Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3WStblEazlQkOILGIIYwlAUXkD0.roa
File: 3WStblEazlQkOILGIIYwlAUXkD0.roa (raw, json)
Hash identifier: TktL2Lx0RBtfrGZ2W3+1ufXqUs/a2Z88xo0S/TAkpz8=
Subject key identifier: DD:64:AD:6E:51:1A:CE:54:24:38:82:C6:20:86:30:94:05:17:90:3D
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824E53E562198D553DA6CCE10F1DDB4
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3WStblEazlQkOILGIIYwlAUXkD0.roa
Signing time: Thu 02 Jan 2025 17:51:34 +0000
ROA not before: Thu 02 Jan 2025 17:51:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8100
IP address blocks: 193.124.227.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
212.192.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:e5:3e:56:21:98:d5:53:da:6c:ce:10:f1:dd:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd64ad6e511ace54243882c6208630940517903d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:e1:38:ef:e7:f3:16:4b:1b:08:5c:2a:ce:88:
82:e8:16:26:5f:52:e4:89:93:ec:b4:0d:62:5c:9e:
f9:fa:ea:41:49:12:83:3b:ab:13:1d:9e:c9:db:4c:
4a:43:3e:d4:10:3a:c2:8a:19:01:e9:fc:a9:0d:99:
d9:17:8e:ca:58:cb:59:e1:be:36:04:a6:45:1c:de:
17:05:53:9a:44:a4:b3:47:72:cc:5a:e8:81:c3:f0:
78:9d:c3:a8:ba:6f:60:e5:f5:5a:f7:bf:16:77:28:
55:1c:08:c1:68:81:55:fc:36:57:7d:12:b9:b1:eb:
85:3e:d7:1c:12:27:a2:b2:2b:45:d8:83:8f:3e:5a:
3d:27:e8:a0:ad:27:0f:91:ba:99:bb:64:a3:a9:97:
29:ce:49:3b:6f:ea:7d:da:00:ec:7c:6c:56:29:4f:
a5:76:6a:b9:6a:23:cd:5c:0a:e5:7e:01:f1:7b:6f:
09:3c:80:9e:ee:ca:90:62:d2:9c:c3:cb:7a:56:5e:
25:34:dc:98:0d:4d:e5:70:43:92:88:45:26:65:62:
ef:b3:26:0d:1f:97:ba:4c:65:7c:86:77:cc:2b:3a:
a6:e2:6e:05:19:b3:80:1a:0d:2e:a3:97:5c:25:ce:
06:59:5f:39:f4:8c:55:fc:a8:f8:21:5f:eb:02:7e:
f1:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:64:AD:6E:51:1A:CE:54:24:38:82:C6:20:86:30:94:05:17:90:3D
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3WStblEazlQkOILGIIYwlAUXkD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.87.53.0/24
194.135.46.0/24
195.133.55.0/24
212.192.247.0/24
Signature Algorithm: sha256WithRSAEncryption
21:8f:18:6f:fa:bd:46:1e:6e:5e:cd:7d:70:3b:d8:60:2f:fd:
e8:bc:53:9b:98:85:90:01:45:2e:f6:0e:20:4b:0f:1e:fc:87:
3b:d6:ec:bf:e0:22:e8:70:46:f5:a8:db:21:fc:a5:52:c1:5f:
80:72:b5:f1:47:5a:d9:b2:82:c1:be:e4:81:de:e3:ab:3e:5b:
56:8b:fa:30:15:2a:f7:32:63:f7:21:ed:a6:f2:72:4f:3f:fc:
83:3a:67:d5:7a:96:db:c2:2b:2e:19:6a:e8:18:35:74:88:9c:
41:81:9d:72:78:cd:91:aa:d9:42:57:b6:61:ba:89:9c:32:56:
66:90:ce:c1:41:ab:79:20:61:b4:9e:fd:0b:55:32:12:b0:4f:
3b:3e:dc:d1:6f:ca:d0:e8:e4:70:da:cb:fb:b2:ab:ac:85:58:
a5:6c:cf:24:1c:5c:6b:fa:26:54:e4:e1:e9:85:ea:5c:10:0e:
6c:3e:dd:b8:84:d4:4a:b8:72:69:dd:24:eb:f4:7b:03:08:fa:
e0:b5:63:a7:bb:29:9f:be:1c:24:ac:ff:4d:eb:aa:bd:c5:0b:
5a:e9:47:01:47:a4:a6:e6:c5:fa:14:bc:a8:e3:71:af:13:04:
75:49:40:3e:1a:ef:62:2f:25:63:58:65:59:2d:cd:4d:73:e4:
8d:93:b0:6a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQoJOU+ViGY1VPabM4Q8d20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY0YWQ2ZTUxMWFjZTU0MjQzODgyYzYyMDg2MzA5NDA1MTc5MDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uE47+fzFksbCFwqzoiC6BYmX1Lk
iZPstA1iXJ75+upBSRKDO6sTHZ7J20xKQz7UEDrCihkB6fypDZnZF47KWMtZ4b42
BKZFHN4XBVOaRKSzR3LMWuiBw/B4ncOoum9g5fVa978WdyhVHAjBaIFV/DZXfRK5
seuFPtccEieisitF2IOPPlo9J+igrScPkbqZu2SjqZcpzkk7b+p92gDsfGxWKU+l
dmq5aiPNXArlfgHxe28JPICe7sqQYtKcw8t6Vl4lNNyYDU3lcEOSiEUmZWLvsyYN
H5e6TGV8hnfMKzqm4m4FGbOAGg0uo5dcJc4GWV859IxV/Kj4IV/rAn7xRQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFN1krW5RGs5UJDiCxiCGMJQFF5A9MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvM1dTdGJsRWF6bFFrT0lMR0lJWXdsQVVYa0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwXzjAwQA
wlc1AwQAwocuAwQAw4U3AwQA1MD3MA0GCSqGSIb3DQEBCwUAA4IBAQAhjxhv+r1G
Hm5ezX1wO9hgL/3ovFObmIWQAUUu9g4gSw8e/Ic71uy/4CLocEb1qNsh/KVSwV+A
crXxR1rZsoLBvuSB3uOrPltWi/owFSr3MmP3Ie2m8nJPP/yDOmfVepbbwisuGWro
GDV0iJxBgZ1yeM2RqtlCV7ZhuomcMlZmkM7BQat5IGG0nv0LVTISsE87PtzRb8rQ
6ORw2sv7squshVilbM8kHFxr+iZU5OHphepcEA5sPt24hNRKuHJp3STr9HsDCPrg
tWOnuymfvhwkrP9N66q9xQta6UcBR6Sm5sX6FLyo43GvEwR1SUA+Gu9iLyVjWGVZ
Lc1Nc+SNk7Bq
-----END CERTIFICATE-----
Generated at Sun Jun 8 16:18:58 2025 by rpki-client