Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8kxvTnCw1C3W5SSOf9vIOrPOaOo.roa
File: 8kxvTnCw1C3W5SSOf9vIOrPOaOo.roa (raw, json)
Hash identifier: opYbNZcgIWsOIwDY4+3srcLnN4DkfEVgHGWfbQFRSaU=
Subject key identifier: F2:4C:6F:4E:70:B0:D4:2D:D6:E5:24:8E:7F:DB:C8:3A:B3:CE:68:EA
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824F5074B04FD242A2A75BDB68C9A52
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8kxvTnCw1C3W5SSOf9vIOrPOaOo.roa
Signing time: Thu 02 Jan 2025 17:51:38 +0000
ROA not before: Thu 02 Jan 2025 17:51:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58061
IP address blocks: 192.124.191.0/24 maxlen: 24
193.124.5.0/24 maxlen: 24
194.87.12.0/24 maxlen: 24
194.87.22.0/24 maxlen: 24
194.87.32.0/24 maxlen: 24
194.87.40.0/24 maxlen: 24
194.87.88.0/24 maxlen: 24
194.87.89.0/24 maxlen: 24
194.87.124.0/24 maxlen: 24
194.87.136.0/24 maxlen: 24
194.87.142.0/24 maxlen: 24
194.87.150.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.185.0/24 maxlen: 24
195.133.6.0/24 maxlen: 24
195.133.29.0/24 maxlen: 24
195.133.42.0/24 maxlen: 24
195.133.43.0/24 maxlen: 24
195.133.72.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
195.133.192.0/24 maxlen: 24
212.193.14.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:f5:07:4b:04:fd:24:2a:2a:75:bd:b6:8c:9a:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f24c6f4e70b0d42dd6e5248e7fdbc83ab3ce68ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:8b:0b:1a:5c:eb:1b:c5:c9:ad:59:18:3a:8e:
e9:0e:36:a3:8d:0d:7e:78:81:d3:65:b4:ec:4f:e3:
6f:76:ab:5f:3a:69:02:f0:e4:cf:d0:ee:63:2f:62:
d1:b9:38:42:22:84:95:67:e8:3c:82:5e:04:aa:78:
81:8d:e3:67:c5:e0:b8:0f:ab:c1:41:b2:c8:e9:98:
77:35:e6:9f:95:62:48:91:68:62:6e:53:a4:02:6b:
dc:2e:66:e2:8f:43:ae:7b:54:14:df:e2:9e:6b:a1:
b2:6b:ae:d4:40:63:58:3c:93:1e:86:ab:28:7b:d9:
33:f1:78:b5:40:d6:cd:ec:09:fb:23:39:7d:0b:85:
63:70:d3:8b:13:a5:b3:da:14:17:8d:71:e1:77:50:
ff:e2:f0:64:81:0f:7b:b8:13:54:a9:95:8d:4f:ba:
ff:b5:65:fb:80:f9:25:b0:3d:df:46:60:29:d1:a0:
c8:f4:d9:cf:22:81:57:0d:07:93:ef:c1:f1:78:37:
d1:17:e1:ee:78:a2:dc:17:89:9a:6e:32:29:c4:96:
79:7a:4a:31:b3:65:3e:20:01:e3:91:16:96:10:39:
79:28:a7:a7:92:cc:42:24:c9:64:ed:11:13:ad:8d:
8b:74:e9:b2:03:02:59:24:6b:9e:c8:a2:3a:24:28:
ed:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:4C:6F:4E:70:B0:D4:2D:D6:E5:24:8E:7F:DB:C8:3A:B3:CE:68:EA
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/8kxvTnCw1C3W5SSOf9vIOrPOaOo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.191.0/24
193.124.5.0/24
194.87.12.0/24
