Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/e4d7c6-a299-4b88-8247-9c4032963e17/1/Rpo02JYDgIrGDSC-DXS35RRCw4k.roa
File: Rpo02JYDgIrGDSC-DXS35RRCw4k.roa (raw, json)
Hash identifier: YcPRgF4aHaW68c7I7fvEcJJD2+J/A3R0/EwycfLA+Ic=
Subject key identifier: 46:9A:34:D8:96:03:80:8A:C6:0D:20:BE:0D:74:B7:E5:14:42:C3:89
Certificate issuer: /CN=53fb5242f98cff9dea9baa8c8ae466a42b537c5c
Certificate serial: 05D590CA
Authority key identifier: 53:FB:52:42:F9:8C:FF:9D:EA:9B:AA:8C:8A:E4:66:A4:2B:53:7C:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U_tSQvmM_53qm6qMiuRmpCtTfFw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/e4d7c6-a299-4b88-8247-9c4032963e17/1/Rpo02JYDgIrGDSC-DXS35RRCw4k.roa
Signing time: Sat 01 Jan 2022 15:57:02 +0000
ROA not before: Sat 01 Jan 2022 15:57:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1290
IP address blocks: 195.152.0.0/15 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 97882314 (0x5d590ca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53fb5242f98cff9dea9baa8c8ae466a42b537c5c
Validity
Not Before: Jan 1 15:57:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=469a34d89603808ac60d20be0d74b7e51442c389
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:79:cc:79:3f:92:ef:71:ef:57:2b:16:10:a1:
fd:f9:a2:47:3c:88:3f:3a:4a:17:34:00:4f:91:ba:
7b:ea:13:a6:60:5e:8f:0d:b6:47:5b:90:28:a6:1a:
d6:8e:7b:51:0a:88:41:34:9b:28:3a:30:be:72:bb:
db:8d:4b:e4:f1:5a:62:c0:c1:dd:c2:38:86:81:7e:
e4:cf:0f:85:76:a1:7a:0a:49:74:73:3b:bd:4c:22:
6c:b3:4d:03:a6:99:f2:6e:cd:31:75:8d:7e:3b:34:
62:fa:28:13:59:9a:ba:3f:43:f7:65:31:11:1c:35:
77:8a:ff:ef:84:c6:16:b6:41:7d:89:c1:18:f0:d1:
ca:05:56:1a:8f:f2:dd:bb:12:85:42:90:b2:d7:65:
a0:80:b5:2f:50:12:bb:ad:c0:64:cb:1a:5b:95:a1:
1d:f9:3a:04:71:96:9c:1a:ea:a3:fd:7b:0d:a6:f4:
6c:7d:e8:94:90:68:8c:65:67:03:e3:19:ee:cb:6c:
83:0a:0d:33:f6:9c:64:57:c6:3b:f1:9e:d1:98:d3:
97:b4:33:ba:2c:ec:27:3c:bb:cf:47:0c:54:ca:df:
a0:ba:64:e7:c2:30:16:f0:ed:3d:02:8d:39:9d:4b:
43:17:9b:6f:37:6f:04:80:1b:84:5c:8a:c1:51:41:
c0:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:9A:34:D8:96:03:80:8A:C6:0D:20:BE:0D:74:B7:E5:14:42:C3:89
X509v3 Authority Key Identifier:
keyid:53:FB:52:42:F9:8C:FF:9D:EA:9B:AA:8C:8A:E4:66:A4:2B:53:7C:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_tSQvmM_53qm6qMiuRmpCtTfFw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e4d7c6-a299-4b88-8247-9c4032963e17/1/Rpo02JYDgIrGDSC-DXS35RRCw4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e4d7c6-a299-4b88-8247-9c4032963e17/1/U_tSQvmM_53qm6qMiuRmpCtTfFw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.152.0.0/15
