Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/02khO6JjNvOCsG-DQfZpZnDtsuo.roa
File: 02khO6JjNvOCsG-DQfZpZnDtsuo.roa (raw, json)
Hash identifier: Pkunl5Ifse5PvuoQv1H4rt66NzupkQhxLDHZhNvWuAc=
Subject key identifier: D3:69:21:3B:A2:63:36:F3:82:B0:6F:83:41:F6:69:66:70:ED:B2:EA
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019403F1B31AEDDC330779BD2A1593B13527
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/02khO6JjNvOCsG-DQfZpZnDtsuo.roa
Signing time: Thu 26 Dec 2024 17:09:19 +0000
ROA not before: Thu 26 Dec 2024 17:09:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8100
IP address blocks: 193.124.227.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
212.192.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:03:f1:b3:1a:ed:dc:33:07:79:bd:2a:15:93:b1:35:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 26 17:09:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d369213ba26336f382b06f8341f6696670edb2ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:5a:6d:d2:42:9d:a5:14:c8:d4:c0:8a:c6:52:
25:e7:fd:b1:e8:28:3d:8e:73:0e:de:69:38:2c:6e:
b0:27:a6:2c:aa:be:ed:63:82:ec:4b:76:d1:3e:45:
54:b9:38:50:00:21:76:25:d7:65:c8:f6:ee:7a:09:
78:52:a1:d5:3a:9f:39:e2:6e:2b:bb:fa:5a:54:c1:
ca:30:e6:b3:b0:21:1b:21:1c:3b:f6:0c:bf:18:06:
73:e5:99:76:4c:84:98:35:b9:b8:70:2f:a8:d6:f4:
47:74:a6:a9:26:5d:32:b2:9c:99:75:c4:e3:98:a9:
07:e9:2a:22:df:80:02:7f:f0:69:51:89:56:27:90:
0d:65:a0:a4:24:68:ed:31:9c:a2:86:ed:30:33:66:
aa:28:f3:bc:f2:1f:1a:3f:5b:2f:76:03:00:45:d4:
47:93:7d:0b:59:50:b8:20:bd:62:15:3c:b3:81:54:
8c:0b:be:7c:11:6e:a4:a9:04:b6:0f:97:ab:f7:fe:
c6:e0:dd:01:3a:6c:14:30:68:3b:77:19:e5:07:3e:
5d:a2:88:fe:23:18:21:d0:96:0a:cd:42:16:5f:bb:
62:af:b7:c5:61:15:c8:ab:32:33:c2:9b:1a:8e:ef:
0b:43:26:f1:35:38:1a:10:f8:23:ec:54:cd:67:fc:
5d:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:69:21:3B:A2:63:36:F3:82:B0:6F:83:41:F6:69:66:70:ED:B2:EA
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/02khO6JjNvOCsG-DQfZpZnDtsuo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.87.53.0/24
194.135.46.0/24
195.133.55.0/24
195.133.59.0/24
212.192.247.0/24
Signature Algorithm: sha256WithRSAEncryption
52:fd:5c:60:9b:17:01:b8:5b:fc:c3:5d:89:b9:ae:f4:93:0e:
6b:2c:60:d1:ba:88:d2:84:aa:bc:86:5e:86:56:ac:fb:b3:b1:
42:0a:9c:69:39:50:4b:6c:07:b0:df:e8:e2:9c:d4:ae:85:b8:
a4:dc:24:07:0f:20:dd:d5:ac:ef:f0:87:df:c1:de:3c:90:20:
05:23:ee:f8:ec:b5:1c:90:4c:f3:f2:cb:7d:ee:ed:06:48:b3:
ac:ec:7a:c3:24:7c:e2:1c:a6:98:28:05:0e:12:28:43:8c:da:
85:aa:8f:6d:79:ba:30:59:57:b6:14:e9:bc:fc:21:81:c2:a9:
f8:4e:72:b2:b8:5c:a5:85:f8:03:66:89:c9:4d:85:13:1f:87:
f4:7b:35:fd:09:ce:16:4c:03:27:e0:33:ff:80:2c:5c:98:cf:
d4:a9:d3:98:8e:8c:77:20:0b:d5:ab:c3:67:c5:f3:d8:0e:58:
ec:ea:af:83:de:bf:6d:bc:9d:b6:80:1c:68:5a:97:ca:ad:c9:
f3:f5:32:0b:72:f3:4a:a4:9d:cc:ff:38:80:d9:2c:d6:3a:a7:
6e:f7:b2:d7:94:8c:f0:11:6c:b4:b1:21:0a:3c:be:00:8d:1e:
de:55:9d:f9:16:84:9a:9a:28:b5:7e:4d:f8:6a:cf:8d:13:4f:
8d:d6:85:c5
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQD8bMa7dwzB3m9KhWTsTUnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjI2MTcwOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY5MjEzYmEyNjMzNmYzODJiMDZmODM0MWY2Njk2NjcwZWRiMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVpt0kKdpRTI1MCKxlIl5/2x6Cg9
jnMO3mk4LG6wJ6Ysqr7tY4LsS3bRPkVUuThQACF2JddlyPbuegl4UqHVOp854m4r
u/paVMHKMOazsCEbIRw79gy/GAZz5Zl2TISYNbm4cC+o1vRHdKapJl0yspyZdcTj
mKkH6Soi34ACf/BpUYlWJ5ANZaCkJGjtMZyihu0wM2aqKPO88h8aP1svdgMARdRH
k30LWVC4IL1iFTyzgVSMC758EW6kqQS2D5er9/7G4N0BOmwUMGg7dxnlBz5dooj+
Ixgh0JYKzUIWX7tir7fFYRXIqzIzwpsaju8LQybxNTgaEPgj7FTNZ/xdNwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNNpITuiYzbzgrBvg0H2aWZw7bLqMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMDJraE82SmpOdk9Dc0ctRFFmWnBabkR0c3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwXzjAwQA
wlc1AwQAwocuAwQAw4U3AwQAw4U7AwQA1MD3MA0GCSqGSIb3DQEBCwUAA4IBAQBS
/VxgmxcBuFv8w12Jua70kw5rLGDRuojShKq8hl6GVqz7s7FCCpxpOVBLbAew3+ji
nNSuhbik3CQHDyDd1azv8Iffwd48kCAFI+747LUckEzz8st97u0GSLOs7HrDJHzi
HKaYKAUOEihDjNqFqo9tebowWVe2FOm8/CGBwqn4TnKyuFylhfgDZonJTYUTH4f0
ezX9Cc4WTAMn4DP/gCxcmM/UqdOYjox3IAvVq8NnxfPYDljs6q+D3r9tvJ22gBxo
WpfKrcnz9TILcvNKpJ3M/ziA2SzWOqdu97LXlIzwEWy0sSEKPL4AjR7eVZ35FoSa
mii1fk34as+NE0+N1oXF
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:09:07 2025 by rpki-client