194.87.22.0/24
194.87.32.0/24
194.87.40.0/24
194.87.88.0/23
194.87.124.0/24
194.87.136.0/24
194.87.142.0/24
194.87.150.0/24
194.87.169.0/24
194.87.185.0/24
195.133.6.0/24
195.133.29.0/24
195.133.42.0/23
195.133.72.0/24
195.133.85.0/24
195.133.192.0/24
212.193.14.0/24
Signature Algorithm: sha256WithRSAEncryption
27:82:74:3c:6a:45:db:f5:12:4f:87:e5:c8:34:e7:c7:f8:c5:
9b:7c:fe:a7:38:da:39:83:a3:cb:8a:45:d3:33:00:3d:7f:95:
77:27:5d:fa:ca:ae:e0:b2:a9:a3:d4:82:5a:ae:82:e0:f2:23:
88:32:cd:d9:b2:a5:6f:70:75:52:52:49:5d:77:e8:9f:05:84:
9c:c1:01:38:97:e7:3a:fd:48:eb:7b:65:6c:e2:b4:75:05:6e:
0e:c3:ca:b9:99:f4:85:2b:9f:24:40:1a:ec:66:c6:9b:f5:b8:
7d:bc:40:aa:c2:31:90:44:d3:72:0e:eb:39:79:82:bf:0a:ea:
8a:87:57:96:fe:f3:b2:b5:63:25:35:03:35:ae:b9:d5:cc:a8:
93:93:10:6b:a9:18:07:c6:71:c8:9f:76:82:1d:06:e9:2d:e4:
f3:83:01:52:cb:0f:f9:ab:3f:2f:af:0f:db:60:50:9d:36:ca:
91:b7:2f:08:15:68:af:33:da:b7:2b:66:3c:21:9f:58:2e:37:
74:03:f4:50:ec:70:ec:83:d8:c1:3c:69:a3:63:89:02:e1:e0:
30:46:c3:8a:60:c2:db:b5:cf:45:d5:5c:c1:52:3f:4a:24:31:
a4:f7:8e:13:c7:61:d8:5f:f8:6f:82:e9:5a:fb:47:b5:41:35:
19:19:24:70
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAZQoJPUHSwT9JCoqdb22jJpSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjRjNmY0ZTcwYjBkNDJkZDZlNTI0OGU3ZmRiYzgzYWIzY2U2OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4sLGlzrG8XJrVkYOo7pDjajjQ1+
eIHTZbTsT+NvdqtfOmkC8OTP0O5jL2LRuThCIoSVZ+g8gl4EqniBjeNnxeC4D6vB
QbLI6Zh3NeaflWJIkWhiblOkAmvcLmbij0Oue1QU3+Kea6Gya67UQGNYPJMehqso
e9kz8Xi1QNbN7An7Izl9C4VjcNOLE6Wz2hQXjXHhd1D/4vBkgQ97uBNUqZWNT7r/
tWX7gPklsD3fRmAp0aDI9NnPIoFXDQeT78HxeDfRF+HueKLcF4mabjIpxJZ5ekox
s2U+IAHjkRaWEDl5KKenksxCJMlk7RETrY2LdOmyAwJZJGueyKI6JCjtxQIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFPJMb05wsNQt1uUkjn/byDqzzmjqMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOGt4dlRuQ3cxQzNXNVNTT2Y5dklPclBPYU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4AwQAwHy/
AwQAwXwFAwQAwlcMAwQAwlcWAwQAwlcgAwQAwlcoAwQBwldYAwQAwld8AwQAwleI
AwQAwleOAwQAwleWAwQAwlepAwQAwle5AwQAw4UGAwQAw4UdAwQBw4UqAwQAw4VI
AwQAw4VVAwQAw4XAAwQA1MEOMA0GCSqGSIb3DQEBCwUAA4IBAQAngnQ8akXb9RJP
h+XINOfH+MWbfP6nONo5g6PLikXTMwA9f5V3J136yq7gsqmj1IJaroLg8iOIMs3Z
sqVvcHVSUkldd+ifBYScwQE4l+c6/Ujre2Vs4rR1BW4Ow8q5mfSFK58kQBrsZsab
9bh9vECqwjGQRNNyDus5eYK/CuqKh1eW/vOytWMlNQM1rrnVzKiTkxBrqRgHxnHI
n3aCHQbpLeTzgwFSyw/5qz8vrw/bYFCdNsqRty8IFWivM9q3K2Y8IZ9YLjd0A/RQ
7HDsg9jBPGmjY4kC4eAwRsOKYMLbtc9F1VzBUj9KJDGk944Tx2HYX/hvgula+0e1
QTUZGSRw
-----END CERTIFICATE-----
Generated at Sat Apr 19 11:31:08 2025 by rpki-client