHu4veqr1KV3zf2SVEShF2SxLV+c2Ec=
Subject key identifier: 60:AF:B2:D6:1C:F5:70:D0:6F:29:58:9C:67:B9:AF:B7:0E:E4:7A:AF
Certificate issuer: /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial: 018CF2E8EE570310447E9238EF0CFD61BC63
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/YK-y1hz1cNBvKVicZ7mvtw7keq8.roa
Signing time: Wed 10 Jan 2024 10:26:40 +0000
ROA not before: Wed 10 Jan 2024 10:26:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 193.53.35.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f2:e8:ee:57:03:10:44:7e:92:38:ef:0c:fd:61:bc:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Validity
Not Before: Jan 10 10:26:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=60afb2d61cf570d06f29589c67b9afb70ee47aaf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:d7:39:ea:10:17:69:65:f7:e8:83:10:d7:f3:
04:c7:21:0f:a2:76:f6:48:a7:cd:35:31:b2:5f:f3:
87:bd:29:2b:b8:9e:be:89:29:2a:be:ce:9c:a0:53:
ca:3c:f3:7e:15:fb:cb:c9:39:62:d7:79:fb:9c:de:
c4:c3:11:ce:55:75:b2:a5:5f:de:93:80:f7:ed:6b:
f0:13:c8:67:73:3a:ba:67:40:9f:37:86:4e:ce:41:
28:e9:51:e4:62:5b:34:b4:03:6c:9a:c7:47:33:0d:
66:cc:c9:a5:65:40:fe:84:fb:65:f7:e0:73:7b:fd:
72:09:86:f7:94:a1:ff:f7:59:30:5c:ca:2b:4d:4c:
56:ba:40:40:a9:3e:19:08:8b:64:3a:d5:b1:fa:87:
eb:2e:a7:35:23:23:85:1c:84:10:56:30:b8:65:15:
fc:35:00:ca:f4:24:09:1d:47:78:7c:8f:ed:88:74:
b3:5c:15:f7:34:de:ec:5c:ef:78:65:e9:7a:1f:45:
f2:d2:a9:dc:b4:93:97:22:8d:cd:0e:fd:48:e2:04:
23:d6:62:a9:93:ee:49:2f:70:87:24:51:fc:e8:15:
78:e5:8c:81:1c:2c:bc:c8:5b:37:ad:2f:a1:7f:9c:
0b:f7:55:0a:4f:f7:c0:a3:d9:42:ff:7d:8f:08:dc:
85:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:AF:B2:D6:1C:F5:70:D0:6F:29:58:9C:67:B9:AF:B7:0E:E4:7A:AF
X509v3 Authority Key Identifier:
keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/YK-y1hz1cNBvKVicZ7mvtw7keq8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.53.35.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:06:cd:e4:fb:b5:33:f8:d4:26:97:b3:ae:4c:d1:a5:1a:76:
c0:51:73:16:96:09:a4:0c:94:ff:fd:f6:6d:f0:fb:4c:88:d6:
7a:f2:85:65:82:e3:61:6e:93:f8:3c:fe:11:68:f7:45:89:f1:
d9:32:90:03:84:74:6a:80:38:ce:86:d0:f9:e7:a7:86:e0:d7:
3b:1c:aa:14:7e:43:ab:2d:8a:57:a7:52:46:88:f8:61:9d:22:
bf:46:84:de:2a:c5:39:45:3b:a5:2a:bc:a1:6f:b0:e4:24:72:
4d:ad:67:16:c4:ff:9b:a2:45:2f:12:c8:4f:cf:e2:d6:b2:c3:
0d:23:01:86:b3:0a:de:ed:a3:65:b2:75:8f:88:69:fb:ca:5b:
e1:33:65:a3:6e:1c:9d:05:fb:c6:8f:c8:3b:46:ff:b3:e6:d7:
21:1d:da:c3:ea:b1:bf:27:91:91:1e:19:c6:1b:99:06:b9:80:
23:fa:aa:e0:fe:7b:4d:39:93:4a:a4:f0:25:9b:7b:6f:74:b0:
05:97:2b:94:90:6c:81:7d:4a:6f:55:c8:93:7a:aa:a5:40:90:
0b:0e:34:f3:c8:42:9d:ec:26:66:9a:58:0c:97:5e:11:ad:17:
66:0c:e2:c2:1e:99:13:25:e0:2f:b3:b3:4b:1d:4e:2f:27:e5:
7f:21:c3:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzy6O5XAxBEfpI47wz9YbxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMTEwMTAyNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGFmYjJkNjFjZjU3MGQwNmYyOTU4OWM2N2I5YWZiNzBlZTQ3YWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtc56hAXaWX36IMQ1/MExyEPonb2
SKfNNTGyX/OHvSkruJ6+iSkqvs6coFPKPPN+FfvLyTli13n7nN7EwxHOVXWypV/e
k4D37WvwE8hnczq6Z0CfN4ZOzkEo6VHkYls0tANsmsdHMw1mzMmlZUD+hPtl9+Bz
e/1yCYb3lKH/91kwXMorTUxWukBAqT4ZCItkOtWx+ofrLqc1IyOFHIQQVjC4ZRX8
NQDK9CQJHUd4fI/tiHSzXBX3NN7sXO94Zel6H0Xy0qnctJOXIo3NDv1I4gQj1mKp
k+5JL3CHJFH86BV45YyBHCy8yFs3rS+hf5wL91UKT/fAo9lC/32PCNyFnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCvstYc9XDQbylYnGe5r7cO5HqvMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvWUsteTFoejFjTkJ2S1ZpY1o3bXZ0dzdrZXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTUjMA0G
CSqGSIb3DQEBCwUAA4IBAQAtBs3k+7Uz+NQml7OuTNGlGnbAUXMWlgmkDJT//fZt
8PtMiNZ68oVlguNhbpP4PP4RaPdFifHZMpADhHRqgDjOhtD556eG4Nc7HKoUfkOr
LYpXp1JGiPhhnSK/RoTeKsU5RTulKryhb7DkJHJNrWcWxP+bokUvEshPz+LWssMN
IwGGswre7aNlsnWPiGn7ylvhM2WjbhydBfvGj8g7Rv+z5tchHdrD6rG/J5GRHhnG
G5kGuYAj+qrg/ntNOZNKpPAlm3tvdLAFlyuUkGyBfUpvVciTeqqlQJALDjTzyEKd
7CZmmlgMl14RrRdmDOLCHpkTJeAvs7NLHU4vJ+V/IcPo
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:29:10 2025 by rpki-client