Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3tI5fzWplzZFuBlT2EN_3JezLcE.roa
File: 3tI5fzWplzZFuBlT2EN_3JezLcE.roa (raw, json)
Hash identifier: OgaU46uYlziyOro4/8Dnd0Q5taEVma1jGhHU8Z4q7r0=
Subject key identifier: DE:D2:39:7F:35:A9:97:36:45:B8:19:53:D8:43:7F:DC:97:B3:2D:C1
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0187523B5BCB6DE61E74976F4064AE8F00A4
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3tI5fzWplzZFuBlT2EN_3JezLcE.roa
Signing time: Wed 05 Apr 2023 16:23:54 +0000
ROA not before: Wed 05 Apr 2023 16:23:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 193.124.226.0/24 maxlen: 24
193.124.224.0/23 maxlen: 23
193.124.49.0/24 maxlen: 24
195.133.22.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
212.192.16.0/21 maxlen: 24
194.87.192.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:52:3b:5b:cb:6d:e6:1e:74:97:6f:40:64:ae:8f:00:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Apr 5 16:23:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ded2397f35a9973645b81953d8437fdc97b32dc1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:36:5e:54:9a:09:7a:10:af:be:63:ad:07:e9:
f6:72:a7:a0:59:00:be:ee:95:71:d0:bf:c4:ac:54:
c1:c5:ac:64:1f:62:7b:1e:d6:5b:d4:c3:0d:ac:cf:
b5:aa:46:26:3d:ad:c7:29:fb:40:d4:12:0b:4f:39:
e3:5e:78:c2:ae:0b:9e:e6:2a:b5:5f:8a:85:e1:46:
57:1e:1a:3f:b2:0a:65:1b:ce:be:c9:7c:dc:71:76:
b5:11:db:e9:62:0a:d3:0b:e5:7b:44:5a:c2:b7:24:
60:21:55:d9:e2:9c:21:20:a4:11:b0:66:09:75:eb:
0b:33:d6:8f:86:a0:52:58:49:8a:98:88:b5:d7:71:
de:da:a2:c3:b8:c9:da:85:64:08:40:92:ce:2c:b0:
6f:0f:3b:b2:31:32:c8:ad:71:36:1e:0c:92:6a:7d:
e8:a2:88:30:dd:34:93:da:ff:a0:1a:76:cc:3b:73:
2a:00:82:95:8c:63:17:f6:02:88:b3:10:7f:9a:4d:
0b:f5:f2:09:21:1a:6c:90:79:08:41:50:38:0f:58:
54:a0:db:6a:70:be:f5:ac:49:b6:0a:ce:76:7d:fa:
b8:ff:c4:0f:b8:5e:33:04:e9:a8:8d:f0:c6:a5:c0:
c0:49:52:b7:89:8d:40:b7:fc:80:a8:22:ce:3b:08:
dd:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:D2:39:7F:35:A9:97:36:45:B8:19:53:D8:43:7F:DC:97:B3:2D:C1
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3tI5fzWplzZFuBlT2EN_3JezLcE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.49.0/24
193.124.224.0-193.124.226.255
194.87.192.0/22
194.135.46.0/24
195.133.22.0/24
212.192.16.0/21
Signature Algorithm: sha256WithRSAEncryption
1c:2f:5b:d9:33:b7:80:de:d7:52:1d:63:9d:c2:0e:1b:5f:1c:
6e:e8:87:d0:af:0d:e4:03:92:c5:a7:5a:d2:6c:94:9b:21:a0:
a8:f1:0b:c5:18:00:10:1c:6f:5e:30:40:bd:6b:1f:0c:4f:5c:
8b:60:26:c3:c2:00:21:4e:f2:35:c2:fa:25:aa:0d:3b:f6:1e:
70:d3:91:3b:5a:d1:02:1b:a0:d4:df:4d:30:4c:c6:8b:0b:27:
c2:fe:b9:19:27:ec:61:88:3b:b3:46:0f:68:c5:95:ad:ec:14:
b5:46:cc:40:cf:1a:1a:c8:ee:da:33:9f:cf:7a:07:ca:42:d8:
df:6a:b2:50:a8:2e:0b:1f:4e:5a:78:91:42:69:f5:3c:a4:e1:
93:48:73:c3:10:d1:e7:4f:a4:4a:16:02:52:60:4f:2f:2c:4b:
58:3e:25:b9:8b:07:b2:30:12:ad:c9:7c:b7:76:2c:4c:6b:88:
a5:8d:e3:e3:bc:46:c7:3f:57:26:ba:a2:4d:bc:f9:26:a6:f0:
ff:47:dc:f6:e2:92:e5:7b:15:5e:80:65:79:72:fc:ee:57:95:
17:13:27:23:be:89:03:f4:25:4e:f5:60:ff:d7:63:01:da:53:
94:a2:2d:93:15:97:5f:37:eb:45:6d:34:02:c6:9a:44:53:d3:
4e:43:40:86
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYdSO1vLbeYedJdvQGSujwCkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDA1MTYyMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWQyMzk3ZjM1YTk5NzM2NDViODE5NTNkODQzN2ZkYzk3YjMyZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijZeVJoJehCvvmOtB+n2cqegWQC+
7pVx0L/ErFTBxaxkH2J7HtZb1MMNrM+1qkYmPa3HKftA1BILTznjXnjCrgue5iq1
X4qF4UZXHho/sgplG86+yXzccXa1EdvpYgrTC+V7RFrCtyRgIVXZ4pwhIKQRsGYJ
desLM9aPhqBSWEmKmIi113He2qLDuMnahWQIQJLOLLBvDzuyMTLIrXE2HgySan3o
oogw3TST2v+gGnbMO3MqAIKVjGMX9gKIsxB/mk0L9fIJIRpskHkIQVA4D1hUoNtq
cL71rEm2Cs52ffq4/8QPuF4zBOmojfDGpcDASVK3iY1At/yAqCLOOwjdmwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFN7SOX81qZc2RbgZU9hDf9yXsy3BMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvM3RJNWZ6V3BselpGdUJsVDJFTl8zSmV6TGNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAwXwxMAwD
BAXBfOADBADBfOIDBALCV8ADBADChy4DBADDhRYDBAPUwBAwDQYJKoZIhvcNAQEL
BQADggEBABwvW9kzt4De11IdY53CDhtfHG7oh9CvDeQDksWnWtJslJshoKjxC8UY
ABAcb14wQL1rHwxPXItgJsPCACFO8jXC+iWqDTv2HnDTkTta0QIboNTfTTBMxosL
J8L+uRkn7GGIO7NGD2jFla3sFLVGzEDPGhrI7tozn896B8pC2N9qslCoLgsfTlp4
kUJp9Tyk4ZNIc8MQ0edPpEoWAlJgTy8sS1g+JbmLB7IwEq3JfLd2LExriKWN4+O8
Rsc/Vya6ok28+Sam8P9H3PbikuV7FV6AZXly/O5XlRcTJyO+iQP0JU71YP/XYwHa
U5SiLZMVl18360VtNALGmkRT005DQIY=
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:09:18 2025 by rpki-client