Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/XSnyeKXjtDiVxtV-B8qFGNQU5aM.roa
File: XSnyeKXjtDiVxtV-B8qFGNQU5aM.roa (raw, json)
Hash identifier: 2sti4Xk4bFNHUzEEhcG0LmLxWTQQsuudBd6M+ppg0RQ=
Subject key identifier: 5D:29:F2:78:A5:E3:B4:38:95:C6:D5:7E:07:CA:85:18:D4:14:E5:A3
Certificate issuer: /CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Certificate serial: 0185DD065282BE0E13175B413C2BF9575AE0
Authority key identifier: 6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/XSnyeKXjtDiVxtV-B8qFGNQU5aM.roa
Signing time: Mon 23 Jan 2023 05:07:37 +0000
ROA not before: Mon 23 Jan 2023 05:07:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205473
IP address blocks: 188.72.0.0/24 maxlen: 24
188.72.1.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:dd:06:52:82:be:0e:13:17:5b:41:3c:2b:f9:57:5a:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Validity
Not Before: Jan 23 05:07:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d29f278a5e3b43895c6d57e07ca8518d414e5a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:86:57:64:b2:d6:06:ca:3e:40:f4:8c:d6:d3:
97:22:0b:fe:7b:58:86:23:01:bd:a4:4d:f8:31:5e:
93:e1:99:54:dd:8a:dc:8d:ac:e4:e8:a9:e9:76:f9:
2a:8f:a3:5d:67:ab:2a:e0:38:a6:71:80:fd:46:0d:
b2:5c:91:5d:15:23:25:a3:97:9a:7a:e6:5b:b9:4b:
51:9f:95:7a:44:ee:4d:1c:5f:38:1e:3a:00:c1:3f:
32:1c:82:1e:d2:0a:a2:39:df:32:a4:b9:55:c6:52:
28:ae:5d:73:f6:a7:97:1c:8f:1c:cb:f1:3c:c9:e7:
e1:f9:f4:70:92:c3:6e:88:25:da:5e:e3:5f:91:fe:
b3:de:58:6f:a7:01:51:bd:a8:18:91:63:8a:2b:ab:
bd:be:49:a8:dc:18:19:37:42:12:03:dd:65:47:03:
b8:f9:6b:52:51:e5:a6:80:1f:31:f6:3d:87:aa:5c:
50:36:af:1a:cf:41:f8:78:d9:ce:29:8a:5c:42:a1:
0f:f9:a2:42:fd:ec:a5:b6:e6:10:13:01:10:38:89:
e8:f1:29:a3:06:e5:62:58:c6:e5:e8:87:0f:65:36:
7a:76:1d:a4:9b:dc:48:b3:84:ea:3d:9f:be:f8:8b:
0c:4e:a2:a2:a8:c2:9a:1c:cf:57:13:1f:86:5d:60:
43:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:29:F2:78:A5:E3:B4:38:95:C6:D5:7E:07:CA:85:18:D4:14:E5:A3
X509v3 Authority Key Identifier:
keyid:6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/XSnyeKXjtDiVxtV-B8qFGNQU5aM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.72.0.0/23
Signature Algorithm: sha256WithRSAEncryption
1c:71:e7:c5:c9:16:fe:49:e9:33:76:66:e1:e7:33:b2:d5:2c:
47:3b:08:f2:64:90:32:07:8f:1b:4b:a8:09:76:8a:d1:de:35:
18:0c:4d:8e:b5:23:cc:11:c5:18:b5:8c:69:e3:5a:07:4c:04:
79:fe:8f:ac:a7:cd:2b:dd:04:29:9b:56:6e:1c:c1:3f:83:04:
b3:86:aa:4a:8c:94:cc:ae:48:cb:3f:06:24:ff:09:67:db:1b:
5d:38:6a:ae:41:46:64:38:6a:f5:26:a8:60:a1:42:01:ef:ce:
33:23:cb:15:29:67:12:10:4d:38:e0:67:0f:77:95:50:c3:49:
88:6c:70:4f:88:80:41:62:b0:d9:08:3c:70:a9:21:c5:87:9c:
77:94:f1:18:22:37:30:6a:cf:30:63:91:9a:ea:09:50:dd:f6:
07:2d:da:38:97:97:12:04:37:00:ef:11:07:05:93:93:9a:51:
43:4e:42:f1:d9:88:bd:c9:ed:4f:48:bd:f6:9d:23:50:38:c1:
23:5c:0b:4e:7e:f6:2e:1e:07:1c:f2:a7:6b:17:44:fc:09:d0:
25:eb:6b:01:78:0a:d3:79:aa:0f:6b:2c:af:47:1b:bd:64:cf:
a0:4a:d8:a8:91:70:26:03:9c:8b:0b:f8:36:d2:1d:41:0b:ef:
34:0a:c1:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYXdBlKCvg4TF1tBPCv5V1rgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYjBkZWMxM2RmMjA1YTY2ZWM1MjI3OTI1YjhmNTZiZGIw
OWY0OTkwHhcNMjMwMTIzMDUwNzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDI5ZjI3OGE1ZTNiNDM4OTVjNmQ1N2UwN2NhODUxOGQ0MTRlNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioZXZLLWBso+QPSM1tOXIgv+e1iG
IwG9pE34MV6T4ZlU3Yrcjazk6Knpdvkqj6NdZ6sq4DimcYD9Rg2yXJFdFSMlo5ea
euZbuUtRn5V6RO5NHF84HjoAwT8yHIIe0gqiOd8ypLlVxlIorl1z9qeXHI8cy/E8
yefh+fRwksNuiCXaXuNfkf6z3lhvpwFRvagYkWOKK6u9vkmo3BgZN0ISA91lRwO4
+WtSUeWmgB8x9j2HqlxQNq8az0H4eNnOKYpcQqEP+aJC/eyltuYQEwEQOIno8Smj
BuViWMbl6IcPZTZ6dh2km9xIs4TqPZ+++IsMTqKiqMKaHM9XEx+GXWBD4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0p8nil47Q4lcbVfgfKhRjUFOWjMB8GA1UdIwQY
MBaAFGyw3sE98gWmbsUieSW49WvbCfSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQt
NTJiOWU2YTE2MzUwLzEvWFNueWVLWGp0RGlWeHRWLUI4cUZHTlFVNWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQtNTJiOWU2YTE2MzUw
LzEvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvEgAMA0G
CSqGSIb3DQEBCwUAA4IBAQAccefFyRb+Sekzdmbh5zOy1SxHOwjyZJAyB48bS6gJ
dorR3jUYDE2OtSPMEcUYtYxp41oHTAR5/o+sp80r3QQpm1ZuHME/gwSzhqpKjJTM
rkjLPwYk/wln2xtdOGquQUZkOGr1JqhgoUIB784zI8sVKWcSEE044GcPd5VQw0mI
bHBPiIBBYrDZCDxwqSHFh5x3lPEYIjcwas8wY5Ga6glQ3fYHLdo4l5cSBDcA7xEH
BZOTmlFDTkLx2Yi9ye1PSL32nSNQOMEjXAtOfvYuHgcc8qdrF0T8CdAl62sBeArT
eaoPayyvRxu9ZM+gStiokXAmA5yLC/g20h1BC+80CsFl
-----END CERTIFICATE-----
Generated at Sun May 11 22:36:22 2025 by rpki-client