Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/xYrMgOMcKApWY2A_QtI3e0KofSw.roa
File: xYrMgOMcKApWY2A_QtI3e0KofSw.roa (raw, json)
Hash identifier: 5b7qAl7yBiX8MA30iohsWOquQnWAll+qoi81DLQxavE=
Subject key identifier: C5:8A:CC:80:E3:1C:28:0A:56:63:60:3F:42:D2:37:7B:42:A8:7D:2C
Certificate issuer: /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial: 0184CA0C64CA24B9A21FEC9012CEC4E9C9D6
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/xYrMgOMcKApWY2A_QtI3e0KofSw.roa
Signing time: Wed 30 Nov 2022 19:38:40 +0000
ROA not before: Wed 30 Nov 2022 19:38:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209260
IP address blocks: 193.53.35.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:ca:0c:64:ca:24:b9:a2:1f:ec:90:12:ce:c4:e9:c9:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Validity
Not Before: Nov 30 19:38:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c58acc80e31c280a5663603f42d2377b42a87d2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:14:d5:b1:c8:2e:c1:df:6a:99:dd:ff:78:8c:
f7:e4:14:44:56:93:00:31:a4:61:13:8f:04:90:c6:
51:10:85:3a:f9:9c:67:6b:80:f1:de:84:63:fb:70:
aa:b5:44:26:4d:af:df:f6:2d:74:90:21:a0:a5:be:
24:9f:fe:b8:f0:17:62:8c:7b:27:08:33:63:f6:bf:
75:20:aa:52:59:bc:5e:5b:34:db:cf:42:4d:72:41:
c3:42:d3:79:14:e2:01:9e:20:c4:1f:d5:44:a1:38:
2e:21:2d:ae:17:db:1c:b3:2a:5f:5a:8f:fe:09:5f:
14:8e:a5:8c:f6:e6:e6:8a:ce:5f:bb:a5:32:0f:bf:
6f:a4:0f:66:32:77:1d:2e:79:f0:48:a9:be:12:72:
c6:23:e2:44:3a:f8:71:c1:1d:34:e3:88:dd:79:05:
82:6d:08:58:29:93:66:c8:f6:d4:c7:2f:74:f9:bb:
08:79:26:12:d1:7a:ee:49:e8:b8:86:9b:16:4e:e1:
75:2e:93:79:82:70:fe:fa:13:c2:13:e1:da:38:e9:
21:6e:1c:d1:3c:a0:61:e2:6e:b6:d7:49:c9:a5:82:
15:d2:d1:d3:3c:de:5b:c0:42:15:35:bd:c1:2d:fe:
9a:68:fa:09:66:88:94:c1:ac:b1:66:c9:6f:68:13:
9b:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:8A:CC:80:E3:1C:28:0A:56:63:60:3F:42:D2:37:7B:42:A8:7D:2C
X509v3 Authority Key Identifier:
keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/xYrMgOMcKApWY2A_QtI3e0KofSw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.53.35.0/24
Signature Algorithm: sha256WithRSAEncryption
09:b1:ea:d6:33:0e:21:08:32:22:c7:f3:17:ab:1a:bf:a9:30:
96:bc:ba:13:cf:71:5a:04:12:89:06:89:83:ad:0c:d0:f2:00:
4c:66:cd:93:8f:04:63:46:39:42:14:39:8d:11:f5:fb:bf:2e:
af:0f:47:42:92:74:6f:3f:3a:b0:a4:87:97:6f:e0:6a:ca:9b:
ce:fc:fe:bc:fd:b5:bf:17:b7:3a:0f:0f:0b:8a:a8:ad:19:ac:
b7:cf:41:9c:9d:61:89:35:9d:f3:b9:70:35:d5:ee:78:57:11:
77:56:f0:fe:4c:ae:db:4d:fa:96:7a:97:ca:c2:12:f9:27:a2:
3f:e4:87:86:e6:4e:1c:47:59:4a:19:86:c8:63:0d:7c:8e:d8:
f1:42:3f:ac:07:37:ac:70:5f:56:da:ca:c8:96:d3:44:89:32:
b8:31:f3:6f:8f:cb:3c:88:3a:32:64:6e:f9:4e:5e:31:a9:62:
82:ed:ca:d5:4c:6f:42:08:c2:9c:09:31:a6:7d:ed:23:ae:5a:
04:ef:15:8d:1e:61:8f:f6:be:b9:e5:32:80:72:4e:a0:9f:01:
bd:a9:85:f3:21:3e:6d:f3:c1:5e:a6:e8:84:4b:6b:d5:f5:b3:
48:75:11:a5:c2:8b:53:01:e1:c6:9f:04:88:a0:1a:eb:1c:82:
51:f1:53:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYTKDGTKJLmiH+yQEs7E6cnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjIxMTMwMTkzODQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNThhY2M4MGUzMWMyODBhNTY2MzYwM2Y0MmQyMzc3YjQyYTg3ZDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRTVscguwd9qmd3/eIz35BREVpMA
MaRhE48EkMZREIU6+Zxna4Dx3oRj+3CqtUQmTa/f9i10kCGgpb4kn/648BdijHsn
CDNj9r91IKpSWbxeWzTbz0JNckHDQtN5FOIBniDEH9VEoTguIS2uF9scsypfWo/+
CV8UjqWM9ubmis5fu6UyD79vpA9mMncdLnnwSKm+EnLGI+JEOvhxwR0044jdeQWC
bQhYKZNmyPbUxy90+bsIeSYS0XruSei4hpsWTuF1LpN5gnD++hPCE+HaOOkhbhzR
PKBh4m6210nJpYIV0tHTPN5bwEIVNb3BLf6aaPoJZoiUwayxZslvaBObEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWKzIDjHCgKVmNgP0LSN3tCqH0sMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEveFlyTWdPTWNLQXBXWTJBX1F0STNlMEtvZlN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTUjMA0G
CSqGSIb3DQEBCwUAA4IBAQAJserWMw4hCDIix/MXqxq/qTCWvLoTz3FaBBKJBomD
rQzQ8gBMZs2TjwRjRjlCFDmNEfX7vy6vD0dCknRvPzqwpIeXb+BqypvO/P68/bW/
F7c6Dw8LiqitGay3z0GcnWGJNZ3zuXA11e54VxF3VvD+TK7bTfqWepfKwhL5J6I/
5IeG5k4cR1lKGYbIYw18jtjxQj+sBzescF9W2srIltNEiTK4MfNvj8s8iDoyZG75
Tl4xqWKC7crVTG9CCMKcCTGmfe0jrloE7xWNHmGP9r655TKAck6gnwG9qYXzIT5t
88FepuiES2vV9bNIdRGlwotTAeHGnwSIoBrrHIJR8VP1
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:19:16 2025 by rpki-client