Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HCu5KPbU8fW8TXA5Fpu6izx8RM0.roa
File: HCu5KPbU8fW8TXA5Fpu6izx8RM0.roa (raw, json)
Hash identifier: QTKg85mcarFyMjvPjbi2jTg8h2wXTj0jumgF4zAadmE=
Subject key identifier: 1C:2B:B9:28:F6:D4:F1:F5:BC:4D:70:39:16:9B:BA:8B:3C:7C:44:CD
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824FC0419ADE52BFF593DFABDB5152E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HCu5KPbU8fW8TXA5Fpu6izx8RM0.roa
Signing time: Thu 02 Jan 2025 17:51:39 +0000
ROA not before: Thu 02 Jan 2025 17:51:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201021
IP address blocks: 62.76.224.0/24 maxlen: 24
193.124.95.0/24 maxlen: 24
193.124.200.0/24 maxlen: 24
193.124.202.0/24 maxlen: 24
194.87.66.0/24 maxlen: 24
194.87.67.0/24 maxlen: 24
194.87.81.0/24 maxlen: 24
194.87.149.0/24 maxlen: 24
194.87.170.0/24 maxlen: 24
194.87.172.0/24 maxlen: 24
194.135.18.0/24 maxlen: 24
194.135.32.0/24 maxlen: 24
195.58.60.0/24 maxlen: 24
212.192.244.0/24 maxlen: 24
212.193.12.0/24 maxlen: 24
212.193.13.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:fc:04:19:ad:e5:2b:ff:59:3d:fa:bd:b5:15:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1c2bb928f6d4f1f5bc4d7039169bba8b3c7c44cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:19:2b:70:4b:bc:85:63:2e:0d:63:14:4e:60:
bc:9d:62:0e:51:f1:53:39:ee:a4:2d:62:29:b1:ac:
73:fb:d0:9f:fe:d7:4a:54:75:57:c0:84:3b:d3:73:
d6:82:dd:d0:ad:3b:4c:f7:91:d8:2e:b5:df:3e:4d:
18:4e:65:86:ac:d5:49:99:52:a5:2f:e0:2f:66:d2:
c8:aa:25:d7:a0:6a:a2:88:29:f9:f8:ff:c3:0f:d2:
41:cb:ac:37:fe:6b:78:31:a3:4c:33:ea:bd:1d:7f:
4f:2a:c1:4b:6b:b6:2c:e6:73:a5:6c:1b:ff:0e:0d:
97:90:35:00:8f:eb:09:ae:08:87:d4:62:04:0c:fd:
49:b0:82:8d:6e:81:a5:d7:a8:7a:5b:1c:fb:a8:bb:
95:c5:5d:fe:0c:e1:52:14:43:8d:56:80:51:c4:fb:
e4:aa:5c:c6:ed:de:a8:2d:e3:d2:d8:f1:ad:b2:7c:
44:97:88:fc:6e:be:c3:bb:d9:6b:bb:f7:e2:9d:b9:
a7:e8:29:d0:4a:a6:52:1f:21:15:5e:35:62:b2:60:
4b:55:92:81:da:ec:6b:ee:bd:86:3e:62:4d:6c:6a:
ac:f1:61:e5:18:64:af:80:8f:bd:56:16:22:3b:62:
bd:6b:0a:3a:52:4c:84:fc:07:7b:97:27:5a:7a:5a:
c7:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:2B:B9:28:F6:D4:F1:F5:BC:4D:70:39:16:9B:BA:8B:3C:7C:44:CD
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HCu5KPbU8fW8TXA5Fpu6izx8RM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.224.0/24
193.124.95.0/24
193.124.200.0/24
193.124.202.0/24
