Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DOpW7Yer0tJa3O6lAbiOTcI-bHE.roa
File: DOpW7Yer0tJa3O6lAbiOTcI-bHE.roa (raw, json)
Hash identifier: BbAEckV/ngYPb14PrSfQFUwUQ+zPTgqupSYkEaLPj5w=
Subject key identifier: 0C:EA:56:ED:87:AB:D2:D2:5A:DC:EE:A5:01:B8:8E:4D:C2:3E:6C:71
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824E278CB6E3F63B722B592829307D7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DOpW7Yer0tJa3O6lAbiOTcI-bHE.roa
Signing time: Thu 02 Jan 2025 17:51:33 +0000
ROA not before: Thu 02 Jan 2025 17:51:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.224.0/23 maxlen: 23
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.192.214.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:e2:78:cb:6e:3f:63:b7:22:b5:92:82:93:07:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0cea56ed87abd2d25adceea501b88e4dc23e6c71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:de:67:a8:9a:c5:43:da:1e:b2:c0:f7:34:23:
24:4b:15:18:7a:eb:02:bc:eb:4a:bb:91:ee:bb:a6:
f9:a4:db:48:04:00:2a:10:49:69:03:a6:05:55:f3:
ab:b9:4e:1c:08:ac:b9:c6:1d:fd:0d:c8:56:01:2a:
cd:20:54:47:e4:be:5e:1a:1a:a4:57:11:f1:02:6f:
0d:e1:e5:2c:b5:fd:44:a4:06:d0:70:62:b5:b0:59:
05:da:f7:9c:18:74:8d:88:03:b9:96:2c:65:b9:68:
0a:db:a0:bb:0f:2a:ad:d3:36:03:69:15:b6:38:22:
a6:15:5c:8c:c3:2f:51:56:b2:df:71:47:5b:d2:34:
2e:f1:7f:8a:f3:0c:f5:bc:a6:1c:0d:b0:7d:48:22:
1c:83:7a:c2:61:47:36:7a:80:da:51:d6:39:be:91:
33:85:56:54:cb:d0:9f:67:d3:1f:37:27:b3:9b:ff:
8b:51:93:34:85:9e:21:b1:6b:0d:3f:bd:78:38:f0:
f2:79:80:78:69:d5:2b:40:12:4c:f8:3f:3b:65:6f:
9e:6a:72:f1:31:8a:a8:3d:56:c8:bc:97:81:bb:d2:
cc:31:de:ee:96:b2:49:f7:9f:8d:aa:2d:fd:42:9f:
d0:0c:74:e1:12:9c:d5:bb:b9:96:4e:a9:9b:6a:13:
50:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:EA:56:ED:87:AB:D2:D2:5A:DC:EE:A5:01:B8:8E:4D:C2:3E:6C:71
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DOpW7Yer0tJa3O6lAbiOTcI-bHE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.224.0/23
194.58.155.0/24
194.85.251.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.192.214.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
3a:4c:f7:d1:49:fd:33:b1:b8:4d:a6:d6:e3:b3:c2:7e:3f:77:
04:e3:17:51:55:7f:ba:e8:87:dc:5a:1a:09:26:e1:5c:0a:83:
f8:12:17:98:e2:7a:2b:8a:d8:f1:99:ee:41:49:12:a2:0e:50:
2e:7b:e8:0a:4b:96:21:5b:e8:aa:61:71:c5:8c:3d:82:08:fc:
dd:a9:b0:e0:55:93:2b:94:cf:62:81:bb:5e:34:a9:3f:52:5b:
36:97:d7:1f:b4:f3:8e:52:3f:ad:b8:ed:23:4c:a8:6d:05:16:
12:87:d5:1b:48:fa:e6:0c:6c:e2:7a:89:b4:85:2b:71:b9:6c:
96:ab:d5:31:74:8a:7d:bf:94:68:7a:be:55:e0:82:c9:64:c1:
b1:e0:59:4a:8c:80:e8:b7:72:3b:ba:61:5b:c3:2c:61:61:fd:
02:d7:4b:ba:44:f2:2b:14:80:f1:0e:b4:70:5a:5d:8c:91:eb:
a8:7e:b9:4e:f5:6a:60:a2:8e:be:bc:84:85:3b:f5:d5:e4:4c:
9a:16:22:8b:da:0b:95:c3:69:d4:d7:eb:16:2f:5c:37:07:dc:
a2:9a:9f:21:72:af:f1:4b:6a:ed:2e:b8:b9:d8:92:95:93:39:
23:53:ee:b0:ac:d4:0b:f9:66:cc:0f:23:85:e9:51:a9:ff:21:
c5:84:89:72
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZQoJOJ4y24/Y7citZKCkwfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2VhNTZlZDg3YWJkMmQyNWFkY2VlYTUwMWI4OGU0ZGMyM2U2YzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs95nqJrFQ9oessD3NCMkSxUYeusC
vOtKu5Huu6b5pNtIBAAqEElpA6YFVfOruU4cCKy5xh39DchWASrNIFRH5L5eGhqk
VxHxAm8N4eUstf1EpAbQcGK1sFkF2vecGHSNiAO5lixluWgK26C7Dyqt0zYDaRW2
OCKmFVyMwy9RVrLfcUdb0jQu8X+K8wz1vKYcDbB9SCIcg3rCYUc2eoDaUdY5vpEz
hVZUy9CfZ9MfNyezm/+LUZM0hZ4hsWsNP714OPDyeYB4adUrQBJM+D87ZW+eanLx
MYqoPVbIvJeBu9LMMd7ulrJJ95+Nqi39Qp/QDHThEpzVu7mWTqmbahNQZQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFAzqVu2Hq9LSWtzupQG4jk3CPmxxMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRE9wVzdZZXIwdEphM082bEFiaU9UY0ktYkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQBwXzgAwQA
wjqbAwQAwlX7AwQAwlepAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQBw4UyAwQA
w4U7AwQBw4VcAwQA1MDWAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkq
hkiG9w0BAQsFAAOCAQEAOkz30Un9M7G4TabW47PCfj93BOMXUVV/uuiH3FoaCSbh
XAqD+BIXmOJ6K4rY8ZnuQUkSog5QLnvoCkuWIVvoqmFxxYw9ggj83amw4FWTK5TP
YoG7XjSpP1JbNpfXH7TzjlI/rbjtI0yobQUWEofVG0j65gxs4nqJtIUrcblslqvV
MXSKfb+UaHq+VeCCyWTBseBZSoyA6LdyO7phW8MsYWH9AtdLukTyKxSA8Q60cFpd
jJHrqH65TvVqYKKOvryEhTv11eRMmhYii9oLlcNp1NfrFi9cNwfcopqfIXKv8Utq
7S64udiSlZM5I1PusKzUC/lmzA8jhelRqf8hxYSJcg==
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:34:03 2025 by rpki-client