Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ba108Lf6OQ1iGA6KHbfY0B7w0c0.roa
File: Ba108Lf6OQ1iGA6KHbfY0B7w0c0.roa (raw, json)
Hash identifier: +qqNRxvI2DhG7zGK+09hLSq+dqvbS9zG6ht4xTjQkBM=
Subject key identifier: 05:AD:74:F0:B7:FA:39:0D:62:18:0E:8A:1D:B7:D8:D0:1E:F0:D1:CD
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019396593A177C14C90B8612C64E5D17DB9E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ba108Lf6OQ1iGA6KHbfY0B7w0c0.roa
Signing time: Thu 05 Dec 2024 10:24:10 +0000
ROA not before: Thu 05 Dec 2024 10:24:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.89.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.17.0/24 maxlen: 24
194.87.23.0/24 maxlen: 24
194.87.105.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.37.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.1.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:96:59:3a:17:7c:14:c9:0b:86:12:c6:4e:5d:17:db:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 5 10:24:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=05ad74f0b7fa390d62180e8a1db7d8d01ef0d1cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:1f:01:b3:ed:b1:a3:74:f6:b8:e5:f5:2d:1b:
60:31:90:c7:41:74:87:81:28:3c:29:ce:03:85:12:
08:1b:d8:0e:55:36:2d:67:23:b8:ca:fa:18:f7:41:
df:97:73:c3:21:43:66:10:d6:f5:36:54:da:f9:9a:
ed:1d:99:33:56:cb:b4:b9:29:a3:30:8d:ca:29:1f:
e8:c2:34:e8:f0:70:53:32:dd:ce:66:55:c5:66:41:
33:ad:13:19:68:67:01:01:9f:68:8e:2d:c4:60:14:
ed:a9:f8:ae:6f:c1:43:7e:0d:e9:e1:ee:e5:3c:18:
61:d9:71:d9:2b:66:2e:a7:25:d2:97:e3:1b:e5:6b:
26:29:92:8d:e5:6c:7b:a6:3a:60:82:2d:fe:9d:26:
03:ee:5c:0f:a3:1e:06:04:d6:b7:2a:3b:09:8a:36:
3b:59:88:3b:67:95:fc:34:27:d7:d6:db:37:10:42:
5c:2a:ca:ca:04:e3:da:08:80:f5:f8:6d:c4:8c:2f:
0e:83:ca:cd:83:81:4a:4c:a6:c2:fb:c8:d3:c3:43:
d3:19:26:1a:80:5b:98:30:2b:8c:74:02:03:9f:9d:
ba:e8:b9:75:d1:28:be:f2:65:0c:e2:39:6e:02:93:
0f:78:22:4d:6c:06:7c:97:d4:bb:6c:d2:41:5d:5f:
32:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:AD:74:F0:B7:FA:39:0D:62:18:0E:8A:1D:B7:D8:D0:1E:F0:D1:CD
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ba108Lf6OQ1iGA6KHbfY0B7w0c0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.89.0/24
194.58.155.0/24
194.85.251.0/24
194.87.17.0/24
194.87.23.0/24
194.87.105.0/24
194.87.108.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.37.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.1.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
65:f9:c9:de:62:8a:dc:45:76:bb:9a:58:fc:4e:89:29:71:7b:
d3:6d:56:d5:ea:f3:2b:ba:bc:82:4b:9f:59:5c:b7:cf:85:af:
d8:85:75:80:20:00:49:db:b7:77:e4:f4:33:f7:6a:23:60:ef:
62:da:d2:56:0f:d5:68:b3:9e:b8:35:39:5d:1c:85:0c:37:c4:
a8:c1:14:49:77:2b:31:28:84:36:0c:1d:4d:b2:27:3b:0c:15:
71:11:4e:03:1c:cd:bc:23:42:34:88:0f:da:9e:f9:27:a7:4a:
61:13:e7:5f:75:93:98:48:f2:f3:b9:c8:da:3d:54:53:8a:f9:
87:07:30:19:cd:1e:ad:f9:b3:56:46:8d:13:4a:11:09:ad:d3:
fd:b2:9f:25:a1:3c:07:dc:db:92:98:b9:bd:77:da:37:22:be:
e4:a9:54:30:c1:7f:4d:76:8d:35:8a:49:67:e7:20:da:47:8e:
4a:6a:25:be:01:fa:03:d1:f3:e6:92:20:76:42:57:db:23:e7:
91:9d:84:fc:61:35:30:b7:54:7c:8b:c6:6d:da:af:f4:65:ae:
40:d0:39:e9:6c:56:33:df:de:1c:65:f9:74:03:79:b9:b6:7f:
c6:d9:93:34:43:4e:ce:97:ca:ff:da:41:de:57:02:08:b6:4d:
fa:c1:6c:b8
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgISAZOWWToXfBTJC4YSxk5dF9ueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjA1MTAyNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWFkNzRmMGI3ZmEzOTBkNjIxODBlOGExZGI3ZDhkMDFlZjBkMWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnB8Bs+2xo3T2uOX1LRtgMZDHQXSH
gSg8Kc4DhRIIG9gOVTYtZyO4yvoY90Hfl3PDIUNmENb1NlTa+ZrtHZkzVsu0uSmj
MI3KKR/owjTo8HBTMt3OZlXFZkEzrRMZaGcBAZ9oji3EYBTtqfiub8FDfg3p4e7l
PBhh2XHZK2YupyXSl+Mb5WsmKZKN5Wx7pjpggi3+nSYD7lwPox4GBNa3KjsJijY7
WYg7Z5X8NCfX1ts3EEJcKsrKBOPaCID1+G3EjC8Og8rNg4FKTKbC+8jTw0PTGSYa
gFuYMCuMdAIDn5266Ll10Si+8mUM4jluApMPeCJNbAZ8l9S7bNJBXV8yLwIDAQAB
o4ICgjCCAn4wHQYDVR0OBBYEFAWtdPC3+jkNYhgOih232NAe8NHNMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQmExMDhMZjZPUTFpR0E2S0hiZlkwQjd3MGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGXBggrBgEFBQcBBwEB/wSBhzCBhDBsBAIAATBmAwQAwXxZ
AwQAwjqbAwQAwlX7AwQAwlcRAwQAwlcXAwQAwldpAwQAwldsAwQAwlepAwQAwlfg
AwQAwochAwQBw4UYAwQAw4UlAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MABAwQB1MEa
MBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAZfnJ3mKK
3EV2u5pY/E6JKXF7021W1erzK7q8gkufWVy3z4Wv2IV1gCAASdu3d+T0M/dqI2Dv
YtrSVg/VaLOeuDU5XRyFDDfEqMEUSXcrMSiENgwdTbInOwwVcRFOAxzNvCNCNIgP
2p75J6dKYRPnX3WTmEjy87nI2j1UU4r5hwcwGc0erfmzVkaNE0oRCa3T/bKfJaE8
B9zbkpi5vXfaNyK+5KlUMMF/TXaNNYpJZ+cg2keOSmolvgH6A9Hz5pIgdkJX2yPn
kZ2E/GE1MLdUfIvGbdqv9GWuQNA56WxWM9/eHGX5dAN5ubZ/xtmTNENOzpfK/9pB
3lcCCLZN+sFsuA==
-----END CERTIFICATE-----
Generated at Sat Apr 19 18:36:43 2025 by rpki-client