Signature Algorithm: sha256WithRSAEncryption
2c:56:2b:8c:8f:4a:aa:33:0b:80:e3:ca:9e:63:f2:f5:67:a0:
38:5a:00:3b:ea:8d:d5:86:80:e5:32:5e:60:d9:6f:b2:55:e5:
c6:88:39:bf:50:0d:78:36:f2:b5:d0:89:4a:0e:a7:71:76:bf:
12:e8:24:16:0d:c9:c9:37:89:20:fb:26:3f:b1:60:5d:d6:b8:
3f:9a:01:f6:1b:4f:e4:48:31:54:92:3d:95:f4:7f:36:d9:4d:
7c:93:1f:5e:ea:c6:61:2e:60:2d:c4:98:92:45:5f:c0:37:2c:
a2:14:0e:9d:47:43:ec:a5:64:02:3a:91:0f:a1:4c:b1:bf:c0:
da:e1:76:0a:8c:51:d0:7b:bb:b4:3f:62:53:3d:cc:eb:00:6f:
68:d3:8a:53:a2:e6:cb:d3:3a:16:ca:3a:d0:d7:ae:21:0e:99:
2d:c6:b3:c8:d6:4a:32:72:cc:19:68:57:b1:ab:46:47:e2:b5:
36:b9:3e:47:73:ec:1b:5a:1f:1c:e8:8e:11:16:0b:fe:21:04:
8d:6e:08:86:a6:d6:c3:d0:83:20:e6:ed:45:cd:5a:94:ce:aa:
a7:2e:d2:c8:e7:49:41:a8:ba:26:2e:2a:04:59:b0:37:cb:54:
c4:e2:62:8c:49:a2:77:f3:28:e0:6e:28:35:31:6f:e8:a3:64:
8b:14:f2:a4
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIEBdWQyjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
M2ZiNTI0MmY5OGNmZjlkZWE5YmFhOGM4YWU0NjZhNDJiNTM3YzVjMB4XDTIyMDEw
MTE1NTcwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDY5YTM0ZDg5NjAz
ODA4YWM2MGQyMGJlMGQ3NGI3ZTUxNDQyYzM4OTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKp5zHk/ku9x71crFhCh/fmiRzyIPzpKFzQAT5G6e+oTpmBe
jw22R1uQKKYa1o57UQqIQTSbKDowvnK7241L5PFaYsDB3cI4hoF+5M8PhXahegpJ
dHM7vUwibLNNA6aZ8m7NMXWNfjs0YvooE1mauj9D92UxERw1d4r/74TGFrZBfYnB
GPDRygVWGo/y3bsShUKQstdloIC1L1ASu63AZMsaW5WhHfk6BHGWnBrqo/17Dab0
bH3olJBojGVnA+MZ7stsgwoNM/acZFfGO/Ge0ZjTl7QzuizsJzy7z0cMVMrfoLpk
58IwFvDtPQKNOZ1LQxebbzdvBIAbhFyKwVFBwP8CAwEAAaOCAggwggIEMB0GA1Ud
DgQWBBRGmjTYlgOAisYNIL4NdLflFELDiTAfBgNVHSMEGDAWgBRT+1JC+Yz/neqb
qoyK5GakK1N8XDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1VfdFNRdm1NXzUzcW02cU1pdVJtcEN0VGZGdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODIvZTRkN2M2LWEyOTktNGI4OC04MjQ3LTljNDAzMjk2M2UxNy8x
L1JwbzAySllEZ0lyR0RTQy1EWFMzNVJSQ3c0ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIv
ZTRkN2M2LWEyOTktNGI4OC04MjQ3LTljNDAzMjk2M2UxNy8xL1VfdFNRdm1NXzUz
cW02cU1pdVJtcEN0VGZGdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAe
BggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAcOYMA0GCSqGSIb3DQEBCwUAA4IB
AQAsViuMj0qqMwuA48qeY/L1Z6A4WgA76o3VhoDlMl5g2W+yVeXGiDm/UA14NvK1
0IlKDqdxdr8S6CQWDcnJN4kg+yY/sWBd1rg/mgH2G0/kSDFUkj2V9H822U18kx9e
6sZhLmAtxJiSRV/ANyyiFA6dR0PspWQCOpEPoUyxv8Da4XYKjFHQe7u0P2JTPczr
AG9o04pToubL0zoWyjrQ164hDpktxrPI1koycswZaFexq0ZH4rU2uT5Hc+wbWh8c
6I4RFgv+IQSNbgiGptbD0IMg5u1FzVqUzqqnLtLI50lBqLomLioEWbA3y1TE4mKM
SaJ38yjgbig1MW/oo2SLFPKk
-----END CERTIFICATE-----
Generated at Tue Apr 22 20:49:36 2025 by rpki-client