194.87.66.0/23
194.87.81.0/24
194.87.149.0/24
194.87.170.0/24
194.87.172.0/24
194.135.18.0/24
194.135.32.0/24
195.58.60.0/24
212.192.244.0/24
212.193.12.0/23
Signature Algorithm: sha256WithRSAEncryption
47:54:bf:1f:32:b2:c7:37:37:cd:85:de:92:a0:96:fd:7c:85:
86:2e:8b:5c:2b:6b:3c:d2:af:60:70:65:48:dd:df:2a:69:2e:
a0:47:d4:37:41:9a:6a:63:27:82:90:f2:ee:6f:d0:c6:ce:57:
c2:b7:27:7f:41:71:b0:f4:8c:15:8c:9f:f9:d0:10:3f:cf:7a:
c7:1e:e1:0d:f0:80:39:7b:43:f0:53:9a:3c:42:75:32:4b:52:
a9:93:f6:6f:82:0a:18:f2:c0:1c:c8:53:63:d7:0f:3e:a7:23:
ef:70:77:4a:80:e7:3c:cd:84:d4:1e:f2:14:11:f4:b6:e7:23:
d0:cb:75:98:40:8d:0e:6b:64:04:e1:de:bd:c6:20:ac:7f:d6:
68:66:61:7a:1d:d2:2c:c2:6f:eb:5f:6c:38:23:ba:ce:ee:ea:
72:2c:76:24:db:32:85:f8:2a:0f:4e:48:ed:82:4c:a7:76:75:
ca:2b:3a:cd:54:3a:18:e2:4d:32:cb:9d:54:8f:f3:be:7e:0a:
5a:c3:f0:9a:8b:8b:a4:7d:0b:7a:7d:77:30:8e:27:71:31:79:
6b:d2:ae:ee:d5:cb:0f:84:34:0b:c5:b4:d3:ac:4b:c3:48:ca:
6e:b0:13:c2:52:b2:22:c7:e9:2c:8e:63:28:70:d1:fe:39:c2:
ef:16:e9:05
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZQoJPwEGa3lK/9ZPfq9tRUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzJiYjkyOGY2ZDRmMWY1YmM0ZDcwMzkxNjliYmE4YjNjN2M0NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxkrcEu8hWMuDWMUTmC8nWIOUfFT
Oe6kLWIpsaxz+9Cf/tdKVHVXwIQ703PWgt3QrTtM95HYLrXfPk0YTmWGrNVJmVKl
L+AvZtLIqiXXoGqiiCn5+P/DD9JBy6w3/mt4MaNMM+q9HX9PKsFLa7Ys5nOlbBv/
Dg2XkDUAj+sJrgiH1GIEDP1JsIKNboGl16h6Wxz7qLuVxV3+DOFSFEONVoBRxPvk
qlzG7d6oLePS2PGtsnxEl4j8br7Du9lru/finbmn6CnQSqZSHyEVXjVismBLVZKB
2uxr7r2GPmJNbGqs8WHlGGSvgI+9VhYiO2K9awo6UkyE/Ad7lydaelrH9QIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFBwruSj21PH1vE1wORabuos8fETNMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSEN1NUtQYlU4Zlc4VFhBNUZwdTZpeng4Uk0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAPkzgAwQA
wXxfAwQAwXzIAwQAwXzKAwQBwldCAwQAwldRAwQAwleVAwQAwleqAwQAwlesAwQA
wocSAwQAwocgAwQAwzo8AwQA1MD0AwQB1MEMMA0GCSqGSIb3DQEBCwUAA4IBAQBH
VL8fMrLHNzfNhd6SoJb9fIWGLotcK2s80q9gcGVI3d8qaS6gR9Q3QZpqYyeCkPLu
b9DGzlfCtyd/QXGw9IwVjJ/50BA/z3rHHuEN8IA5e0PwU5o8QnUyS1Kpk/ZvggoY
8sAcyFNj1w8+pyPvcHdKgOc8zYTUHvIUEfS25yPQy3WYQI0Oa2QE4d69xiCsf9Zo
ZmF6HdIswm/rX2w4I7rO7upyLHYk2zKF+CoPTkjtgkyndnXKKzrNVDoY4k0yy51U
j/O+fgpaw/Cai4ukfQt6fXcwjidxMXlr0q7u1csPhDQLxbTTrEvDSMpusBPCUrIi
x+ksjmMocNH+OcLvFukF
-----END CERTIFICATE-----
Generated at Tue Apr 22 00:01:37 2025 by rpki-client