Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2ckT-Sdygr9st5yB51Nv44kpc7I.roa
File: 2ckT-Sdygr9st5yB51Nv44kpc7I.roa (raw, json)
Hash identifier: TdpMus91TMJxapzwOkbvGaAAxQoFi0MXzbWnyQScKCw=
Subject key identifier: D9:C9:13:F9:27:72:82:BF:6C:B7:9C:81:E7:53:6F:E3:89:29:73:B2
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018DCC71D61128C1BD940BC66A9705637897
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2ckT-Sdygr9st5yB51Nv44kpc7I.roa
Signing time: Wed 21 Feb 2024 16:13:48 +0000
ROA not before: Wed 21 Feb 2024 16:13:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.5.0/24 maxlen: 24
193.124.7.0/24 maxlen: 24
194.87.22.0/24 maxlen: 24
194.87.32.0/24 maxlen: 24
194.87.142.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.201.0/24 maxlen: 24
195.133.6.0/24 maxlen: 24
195.133.25.0/24 maxlen: 24
195.133.72.0/24 maxlen: 24
195.133.78.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
195.133.192.0/24 maxlen: 24
212.192.1.0/24 maxlen: 24
212.192.212.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:cc:71:d6:11:28:c1:bd:94:0b:c6:6a:97:05:63:78:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Feb 21 16:13:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d9c913f9277282bf6cb79c81e7536fe3892973b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:31:fd:21:31:a1:b3:ac:3a:83:b9:be:3c:5c:
d4:20:63:94:a8:00:10:7e:6e:10:34:ca:cf:6c:7f:
3a:a8:2d:6c:fb:b9:66:bf:12:0f:a2:f6:8e:1e:76:
eb:89:f3:82:cb:d3:8e:df:21:de:55:8a:97:50:67:
2f:26:44:f5:9f:7c:92:d5:43:a4:b7:7f:33:7d:5d:
fa:1c:d0:3b:e8:d2:5e:cb:b0:3a:87:79:a7:69:a8:
dc:3c:52:68:39:a4:18:ff:2d:57:1f:34:56:20:53:
9d:fc:58:bf:1a:21:61:e9:65:d2:bd:70:2a:45:b4:
f1:59:73:4b:94:df:ff:b0:c5:fe:a1:d4:1c:97:96:
91:f9:be:b5:30:22:5d:7b:f3:1d:ac:69:a3:0d:ee:
26:d5:d0:68:f3:be:de:09:50:5d:b4:a2:ab:46:c9:
1f:3d:e2:6c:b4:9d:76:d0:17:73:b1:c6:ba:40:2c:
26:8d:13:7e:5f:47:bd:e7:84:33:ff:2a:57:f8:68:
c6:14:61:ce:12:11:46:dd:38:c3:91:26:f8:04:2c:
d1:42:d4:fd:17:de:05:ca:74:c3:2b:f5:15:a5:f8:
6a:b7:9b:19:70:8c:56:d5:33:02:f1:93:46:59:f8:
cb:ae:d7:8e:53:99:26:02:67:32:1d:e1:28:28:37:
1b:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:C9:13:F9:27:72:82:BF:6C:B7:9C:81:E7:53:6F:E3:89:29:73:B2
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2ckT-Sdygr9st5yB51Nv44kpc7I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.5.0/24
193.124.7.0/24
194.87.22.0/24
194.87.32.0/24
194.87.142.0/24
194.87.169.0/24
