Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/GCak3ll-gpWQ5Zu9qrCumJHgLkY.roa
File: GCak3ll-gpWQ5Zu9qrCumJHgLkY.roa (raw, json)
Hash identifier: vYeO54sOXLqGgPgaZ57U9qDGioO3bbT72pY41Nfn5TQ=
Subject key identifier: 18:26:A4:DE:59:7E:82:95:90:E5:9B:BD:AA:B0:AE:98:91:E0:2E:46
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019428250A81AD1BE8CE04BCE4506D19E83D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/GCak3ll-gpWQ5Zu9qrCumJHgLkY.roa
Signing time: Thu 02 Jan 2025 17:51:43 +0000
ROA not before: Thu 02 Jan 2025 17:51:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211440
IP address blocks: 194.87.126.0/24 maxlen: 24
195.133.193.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:0a:81:ad:1b:e8:ce:04:bc:e4:50:6d:19:e8:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1826a4de597e829590e59bbdaab0ae9891e02e46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:68:da:c2:30:4d:18:75:08:db:b2:c7:7f:b0:
1d:de:70:c1:7b:23:e0:66:e8:db:b3:8d:3c:0e:9a:
d7:37:a5:da:a6:b8:57:5c:45:10:99:1e:e9:be:03:
79:4e:b5:d4:15:0b:b9:94:47:00:5e:c1:ac:95:15:
8b:d6:29:62:7a:63:fc:a3:00:a9:0a:40:87:8e:ac:
1c:49:38:73:4e:ff:55:f8:77:12:63:ae:82:49:d4:
c8:c7:8c:3b:0d:6e:32:8c:5f:ae:89:74:30:8b:88:
b1:33:fa:7e:e6:ea:fe:6c:2b:22:2e:9d:7d:e5:72:
20:59:fb:ec:77:6b:70:38:aa:b5:f0:11:19:c3:92:
df:d7:a8:2d:43:cf:26:0e:90:89:1f:79:87:46:e8:
72:e3:06:0f:78:63:9b:df:46:ef:33:39:d8:28:bf:
f0:27:31:12:b5:80:1e:8c:f1:b8:f7:34:b9:bc:1f:
f6:23:31:0b:f8:7c:d5:cc:86:23:b5:e3:0d:eb:a6:
b6:58:9c:b3:d5:86:9b:5e:fa:7a:94:6a:f8:59:37:
4f:f1:61:b8:37:eb:0c:70:69:0e:bf:46:32:e3:26:
8a:5e:68:1f:ac:0f:3b:a0:b4:b8:7a:24:d2:83:ca:
02:c7:1e:3a:b0:b6:7a:4f:90:15:f4:69:85:40:24:
ff:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:26:A4:DE:59:7E:82:95:90:E5:9B:BD:AA:B0:AE:98:91:E0:2E:46
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/GCak3ll-gpWQ5Zu9qrCumJHgLkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.126.0/24
195.133.193.0/24
Signature Algorithm: sha256WithRSAEncryption
58:75:cb:db:40:39:70:1c:a8:0b:45:de:4e:65:cd:53:38:bf:
10:62:3f:f5:f7:cd:90:b1:a5:bd:48:f3:33:a6:75:d8:5e:15:
ef:d7:5e:ac:09:18:80:63:71:fd:fc:0b:94:09:46:1c:53:dc:
24:3b:3c:70:c7:a4:1d:c7:a5:3b:a1:18:89:9e:c8:e5:5d:9a:
a4:ec:07:06:75:61:74:bf:92:f9:5a:c4:48:c0:a4:9c:f9:12:
bb:8c:d4:f5:9c:a2:f4:17:5f:48:38:da:57:05:d0:eb:75:07:
04:99:84:b6:42:4f:1f:dc:2a:fe:5f:7f:d2:5b:07:ff:ec:0e:
c0:ad:b7:a6:b3:78:c8:29:3c:df:43:c7:93:76:32:ef:a3:89:
de:7a:6c:c5:e1:6c:a3:38:3a:9a:58:ec:ce:7a:ea:1f:f5:a1:
c7:f9:04:13:69:d9:02:55:eb:f0:cf:80:dc:70:28:e8:c1:35:
d0:4b:ca:70:8c:9a:a9:d6:50:f5:00:39:a1:73:65:d3:70:57:
7b:97:83:18:3c:cd:43:cb:5b:41:c2:86:7c:f8:7f:be:90:95:
09:41:ad:16:61:7a:8e:bf:bb:11:6a:8e:cf:d6:b3:f1:1e:a2:
e6:35:4d:a8:4a:b0:40:15:5c:73:70:70:d4:fa:e8:0e:e7:e4:
44:0c:63:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJQqBrRvozgS85FBtGeg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODI2YTRkZTU5N2U4Mjk1OTBlNTliYmRhYWIwYWU5ODkxZTAyZTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2jawjBNGHUI27LHf7Ad3nDBeyPg
Zujbs408DprXN6XaprhXXEUQmR7pvgN5TrXUFQu5lEcAXsGslRWL1iliemP8owCp
CkCHjqwcSThzTv9V+HcSY66CSdTIx4w7DW4yjF+uiXQwi4ixM/p+5ur+bCsiLp19
5XIgWfvsd2twOKq18BEZw5Lf16gtQ88mDpCJH3mHRuhy4wYPeGOb30bvMznYKL/w
JzEStYAejPG49zS5vB/2IzEL+HzVzIYjteMN66a2WJyz1YabXvp6lGr4WTdP8WG4
N+sMcGkOv0Yy4yaKXmgfrA87oLS4eiTSg8oCxx46sLZ6T5AV9GmFQCT/pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBgmpN5ZfoKVkOWbvaqwrpiR4C5GMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvR0NhazNsbC1ncFdRNVp1OXFyQ3VtSkhnTGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwld+AwQA
w4XBMA0GCSqGSIb3DQEBCwUAA4IBAQBYdcvbQDlwHKgLRd5OZc1TOL8QYj/1982Q
saW9SPMzpnXYXhXv116sCRiAY3H9/AuUCUYcU9wkOzxwx6Qdx6U7oRiJnsjlXZqk
7AcGdWF0v5L5WsRIwKSc+RK7jNT1nKL0F19IONpXBdDrdQcEmYS2Qk8f3Cr+X3/S
Wwf/7A7Arbems3jIKTzfQ8eTdjLvo4neemzF4WyjODqaWOzOeuof9aHH+QQTadkC
Vevwz4DccCjowTXQS8pwjJqp1lD1ADmhc2XTcFd7l4MYPM1Dy1tBwoZ8+H++kJUJ
Qa0WYXqOv7sRao7P1rPxHqLmNU2oSrBAFVxzcHDU+ugO5+REDGO6
-----END CERTIFICATE-----
Generated at Sun Apr 20 15:00:45 2025 by rpki-client