Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8Kd2c6e-kXmkMrD9UrVWSWfm0zc.roa
File: 8Kd2c6e-kXmkMrD9UrVWSWfm0zc.roa (raw, json)
Hash identifier: vUoq9mi+9HtToqvNmJD72Dx9n6Dv3R1TnK5qf0NtvpA=
Subject key identifier: F0:A7:76:73:A7:BE:91:79:A4:32:B0:FD:52:B5:56:49:67:E6:D3:37
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193D37E3150BFF5A3908A3E5A7ECBD8538B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8Kd2c6e-kXmkMrD9UrVWSWfm0zc.roa
Signing time: Tue 17 Dec 2024 07:21:22 +0000
ROA not before: Tue 17 Dec 2024 07:21:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.15.0/24 maxlen: 24
193.124.224.0/23 maxlen: 23
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.214.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:d3:7e:31:50:bf:f5:a3:90:8a:3e:5a:7e:cb:d8:53:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 17 07:21:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f0a77673a7be9179a432b0fd52b5564967e6d337
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:2a:8f:bb:1f:c2:31:77:ce:9b:e1:41:1d:99:
01:dd:eb:04:5b:52:56:2a:97:6d:05:d5:09:16:ff:
51:30:c1:90:d3:a8:95:d4:8d:3e:ea:d6:fd:37:bc:
96:42:cf:13:a6:88:09:87:99:87:9a:5e:72:1c:5c:
1a:94:c8:f4:9a:d4:74:86:ad:77:e2:9a:6f:94:32:
12:ff:83:29:bf:92:95:5a:ff:c2:d6:4d:49:f2:1e:
aa:5d:63:d7:17:58:68:e8:f5:9a:6a:5a:c8:8d:72:
ab:00:ba:00:bd:b5:c3:4d:72:6c:5c:94:fd:9a:06:
25:bf:db:dd:86:38:ec:8f:ab:f7:50:b5:b3:48:33:
be:7b:07:e8:51:f1:c4:e2:b3:13:e4:58:70:93:8f:
e4:64:65:47:41:6c:78:42:65:ce:c9:67:ab:aa:cb:
1c:5d:45:f2:bd:d3:87:3d:c9:77:49:75:a9:f3:b4:
7d:95:15:97:84:56:4e:0a:dd:2a:c1:d5:63:ec:ed:
8d:19:6b:4a:a6:f1:38:bb:3a:ab:d6:46:cb:1c:a8:
a8:86:ae:4d:2a:f5:91:b3:0a:ad:16:45:09:34:a3:
3b:f4:bb:69:d2:ec:ea:18:2d:b4:f4:30:f4:df:fc:
ff:98:3a:78:45:f0:44:e5:ea:78:6c:2a:ac:76:d5:
78:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:A7:76:73:A7:BE:91:79:A4:32:B0:FD:52:B5:56:49:67:E6:D3:37
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8Kd2c6e-kXmkMrD9UrVWSWfm0zc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.15.0/24
193.124.224.0/23
194.58.155.0/24
194.85.251.0/24
194.87.108.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.214.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
0e:81:09:76:5d:49:81:99:8a:42:87:f0:3f:39:32:0a:70:e3:
c5:10:c0:ef:1e:cd:ae:85:6e:41:f2:f6:41:ec:75:ed:27:28:
d8:08:23:74:d2:90:3b:52:5d:0d:95:30:b7:e9:bc:2a:b6:9b:
21:b5:3b:26:49:ec:29:ef:03:58:12:24:30:bb:d1:11:91:3f:
1d:38:9d:3e:b6:a2:d7:f2:f3:c8:0f:f6:d5:fe:d0:42:db:55:
94:6b:da:18:54:9c:6f:b4:06:75:08:d7:cf:a0:93:cd:a6:fe:
77:f3:f4:5e:9a:ad:e5:e0:cc:88:3a:53:af:a0:a5:b8:d3:a3:
88:87:67:5d:58:0d:24:2d:d0:6e:1b:84:1d:4b:93:02:ed:d8:
5d:16:93:6d:db:d2:58:76:8b:0e:99:b2:2a:d7:14:9d:18:1a:
d4:c2:c2:31:63:22:de:b4:fb:79:ca:b4:87:fb:dd:a2:b7:95:
07:5f:c9:b3:88:ca:0f:e1:92:be:29:b1:9e:40:f8:d8:97:35:
61:18:f6:26:5c:01:89:9a:72:fd:78:99:28:38:82:cf:83:51:
7d:44:c3:06:01:bf:a4:6a:a9:34:fc:0e:4b:b7:7c:23:a5:0a:
f2:7f:c0:88:d6:b9:a0:47:03:72:61:fe:5f:a8:e9:01:34:a7:
e0:26:64:43
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAZPTfjFQv/WjkIo+Wn7L2FOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjE3MDcyMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGE3NzY3M2E3YmU5MTc5YTQzMmIwZmQ1MmI1NTY0OTY3ZTZkMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yqPux/CMXfOm+FBHZkB3esEW1JW
KpdtBdUJFv9RMMGQ06iV1I0+6tb9N7yWQs8TpogJh5mHml5yHFwalMj0mtR0hq13
4ppvlDIS/4Mpv5KVWv/C1k1J8h6qXWPXF1ho6PWaalrIjXKrALoAvbXDTXJsXJT9
mgYlv9vdhjjsj6v3ULWzSDO+ewfoUfHE4rMT5Fhwk4/kZGVHQWx4QmXOyWerqssc
XUXyvdOHPcl3SXWp87R9lRWXhFZOCt0qwdVj7O2NGWtKpvE4uzqr1kbLHKiohq5N
KvWRswqtFkUJNKM79Ltp0uzqGC209DD03/z/mDp4RfBE5ep4bCqsdtV4gQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFPCndnOnvpF5pDKw/VK1Vkln5tM3MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOEtkMmM2ZS1rWG1rTXJEOVVyVldTV2ZtMHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwWgQCAAEwVAMEAMF8DwME
AcF84AMEAMI6mwMEAMJV+wMEAMJXbAMEAMJXqQMEAMJX4AMEAMKHIQMEAcOFGAME
AcOFKAMEAcOFMgMEAcOFXAMEANTA1gMEAdTBGjAUBAIAAjAOAwUDKgFXwAMFAyoM
/0AwDQYJKoZIhvcNAQELBQADggEBAA6BCXZdSYGZikKH8D85Mgpw48UQwO8eza6F
bkHy9kHsde0nKNgII3TSkDtSXQ2VMLfpvCq2myG1OyZJ7CnvA1gSJDC70RGRPx04
nT62otfy88gP9tX+0ELbVZRr2hhUnG+0BnUI18+gk82m/nfz9F6areXgzIg6U6+g
pbjTo4iHZ11YDSQt0G4bhB1LkwLt2F0Wk23b0lh2iw6ZsirXFJ0YGtTCwjFjIt60
+3nKtIf73aK3lQdfybOIyg/hkr4psZ5A+NiXNWEY9iZcAYmacv14mSg4gs+DUX1E
wwYBv6RqqTT8Dku3fCOlCvJ/wIjWuaBHA3Jh/l+o6QE0p+AmZEM=
-----END CERTIFICATE-----
Generated at Sun Jun 8 18:21:14 2025 by rpki-client