Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HvYmdOaZP2d8jK6HtqQ9-MdmD4o.roa
File: HvYmdOaZP2d8jK6HtqQ9-MdmD4o.roa (raw, json)
Hash identifier: fOlJcY3X8k0WRnatzqhCWQhyWNdWNbN0fUknnFjMuCI=
Subject key identifier: 1E:F6:26:74:E6:99:3F:67:7C:8C:AE:87:B6:A4:3D:F8:C7:66:0F:8A
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824E65354A257C5B33F1A9C8E86B5C7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HvYmdOaZP2d8jK6HtqQ9-MdmD4o.roa
Signing time: Thu 02 Jan 2025 17:51:34 +0000
ROA not before: Thu 02 Jan 2025 17:51:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12676
IP address blocks: 194.85.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:e6:53:54:a2:57:c5:b3:3f:1a:9c:8e:86:b5:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1ef62674e6993f677c8cae87b6a43df8c7660f8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:b0:86:80:28:69:f8:60:11:19:c8:ce:5f:6c:
ef:ff:7f:50:85:e4:74:84:f7:d2:3a:2f:c6:9c:f9:
38:53:9a:64:83:76:ac:7d:de:01:36:81:fe:05:41:
a1:68:2c:ee:ca:dd:7a:08:1e:2c:93:9d:52:9a:52:
29:9f:88:d5:1a:03:22:f0:42:66:37:3e:5b:4e:d0:
18:b4:cf:f8:fa:ca:67:66:a5:c5:f6:14:00:bb:bb:
57:2b:ae:72:6d:50:e2:a6:8c:2e:4a:57:f4:f6:a7:
3d:ec:ab:a1:e1:82:2b:d8:ed:2c:c3:9b:13:27:c7:
1b:ae:8e:ea:8d:79:6c:b8:d3:d7:22:2b:8c:85:6d:
46:33:fc:15:9d:37:6b:34:5d:94:39:7d:76:c5:93:
70:51:23:a8:68:e9:79:d5:4b:26:b0:b3:c4:55:71:
f4:e9:c9:d2:51:72:ca:64:03:c9:ed:28:39:25:95:
9f:af:1e:80:f7:3c:f5:c7:67:b9:ed:42:d8:f4:f5:
aa:be:e6:c0:c0:03:ec:ae:34:e5:53:84:80:46:51:
7c:51:7a:77:d0:97:26:49:64:95:19:80:82:98:a2:
d7:c6:78:ec:2a:a5:fd:14:90:55:9d:2a:0e:37:d5:
af:b7:17:06:c2:36:49:eb:4e:4f:f6:38:7c:b0:94:
7c:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:F6:26:74:E6:99:3F:67:7C:8C:AE:87:B6:A4:3D:F8:C7:66:0F:8A
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HvYmdOaZP2d8jK6HtqQ9-MdmD4o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.85.248.0/24
Signature Algorithm: sha256WithRSAEncryption
31:10:38:5c:d3:ed:5d:cd:f9:9e:5d:1a:92:8d:62:a7:29:72:
75:e7:cd:8e:16:72:ea:d7:e9:5d:6c:b1:19:09:55:14:5e:d1:
3a:dd:3d:04:85:e5:1b:4d:fc:61:d4:25:12:42:c5:27:7d:00:
4f:05:73:b5:22:90:f4:6f:f6:04:d8:2a:62:96:93:53:4c:1a:
b2:7a:c7:b2:9f:14:26:34:eb:93:ca:77:82:d3:22:97:ed:be:
48:81:d5:48:38:5d:51:cf:6f:0e:39:14:26:00:fc:19:fd:e6:
af:6d:32:b0:29:3f:2a:d6:34:df:10:9a:db:3f:ac:0f:6e:53:
02:0f:91:c9:66:65:d1:48:90:57:c4:e3:9a:3e:d2:70:94:4f:
f0:97:52:be:64:db:f6:7f:c7:db:d8:75:9b:87:23:fd:a6:88:
84:00:11:d3:18:35:96:21:5f:c9:d5:45:5f:2f:f4:c9:89:8c:
3a:e0:47:f2:15:49:ba:52:de:48:36:8b:27:14:17:72:f5:cf:
e7:e8:31:05:c3:74:af:7b:0e:55:ae:0c:3a:b8:d0:fd:33:b9:
d5:cf:dd:ff:b1:48:6d:07:f6:e2:25:73:d3:a8:bf:0f:57:cf:
16:4a:a5:46:d8:90:ed:72:8f:ce:a5:87:b3:2d:cd:7c:3f:a4:
96:a2:66:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJOZTVKJXxbM/GpyOhrXHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWY2MjY3NGU2OTkzZjY3N2M4Y2FlODdiNmE0M2RmOGM3NjYwZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbCGgChp+GARGcjOX2zv/39QheR0
hPfSOi/GnPk4U5pkg3asfd4BNoH+BUGhaCzuyt16CB4sk51SmlIpn4jVGgMi8EJm
Nz5bTtAYtM/4+spnZqXF9hQAu7tXK65ybVDipowuSlf09qc97Kuh4YIr2O0sw5sT
J8cbro7qjXlsuNPXIiuMhW1GM/wVnTdrNF2UOX12xZNwUSOoaOl51UsmsLPEVXH0
6cnSUXLKZAPJ7Sg5JZWfrx6A9zz1x2e57ULY9PWqvubAwAPsrjTlU4SARlF8UXp3
0JcmSWSVGYCCmKLXxnjsKqX9FJBVnSoON9WvtxcGwjZJ605P9jh8sJR8UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB72JnTmmT9nfIyuh7akPfjHZg+KMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSHZZbWRPYVpQMmQ4aks2SHRxUTktTWRtRDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlX4MA0G
CSqGSIb3DQEBCwUAA4IBAQAxEDhc0+1dzfmeXRqSjWKnKXJ1582OFnLq1+ldbLEZ
CVUUXtE63T0EheUbTfxh1CUSQsUnfQBPBXO1IpD0b/YE2CpilpNTTBqyeseynxQm
NOuTyneC0yKX7b5IgdVIOF1Rz28OORQmAPwZ/eavbTKwKT8q1jTfEJrbP6wPblMC
D5HJZmXRSJBXxOOaPtJwlE/wl1K+ZNv2f8fb2HWbhyP9poiEABHTGDWWIV/J1UVf
L/TJiYw64EfyFUm6Ut5INosnFBdy9c/n6DEFw3Svew5Vrgw6uND9M7nVz93/sUht
B/biJXPTqL8PV88WSqVG2JDtco/OpYezLc18P6SWomby
-----END CERTIFICATE-----
Generated at Sun Jun 8 16:17:39 2025 by rpki-client