Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/aQEPIbwHo7oYw-bH9YSG0gVMNE4.roa
File: aQEPIbwHo7oYw-bH9YSG0gVMNE4.roa (raw, json)
Hash identifier: RNCQTi8zPwe9kHkfeDDG0yjPdFROra00vroeK44tXmk=
Subject key identifier: 69:01:0F:21:BC:07:A3:BA:18:C3:E6:C7:F5:84:86:D2:05:4C:34:4E
Certificate issuer: /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial: 01847229A75A2115EB8AB42B8E2214986648
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/aQEPIbwHo7oYw-bH9YSG0gVMNE4.roa
Signing time: Sun 13 Nov 2022 18:04:03 +0000
ROA not before: Sun 13 Nov 2022 18:04:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35543
IP address blocks: 193.53.81.0/24 maxlen: 24
2a12:a4c1::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:72:29:a7:5a:21:15:eb:8a:b4:2b:8e:22:14:98:66:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Validity
Not Before: Nov 13 18:04:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=69010f21bc07a3ba18c3e6c7f58486d2054c344e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:c1:8e:68:58:c0:4c:02:29:71:b1:ac:9a:67:
39:7d:61:83:0b:3b:fa:d1:25:07:a4:c4:b8:bb:db:
33:ec:83:d5:57:b6:24:3a:ea:ef:69:fc:05:a4:f1:
c9:03:1f:67:24:82:13:d4:37:8f:f4:df:4b:6f:27:
4e:e7:db:77:0c:72:b6:a5:b9:db:24:16:1a:34:3c:
8c:c3:6a:2c:2b:bd:be:f6:b7:41:12:4c:a0:27:72:
cc:17:85:51:6f:ed:5f:fd:41:4c:7a:da:00:c2:ae:
2e:8e:9c:ca:c7:aa:1c:a0:74:64:46:0e:b0:82:fe:
ba:d9:04:77:23:f8:80:ce:88:a6:2b:8a:c7:47:ed:
4b:7e:a1:e1:71:5a:77:fb:d1:f3:39:e4:fb:cd:81:
a1:98:d5:ef:d0:85:2a:14:62:f9:fb:de:45:c1:9f:
01:69:23:66:51:2d:df:ef:69:ea:ed:88:4b:bd:ef:
b5:c8:9e:d8:d2:bb:e9:d6:22:42:b6:9a:71:71:74:
a9:7e:f8:a5:02:3e:bc:c7:36:b8:ba:c0:e8:d4:5b:
7c:d0:ee:cd:c2:c2:5e:93:f9:13:b0:fa:00:1c:b3:
03:be:46:1d:b0:70:24:20:46:f8:35:f0:e4:97:ac:
ca:4e:6a:f2:25:89:fd:72:f9:5f:8d:a5:fc:39:ec:
54:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:01:0F:21:BC:07:A3:BA:18:C3:E6:C7:F5:84:86:D2:05:4C:34:4E
X509v3 Authority Key Identifier:
keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/aQEPIbwHo7oYw-bH9YSG0gVMNE4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.53.81.0/24
IPv6:
2a12:a4c1::/32
Signature Algorithm: sha256WithRSAEncryption
24:29:9a:ea:fb:88:f4:19:3a:7c:95:f9:89:e1:7c:14:13:04:
19:ea:c7:9b:4d:4b:62:ec:f3:56:c9:fe:b5:cf:15:f2:c5:f5:
a6:f8:90:85:67:be:c1:4a:b7:21:e4:d4:6d:7e:88:2a:9a:2d:
3e:69:f0:ce:79:7a:de:af:e1:fd:87:bd:21:91:e8:34:a0:dd:
99:5a:be:84:4d:9d:15:36:e7:c6:8c:63:01:5d:f5:5a:6b:a0:
57:de:79:a1:23:b9:33:f6:01:8a:97:8a:01:9f:83:8d:bd:82:
49:23:57:1b:d2:59:61:57:78:12:ad:0d:8b:ed:40:53:09:20:
23:8d:d6:28:18:c9:79:28:02:3f:f4:14:53:8a:a6:98:a9:ad:
d9:a7:30:3a:3b:9d:6f:71:0c:22:f8:44:e0:8d:ce:fb:30:51:
da:6c:b7:ff:7a:df:80:ea:77:03:85:fc:a4:19:3a:93:ed:08:
04:f7:bb:ec:76:9e:d6:a8:a1:f3:39:da:7b:b1:c3:ff:b8:d3:
b0:6b:f0:43:b9:1a:a1:b0:5f:6d:5d:ce:02:2e:3a:75:ee:e2:
c9:32:a6:fe:1c:12:f4:6b:21:05:25:09:ca:d9:af:d3:d1:bc:
01:64:cb:5f:a0:62:af:6e:be:13:76:4c:85:56:6f:ec:96:ed:
21:01:ea:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYRyKadaIRXrirQrjiIUmGZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjIxMTEzMTgwNDAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTAxMGYyMWJjMDdhM2JhMThjM2U2YzdmNTg0ODZkMjA1NGMzNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8GOaFjATAIpcbGsmmc5fWGDCzv6
0SUHpMS4u9sz7IPVV7YkOurvafwFpPHJAx9nJIIT1DeP9N9LbydO59t3DHK2pbnb
JBYaNDyMw2osK72+9rdBEkygJ3LMF4VRb+1f/UFMetoAwq4ujpzKx6ocoHRkRg6w
gv662QR3I/iAzoimK4rHR+1LfqHhcVp3+9HzOeT7zYGhmNXv0IUqFGL5+95FwZ8B
aSNmUS3f72nq7YhLve+1yJ7Y0rvp1iJCtppxcXSpfvilAj68xza4usDo1Ft80O7N
wsJek/kTsPoAHLMDvkYdsHAkIEb4NfDkl6zKTmryJYn9cvlfjaX8OexUqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGkBDyG8B6O6GMPmx/WEhtIFTDROMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvYVFFUElid0hvN29Zdy1iSDlZU0cwZ1ZNTkU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwTVRMA0E
AgACMAcDBQAqEqTBMA0GCSqGSIb3DQEBCwUAA4IBAQAkKZrq+4j0GTp8lfmJ4XwU
EwQZ6sebTUti7PNWyf61zxXyxfWm+JCFZ77BSrch5NRtfogqmi0+afDOeXrer+H9
h70hkeg0oN2ZWr6ETZ0VNufGjGMBXfVaa6BX3nmhI7kz9gGKl4oBn4ONvYJJI1cb
0llhV3gSrQ2L7UBTCSAjjdYoGMl5KAI/9BRTiqaYqa3ZpzA6O51vcQwi+ETgjc77
MFHabLf/et+A6ncDhfykGTqT7QgE97vsdp7WqKHzOdp7scP/uNOwa/BDuRqhsF9t
Xc4CLjp17uLJMqb+HBL0ayEFJQnK2a/T0bwBZMtfoGKvbr4TdkyFVm/slu0hAeqj
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:19:37 2025 by rpki-client