Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/E0-W3UKWyH-tcsLPVVKVU_5w-YM.roa
File: E0-W3UKWyH-tcsLPVVKVU_5w-YM.roa (raw, json)
Hash identifier: doNRZP3yWKF4g8F1VBkJvbqBfKnHEpr1t4VS9SCrDWo=
Subject key identifier: 13:4F:96:DD:42:96:C8:7F:AD:72:C2:CF:55:52:95:53:FE:70:F9:83
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01939D1B26E7AD2D10C43389DA2114C3FE20
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/E0-W3UKWyH-tcsLPVVKVU_5w-YM.roa
Signing time: Fri 06 Dec 2024 17:53:42 +0000
ROA not before: Fri 06 Dec 2024 17:53:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210974
IP address blocks: 212.192.2.0/24 maxlen: 24
212.192.3.0/24 maxlen: 24
212.192.11.0/24 maxlen: 24
212.193.8.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:9d:1b:26:e7:ad:2d:10:c4:33:89:da:21:14:c3:fe:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 6 17:53:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=134f96dd4296c87fad72c2cf55529553fe70f983
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:56:ca:d0:39:7a:c0:b5:ad:30:da:8c:fb:7c:
45:2f:a7:7b:fd:f1:e7:65:f0:2c:5a:82:3c:2d:ff:
de:6f:65:b7:9f:61:a9:5d:0f:b8:d7:a2:a8:05:51:
0b:22:70:c6:49:d4:94:2c:d5:91:1d:ee:4b:79:e9:
95:60:52:00:b2:90:60:df:4d:8e:eb:1c:2c:ff:10:
84:d8:25:39:f3:fa:92:66:af:a3:42:2f:46:7a:b9:
e8:7a:41:16:80:d4:bc:0d:37:77:b7:04:ee:53:a7:
2b:f2:d2:8b:ae:66:cc:d3:04:20:56:e1:7b:31:ed:
e6:f8:1b:8b:78:d0:ac:06:50:63:36:ab:1a:3c:60:
29:c9:3d:f6:7e:7f:ae:38:b3:01:e8:fd:b4:bc:8e:
49:e7:c5:cf:d1:0a:2a:04:2f:ff:10:e8:a0:2a:55:
93:ef:52:d4:19:97:59:c8:84:ab:99:67:b6:47:19:
23:ea:1a:a6:f2:da:3c:04:ea:3f:2a:1b:d9:03:13:
00:c7:b7:47:df:3b:ce:7b:3c:fb:05:7d:17:b0:e9:
0c:36:38:4d:f0:4e:e6:53:64:8b:40:f6:2c:ae:e3:
a1:26:bb:3a:88:62:13:f1:e7:70:4f:23:ee:c0:40:
74:54:3f:12:e8:6d:9a:76:0b:81:94:a6:8b:10:aa:
73:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:4F:96:DD:42:96:C8:7F:AD:72:C2:CF:55:52:95:53:FE:70:F9:83
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/E0-W3UKWyH-tcsLPVVKVU_5w-YM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.192.2.0/23
212.192.11.0/24
212.193.8.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:ca:6a:fa:44:08:e8:eb:32:e9:6e:39:d2:8f:b8:9c:6d:f9:
99:47:6d:04:fa:f6:b9:f1:be:52:8d:6e:83:14:3a:28:af:1e:
96:ef:e4:5b:90:c5:2c:45:1a:7a:aa:a6:74:55:88:84:f4:05:
33:1c:09:f0:ea:54:51:e2:e7:9a:47:4f:2d:a2:a8:b1:a5:de:
44:79:d6:24:0d:92:eb:ab:ec:3f:8b:73:fb:ba:b4:7a:bc:50:
8b:ff:ac:ce:72:19:18:f8:2d:49:a3:c6:ec:34:31:f3:d6:53:
ee:c9:be:69:56:8c:c1:33:a9:30:ac:d8:61:49:6c:22:86:4e:
3c:76:c8:44:a1:9b:aa:54:61:ae:f6:9e:79:6d:ca:59:c2:53:
07:e1:d9:07:af:e1:cd:b2:30:8c:ba:a0:02:a2:16:7e:04:de:
e2:75:ed:67:25:27:59:31:f6:d8:95:ec:cd:5a:ca:7d:ed:e8:
06:aa:f6:e4:3a:66:eb:cc:55:38:55:09:3a:31:a8:54:a2:7a:
40:87:b9:a8:fc:90:94:9c:8f:d4:4a:fd:cd:d4:b3:42:84:f3:
8b:6a:d4:ce:d9:10:a8:38:f4:2f:0d:ec:07:8b:11:ad:83:1e:
90:c7:c0:e3:a0:93:f9:a7:33:ed:7f:79:c6:96:02:74:18:66:
d0:50:74:f3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZOdGybnrS0QxDOJ2iEUw/4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjA2MTc1MzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzRmOTZkZDQyOTZjODdmYWQ3MmMyY2Y1NTUyOTU1M2ZlNzBmOTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVbK0Dl6wLWtMNqM+3xFL6d7/fHn
ZfAsWoI8Lf/eb2W3n2GpXQ+416KoBVELInDGSdSULNWRHe5LeemVYFIAspBg302O
6xws/xCE2CU58/qSZq+jQi9GernoekEWgNS8DTd3twTuU6cr8tKLrmbM0wQgVuF7
Me3m+BuLeNCsBlBjNqsaPGApyT32fn+uOLMB6P20vI5J58XP0QoqBC//EOigKlWT
71LUGZdZyISrmWe2Rxkj6hqm8to8BOo/KhvZAxMAx7dH3zvOezz7BX0XsOkMNjhN
8E7mU2SLQPYsruOhJrs6iGIT8edwTyPuwEB0VD8S6G2adguBlKaLEKpzfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBNPlt1Clsh/rXLCz1VSlVP+cPmDMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRTAtVzNVS1d5SC10Y3NMUFZWS1ZVXzV3LVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQB1MACAwQA
1MALAwQA1MEIMA0GCSqGSIb3DQEBCwUAA4IBAQAcymr6RAjo6zLpbjnSj7icbfmZ
R20E+va58b5SjW6DFDoorx6W7+RbkMUsRRp6qqZ0VYiE9AUzHAnw6lRR4ueaR08t
oqixpd5EedYkDZLrq+w/i3P7urR6vFCL/6zOchkY+C1Jo8bsNDHz1lPuyb5pVozB
M6kwrNhhSWwihk48dshEoZuqVGGu9p55bcpZwlMH4dkHr+HNsjCMuqACohZ+BN7i
de1nJSdZMfbYlezNWsp97egGqvbkOmbrzFU4VQk6MahUonpAh7mo/JCUnI/USv3N
1LNChPOLatTO2RCoOPQvDewHixGtgx6Qx8DjoJP5pzPtf3nGlgJ0GGbQUHTz
-----END CERTIFICATE-----
Generated at Fri Apr 18 20:10:25 2025 by rpki-client