Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BklDoh7MzTdkJGlYgh5Hhze3460.roa
File: BklDoh7MzTdkJGlYgh5Hhze3460.roa (raw, json)
Hash identifier: PNoaOZHag9U7RNcuF+u8VPGhngXzhSJqKUOXa/T4VbQ=
Subject key identifier: 06:49:43:A2:1E:CC:CD:37:64:24:69:58:82:1E:47:87:37:B7:E3:AD
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018949331459839F9615DEA047D8E2F7758D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BklDoh7MzTdkJGlYgh5Hhze3460.roa
Signing time: Wed 12 Jul 2023 08:23:51 +0000
ROA not before: Wed 12 Jul 2023 08:23:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 194.87.205.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
194.87.246.0/24 maxlen: 24
193.124.46.0/24 maxlen: 24
194.58.44.0/24 maxlen: 24
194.87.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:49:33:14:59:83:9f:96:15:de:a0:47:d8:e2:f7:75:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 12 08:23:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=064943a21ecccd3764246958821e478737b7e3ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:a2:37:b1:dd:5c:84:a6:ac:2e:04:ac:39:4f:
21:12:0c:2f:88:ca:00:89:af:a8:d3:27:4a:58:bb:
fa:f8:3e:2c:2a:18:8e:eb:99:15:e8:e6:38:5d:68:
b9:83:8d:b2:d6:fd:c0:59:87:61:e9:f4:7e:10:0f:
20:46:e2:64:f0:66:30:ca:83:2a:7c:1e:85:f0:1b:
3e:ad:f1:15:9b:24:68:26:64:d2:a6:64:6b:be:94:
ac:9f:32:90:33:f2:44:3b:7d:f6:39:6a:5d:2b:af:
2a:af:3b:03:eb:02:bf:9b:79:61:24:b2:06:18:60:
f6:87:d8:91:3c:f1:ae:b2:f7:f7:1a:44:0d:cc:d7:
5c:65:70:3f:21:0b:34:78:12:71:41:54:61:3f:7a:
55:5b:4c:42:8e:36:d4:6b:ae:7a:57:50:eb:7d:9e:
e3:d0:15:f2:3e:0f:73:d6:bc:4b:0b:84:41:ea:fe:
e5:88:d3:30:20:1c:ca:2f:90:7b:8a:19:b5:05:a9:
f4:e8:c2:cd:b2:cb:9b:31:aa:8b:6c:a6:1a:85:1c:
c2:90:e1:65:ef:c2:15:37:74:67:7b:5e:25:d5:9b:
2d:67:f5:97:01:41:52:b5:27:b4:c1:b5:63:67:65:
17:cf:ca:67:77:07:b1:e8:90:a2:f4:0a:9a:d4:9f:
e8:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:49:43:A2:1E:CC:CD:37:64:24:69:58:82:1E:47:87:37:B7:E3:AD
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BklDoh7MzTdkJGlYgh5Hhze3460.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.46.0/24
194.58.44.0/24
194.87.170.0/24
194.87.205.0/24
194.87.246.0/24
195.133.85.0/24
Signature Algorithm: sha256WithRSAEncryption
12:c1:a3:45:5d:20:7d:a4:8d:1a:8b:da:54:33:38:02:ba:b2:
f4:39:32:c1:a4:c8:46:17:d6:0d:64:28:d7:23:ab:a7:e9:59:
a3:73:ec:04:8f:9b:ed:3a:c1:74:af:e1:9e:bd:34:60:31:f9:
3d:81:0f:f6:c8:18:0e:6f:8d:b8:f1:6a:a7:f6:7d:45:48:bf:
fd:6a:cb:a8:73:e8:ee:03:e6:26:08:18:b0:0c:0f:e2:de:84:
5d:64:1b:15:d9:5f:68:e3:17:81:24:b5:6e:31:fd:22:c2:34:
59:db:3d:a0:45:23:25:28:b6:f9:c7:a7:61:e7:d5:39:e5:f1:
02:24:2c:bb:47:fb:bf:5f:f6:cc:5c:89:dd:ce:f0:89:3f:73:
8f:86:17:5b:3f:24:09:bc:7f:08:24:5b:8d:fe:41:6b:79:79:
8f:55:07:a7:03:c1:cb:87:fe:2c:a0:03:0b:d5:9a:c9:24:10:
c8:b7:26:18:e8:4d:d3:c4:a8:55:d9:80:77:7e:05:9b:33:0b:
15:d8:c8:e4:b3:d0:9c:97:d2:ff:70:78:6b:a4:cb:88:b7:31:
ee:cc:19:b6:e0:66:0b:b8:76:da:0e:81:23:73:5e:01:e2:fb:
ca:e4:5b:64:2f:7e:97:68:b7:0b:87:a5:86:19:24:7a:ec:f3:
ee:7b:cd:ce
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYlJMxRZg5+WFd6gR9ji93WNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNzEyMDgyMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ5NDNhMjFlY2NjZDM3NjQyNDY5NTg4MjFlNDc4NzM3YjdlM2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qI3sd1chKasLgSsOU8hEgwviMoA
ia+o0ydKWLv6+D4sKhiO65kV6OY4XWi5g42y1v3AWYdh6fR+EA8gRuJk8GYwyoMq
fB6F8Bs+rfEVmyRoJmTSpmRrvpSsnzKQM/JEO332OWpdK68qrzsD6wK/m3lhJLIG
GGD2h9iRPPGusvf3GkQNzNdcZXA/IQs0eBJxQVRhP3pVW0xCjjbUa656V1DrfZ7j
0BXyPg9z1rxLC4RB6v7liNMwIBzKL5B7ihm1Ban06MLNssubMaqLbKYahRzCkOFl
78IVN3Rne14l1ZstZ/WXAUFStSe0wbVjZ2UXz8pndwex6JCi9Aqa1J/o0wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFAZJQ6IezM03ZCRpWIIeR4c3t+OtMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQmtsRG9oN016VGRrSkdsWWdoNUhoemUzNDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwXwuAwQA
wjosAwQAwleqAwQAwlfNAwQAwlf2AwQAw4VVMA0GCSqGSIb3DQEBCwUAA4IBAQAS
waNFXSB9pI0ai9pUMzgCurL0OTLBpMhGF9YNZCjXI6un6Vmjc+wEj5vtOsF0r+Ge
vTRgMfk9gQ/2yBgOb4248Wqn9n1FSL/9asuoc+juA+YmCBiwDA/i3oRdZBsV2V9o
4xeBJLVuMf0iwjRZ2z2gRSMlKLb5x6dh59U55fECJCy7R/u/X/bMXIndzvCJP3OP
hhdbPyQJvH8IJFuN/kFreXmPVQenA8HLh/4soAML1ZrJJBDItyYY6E3TxKhV2YB3
fgWbMwsV2Mjks9Ccl9L/cHhrpMuItzHuzBm24GYLuHbaDoEjc14B4vvK5FtkL36X
aLcLh6WGGSR67PPue83O
-----END CERTIFICATE-----
Generated at Sun Jun 8 12:53:49 2025 by rpki-client