Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5-jLmNaf3t6XJx3xo9cHWmtbyMo.roa
File: 5-jLmNaf3t6XJx3xo9cHWmtbyMo.roa (raw, json)
Hash identifier: 76PWu/EB21uIrysAdW9lVoD4qf9GmAQIrxchmRK3cu0=
Subject key identifier: E7:E8:CB:98:D6:9F:DE:DE:97:27:1D:F1:A3:D7:07:5A:6B:5B:C8:CA
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019428251CD1B0118C796784D310047F4A0F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5-jLmNaf3t6XJx3xo9cHWmtbyMo.roa
Signing time: Thu 02 Jan 2025 17:51:48 +0000
ROA not before: Thu 02 Jan 2025 17:51:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 399471
IP address blocks: 194.85.250.0/24 maxlen: 24
212.192.245.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:1c:d1:b0:11:8c:79:67:84:d3:10:04:7f:4a:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e7e8cb98d69fdede97271df1a3d7075a6b5bc8ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:35:81:19:cc:23:25:b7:f4:a2:63:0e:8e:ac:
f5:4c:23:c4:3a:35:86:04:34:aa:62:42:24:fe:59:
08:31:a1:39:d6:80:dd:2a:31:4d:1f:7b:8d:70:4d:
e1:6a:5e:d0:8f:3c:70:ad:29:c1:fc:78:01:02:3f:
48:5a:98:da:c0:fc:d4:95:eb:2e:a1:10:44:34:85:
0f:4c:40:ed:b7:85:ee:44:a8:a1:d2:e5:c9:5d:ea:
72:90:6d:54:a3:35:46:1d:eb:35:8a:57:9d:17:99:
b1:a6:c7:fd:15:e5:98:88:db:7a:8c:42:21:5a:00:
32:02:82:f3:70:db:15:b5:06:91:16:74:00:2a:9f:
44:03:f9:d3:4e:23:de:51:34:b2:f0:81:d6:8d:89:
73:bf:a3:d7:d5:8b:77:cb:74:8f:4d:7a:34:17:42:
ec:66:d3:85:ac:71:dc:5c:16:02:2e:fc:79:50:e7:
a4:15:e1:cc:a1:01:3b:cd:ce:d0:70:70:e2:7b:8c:
21:ae:bf:43:0e:91:4b:ba:01:ce:f7:06:a3:a8:a0:
e4:fd:00:e6:99:19:43:77:db:d2:f3:51:f1:cb:be:
29:bb:5c:a6:0d:2a:37:bc:43:c0:34:c5:70:a2:e9:
39:3c:1d:00:87:90:d2:d3:01:e1:13:aa:48:a2:22:
99:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:E8:CB:98:D6:9F:DE:DE:97:27:1D:F1:A3:D7:07:5A:6B:5B:C8:CA
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5-jLmNaf3t6XJx3xo9cHWmtbyMo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.85.250.0/24
212.192.245.0/24
Signature Algorithm: sha256WithRSAEncryption
31:dd:ae:3a:23:6d:25:cf:8d:a4:bd:ca:ff:05:ab:ef:42:f9:
b4:ed:69:55:52:4f:67:1a:89:1f:c6:51:bc:d0:91:4b:b5:00:
ed:06:bc:3b:89:d6:2c:e7:6b:7c:f2:0e:4c:a7:13:6c:23:99:
d5:45:ac:ae:d2:ed:ec:2b:79:7a:ae:30:83:47:cc:5b:40:09:
bb:03:98:e5:cf:31:f8:5c:ac:53:37:7e:5d:6e:27:fd:be:e3:
4d:d6:f4:c9:8f:2c:15:8a:5c:5c:e7:06:45:44:ab:29:b5:a1:
8c:5b:20:b5:1f:7d:25:dd:b7:9b:4f:dc:bc:44:82:43:bf:72:
88:32:64:5f:d8:19:e1:a4:78:85:d3:6d:cf:33:87:aa:72:da:
6f:31:d1:10:d3:2e:d2:de:8f:a2:80:cf:ad:52:92:3e:7a:9f:
73:95:8f:0c:0c:fd:5e:f0:68:2f:67:55:3b:1c:91:3d:a2:9f:
87:fc:56:21:aa:b2:5c:77:12:96:c6:10:44:73:09:c3:a3:ab:
34:6b:e2:17:05:f1:86:df:9b:2d:b3:72:40:23:42:26:ae:0e:
5a:3b:ff:ac:12:e1:a8:cd:07:2d:a2:95:bd:54:bb:3b:71:87:
42:4d:8b:d5:f0:b8:aa:08:9b:0b:f9:15:bd:4e:54:25:69:62:
9b:0c:c0:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJRzRsBGMeWeE0xAEf0oPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2U4Y2I5OGQ2OWZkZWRlOTcyNzFkZjFhM2Q3MDc1YTZiNWJjOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDWBGcwjJbf0omMOjqz1TCPEOjWG
BDSqYkIk/lkIMaE51oDdKjFNH3uNcE3hal7QjzxwrSnB/HgBAj9IWpjawPzUlesu
oRBENIUPTEDtt4XuRKih0uXJXepykG1UozVGHes1iledF5mxpsf9FeWYiNt6jEIh
WgAyAoLzcNsVtQaRFnQAKp9EA/nTTiPeUTSy8IHWjYlzv6PX1Yt3y3SPTXo0F0Ls
ZtOFrHHcXBYCLvx5UOekFeHMoQE7zc7QcHDie4whrr9DDpFLugHO9wajqKDk/QDm
mRlDd9vS81Hxy74pu1ymDSo3vEPANMVwouk5PB0Ah5DS0wHhE6pIoiKZTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOfoy5jWn97elycd8aPXB1prW8jKMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNS1qTG1OYWYzdDZYSngzeG85Y0hXbXRieU1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwlX6AwQA
1MD1MA0GCSqGSIb3DQEBCwUAA4IBAQAx3a46I20lz42kvcr/BavvQvm07WlVUk9n
GokfxlG80JFLtQDtBrw7idYs52t88g5MpxNsI5nVRayu0u3sK3l6rjCDR8xbQAm7
A5jlzzH4XKxTN35dbif9vuNN1vTJjywVilxc5wZFRKsptaGMWyC1H30l3bebT9y8
RIJDv3KIMmRf2BnhpHiF023PM4eqctpvMdEQ0y7S3o+igM+tUpI+ep9zlY8MDP1e
8GgvZ1U7HJE9op+H/FYhqrJcdxKWxhBEcwnDo6s0a+IXBfGG35sts3JAI0Imrg5a
O/+sEuGozQctopW9VLs7cYdCTYvV8LiqCJsL+RW9TlQlaWKbDMCV
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:20:58 2025 by rpki-client