194.87.201.0/24
195.133.6.0/24
195.133.25.0/24
195.133.72.0/24
195.133.78.0/24
195.133.85.0/24
195.133.192.0/24
212.192.1.0/24
212.192.212.0/24
Signature Algorithm: sha256WithRSAEncryption
30:8c:8c:fa:77:f8:b5:91:6a:f8:f1:ee:fa:80:b7:52:eb:72:
32:5a:93:dd:68:e1:f5:b3:2f:d9:ef:db:2e:a9:6d:18:db:9b:
15:15:fb:b0:80:a9:4d:78:40:0d:6c:58:d6:de:bb:5f:0e:4a:
0b:4a:6b:63:03:4e:92:5a:78:c8:1a:07:26:64:e1:30:22:8a:
44:f0:51:8d:a9:b9:fc:e2:e8:f0:e2:77:0c:26:e4:10:30:5a:
54:1a:c9:d1:cd:31:f3:eb:16:6b:71:1c:3b:d6:68:4c:26:97:
82:14:96:74:51:ae:a5:f4:dd:c3:15:c9:92:66:eb:ac:98:f2:
19:77:9f:05:fa:65:98:09:28:f8:77:e9:a4:82:8f:84:18:08:
80:b4:cc:7a:a9:af:13:7e:be:b2:bd:89:e7:4b:f8:0a:2d:7a:
89:d6:a7:58:b9:92:c1:02:f5:09:cc:26:91:f5:5b:14:e7:58:
01:aa:25:ad:3f:76:7f:b8:34:bb:20:c6:63:88:af:08:f7:76:
f5:bd:4e:77:eb:00:de:7e:38:8b:62:6b:6f:de:4f:c3:2b:b3:
3e:f6:70:a9:dc:a8:a7:2a:52:9b:de:47:9d:9a:37:64:3d:fd:
01:e9:a0:73:b7:9a:17:92:57:9d:15:78:1f:45:d8:5f:8c:0d:
70:85:cd:d4
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY3McdYRKMG9lAvGapcFY3iXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjIxMTYxMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWM5MTNmOTI3NzI4MmJmNmNiNzljODFlNzUzNmZlMzg5Mjk3M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijH9ITGhs6w6g7m+PFzUIGOUqAAQ
fm4QNMrPbH86qC1s+7lmvxIPovaOHnbrifOCy9OO3yHeVYqXUGcvJkT1n3yS1UOk
t38zfV36HNA76NJey7A6h3mnaajcPFJoOaQY/y1XHzRWIFOd/Fi/GiFh6WXSvXAq
RbTxWXNLlN//sMX+odQcl5aR+b61MCJde/MdrGmjDe4m1dBo877eCVBdtKKrRskf
PeJstJ120Bdzsca6QCwmjRN+X0e954Qz/ypX+GjGFGHOEhFG3TjDkSb4BCzRQtT9
F94FynTDK/UVpfhqt5sZcIxW1TMC8ZNGWfjLrteOU5kmAmcyHeEoKDcb+QIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFNnJE/kncoK/bLecgedTb+OJKXOyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMmNrVC1TZHlncjlzdDV5QjUxTnY0NGtwYzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAwXwFAwQA
wXwHAwQAwlcWAwQAwlcgAwQAwleOAwQAwlepAwQAwlfJAwQAw4UGAwQAw4UZAwQA
w4VIAwQAw4VOAwQAw4VVAwQAw4XAAwQA1MABAwQA1MDUMA0GCSqGSIb3DQEBCwUA
A4IBAQAwjIz6d/i1kWr48e76gLdS63IyWpPdaOH1sy/Z79suqW0Y25sVFfuwgKlN
eEANbFjW3rtfDkoLSmtjA06SWnjIGgcmZOEwIopE8FGNqbn84ujw4ncMJuQQMFpU
GsnRzTHz6xZrcRw71mhMJpeCFJZ0Ua6l9N3DFcmSZuusmPIZd58F+mWYCSj4d+mk
go+EGAiAtMx6qa8Tfr6yvYnnS/gKLXqJ1qdYuZLBAvUJzCaR9VsU51gBqiWtP3Z/
uDS7IMZjiK8I93b1vU536wDefjiLYmtv3k/DK7M+9nCp3KinKlKb3kedmjdkPf0B
6aBzt5oXkledFXgfRdhfjA1whc3U
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:02:26 2025 by rpki-client