Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2ZNohIvXAts_MeoDJ8u17L5Unfg.roa
File: 2ZNohIvXAts_MeoDJ8u17L5Unfg.roa (raw, json)
Hash identifier: wnbCq5Ru4xEPy15aiuaHtoG+rUef8g83ZUvaobHj8qg=
Subject key identifier: D9:93:68:84:8B:D7:02:DB:3F:31:EA:03:27:CB:B5:EC:BE:54:9D:F8
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01939C4A69C9A72B7E1F92F4D48DF0AC2DC8
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2ZNohIvXAts_MeoDJ8u17L5Unfg.roa
Signing time: Fri 06 Dec 2024 14:05:42 +0000
ROA not before: Fri 06 Dec 2024 14:05:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8100
IP address blocks: 193.124.227.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:9c:4a:69:c9:a7:2b:7e:1f:92:f4:d4:8d:f0:ac:2d:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 6 14:05:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d99368848bd702db3f31ea0327cbb5ecbe549df8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:17:a4:98:8a:40:8d:d0:a6:fb:ed:e3:5f:4b:
c8:51:4b:1c:d5:67:f1:8f:73:17:e8:50:1c:41:d1:
49:22:26:26:97:23:e3:9e:b2:df:9b:1f:2f:85:fc:
d7:cf:c2:c7:59:50:bd:b1:f8:aa:e3:48:34:7d:39:
af:61:9d:f0:de:b5:c8:54:61:9b:91:24:06:88:f9:
26:4a:97:ad:c9:be:4d:f8:51:f3:74:62:3c:3c:58:
86:89:ca:d6:b5:88:c3:44:46:30:94:f3:0b:61:60:
ef:b3:8f:ea:23:1a:ff:81:e0:02:9c:a2:9d:83:ae:
95:35:27:80:52:6a:4c:7f:90:a1:65:a6:d8:54:b3:
10:71:2e:8b:c5:8b:0a:97:78:4f:5c:cf:2a:c0:76:
2c:92:68:b5:ff:a7:4f:e9:5f:5b:99:69:f1:c3:31:
4a:f3:b2:a4:47:9b:22:1d:ef:74:37:ab:ee:81:aa:
aa:1c:b6:99:a0:25:0a:dc:bb:aa:57:c1:5f:4b:ae:
81:a6:c6:0a:d6:55:c3:34:8c:93:ea:74:37:4d:55:
60:76:84:cc:55:4b:db:26:b3:48:9d:92:91:27:a4:
8f:fe:4e:4e:eb:2d:33:8b:c7:49:c5:5f:b0:c9:d7:
76:5d:f1:9c:23:dd:61:f6:c3:fe:76:a0:cc:e5:ec:
e0:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:93:68:84:8B:D7:02:DB:3F:31:EA:03:27:CB:B5:EC:BE:54:9D:F8
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2ZNohIvXAts_MeoDJ8u17L5Unfg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.135.46.0/24
195.133.59.0/24
Signature Algorithm: sha256WithRSAEncryption
21:9b:15:91:9e:27:b9:50:58:92:a6:b5:94:b3:8a:9b:39:7f:
ab:6b:4b:47:2c:cf:09:8d:75:24:94:e0:70:08:7c:ce:85:0b:
87:35:db:c4:1b:2f:12:18:31:5f:b1:cd:19:60:53:5f:c8:93:
0f:7f:61:c3:a5:d7:97:9b:c3:6a:31:3e:49:95:1e:b3:67:1f:
09:84:03:58:ce:11:27:82:32:2b:1f:83:e9:d9:6f:c9:9b:51:
41:e9:6f:bb:25:da:f0:ee:b1:ee:27:c3:3c:85:16:2f:d3:04:
24:a9:e5:fa:2f:4c:80:20:29:88:2b:7f:af:55:8a:07:c3:5a:
c5:05:26:f0:aa:bb:bc:db:b8:4c:4a:13:30:e1:b4:4e:3e:c8:
bb:5f:8a:f5:e0:c8:a6:05:fe:65:18:fe:cd:1b:ad:7d:e1:13:
2e:85:b2:ce:09:0e:66:18:c6:bf:11:c9:b7:7b:d0:ee:93:22:
0a:39:29:79:a6:2e:3e:6c:3e:df:cd:f5:6e:87:de:0d:40:d8:
c3:26:7e:e2:eb:8b:71:2b:1f:5f:ef:15:10:34:0c:7a:b3:63:
58:ce:e8:d3:27:cb:8c:5b:5e:16:ac:8d:72:ab:6a:c5:69:16:
0f:c8:df:2e:fc:89:3b:dd:6d:4d:cb:71:ea:c1:a4:85:0e:4c:
33:33:5b:69
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZOcSmnJpyt+H5L01I3wrC3IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjA2MTQwNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTkzNjg4NDhiZDcwMmRiM2YzMWVhMDMyN2NiYjVlY2JlNTQ5ZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBekmIpAjdCm++3jX0vIUUsc1Wfx
j3MX6FAcQdFJIiYmlyPjnrLfmx8vhfzXz8LHWVC9sfiq40g0fTmvYZ3w3rXIVGGb
kSQGiPkmSpetyb5N+FHzdGI8PFiGicrWtYjDREYwlPMLYWDvs4/qIxr/geACnKKd
g66VNSeAUmpMf5ChZabYVLMQcS6LxYsKl3hPXM8qwHYskmi1/6dP6V9bmWnxwzFK
87KkR5siHe90N6vugaqqHLaZoCUK3LuqV8FfS66BpsYK1lXDNIyT6nQ3TVVgdoTM
VUvbJrNInZKRJ6SP/k5O6y0zi8dJxV+wydd2XfGcI91h9sP+dqDM5ezgqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNmTaISL1wLbPzHqAyfLtey+VJ34MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMlpOb2hJdlhBdHNfTWVvREo4dTE3TDVVbmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwXzjAwQA
wocuAwQAw4U7MA0GCSqGSIb3DQEBCwUAA4IBAQAhmxWRnie5UFiSprWUs4qbOX+r
a0tHLM8JjXUklOBwCHzOhQuHNdvEGy8SGDFfsc0ZYFNfyJMPf2HDpdeXm8NqMT5J
lR6zZx8JhANYzhEngjIrH4Pp2W/Jm1FB6W+7Jdrw7rHuJ8M8hRYv0wQkqeX6L0yA
ICmIK3+vVYoHw1rFBSbwqru827hMShMw4bROPsi7X4r14MimBf5lGP7NG6194RMu
hbLOCQ5mGMa/Ecm3e9DukyIKOSl5pi4+bD7fzfVuh94NQNjDJn7i64txKx9f7xUQ
NAx6s2NYzujTJ8uMW14WrI1yq2rFaRYPyN8u/Ik73W1Ny3HqwaSFDkwzM1tp
-----END CERTIFICATE-----
Generated at Sat Apr 19 11:30:56 2025 by rpki-client