Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JDqFQ21uZg-jnIm9xYdoI4zrCyM.roa
File: JDqFQ21uZg-jnIm9xYdoI4zrCyM.roa (raw, json)
Hash identifier: PdtrAAXMRnuU+cqP8fTWXCpucXkZK3Vq63+5QHdFjAc=
Subject key identifier: 24:3A:85:43:6D:6E:66:0F:A3:9C:89:BD:C5:87:68:23:8C:EB:0B:23
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824E83BA59EB7A11ABC4B85537F326B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JDqFQ21uZg-jnIm9xYdoI4zrCyM.roa
Signing time: Thu 02 Jan 2025 17:51:34 +0000
ROA not before: Thu 02 Jan 2025 17:51:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25198
IP address blocks: 194.85.249.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:e8:3b:a5:9e:b7:a1:1a:bc:4b:85:53:7f:32:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=243a85436d6e660fa39c89bdc58768238ceb0b23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:e1:0b:56:7a:9e:8f:ec:67:98:c8:00:c8:88:
00:04:21:3d:a1:c6:3d:86:e5:83:40:bc:f0:e0:e1:
67:6f:6b:c4:db:57:06:35:f5:1e:6a:7a:31:8a:cc:
15:b0:55:c4:ac:a1:ad:cd:0e:f9:4c:3b:18:75:8d:
c1:cf:12:25:fb:74:4b:5f:da:53:23:18:ee:ea:02:
82:76:c5:85:40:cc:17:be:fc:69:5d:9b:4e:17:53:
13:7b:69:fe:4c:be:f3:4c:48:88:4d:e9:cb:80:8d:
b6:ea:8c:05:0b:f1:36:ad:59:5c:ff:6e:be:a1:dd:
d2:72:98:4d:e9:59:7e:9e:35:9d:ff:54:4d:59:c8:
42:81:48:6f:ce:c6:1d:ca:de:4b:1a:b1:c6:5c:c6:
68:f7:f7:5b:25:d8:e9:47:e5:60:24:3f:c2:1c:37:
a8:05:aa:09:18:38:dc:b6:e2:73:41:2d:56:58:af:
ed:cb:96:22:f0:42:d8:e1:08:d4:38:4a:cf:f2:59:
cf:04:dc:ba:a1:b0:dc:0b:6d:55:09:65:14:a2:8c:
0c:58:ea:22:ce:8a:db:1e:11:e3:0b:69:80:06:3d:
7f:fc:79:51:ee:e3:f7:09:96:fd:cc:2b:a9:e6:a6:
4d:df:c8:e3:e2:28:98:d3:84:0d:6f:e0:9b:ae:f3:
e3:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:3A:85:43:6D:6E:66:0F:A3:9C:89:BD:C5:87:68:23:8C:EB:0B:23
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JDqFQ21uZg-jnIm9xYdoI4zrCyM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.85.249.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:5b:89:f3:85:cf:4e:bc:31:48:e0:01:9b:9b:d4:09:15:37:
e4:39:ac:dc:14:f9:3c:7a:16:60:16:e6:36:aa:85:fd:2a:49:
62:27:43:51:f5:de:92:29:ff:e3:08:15:78:76:02:28:3e:cc:
55:40:b7:ec:98:1e:53:f1:f1:90:e1:c8:a3:b5:d8:55:b0:f4:
4d:74:f9:14:91:f1:cc:29:c5:23:1c:1f:5b:55:37:fc:16:1a:
02:7a:43:15:3d:27:1f:4a:49:9a:f2:ec:58:cc:e5:eb:74:63:
4f:78:43:b6:89:6e:5c:4c:f1:1f:c9:b0:2e:ea:95:5c:4d:69:
df:cd:79:33:e7:cc:3c:e5:49:6a:01:a8:fb:6c:31:95:6d:3b:
24:a0:5c:3a:01:94:26:5a:4b:3a:35:9b:1a:f1:13:e9:8f:fb:
e5:cc:6b:2a:42:13:17:51:f1:72:cc:b5:44:9b:4a:f0:45:b3:
f8:09:60:aa:87:8b:8f:e5:a4:ba:a6:3a:56:46:85:8e:5f:41:
84:95:2b:29:fa:37:69:bd:63:fc:42:42:a5:99:de:dd:95:d4:
fa:4b:4e:82:78:76:4f:84:d6:2f:c2:05:4e:98:cc:c8:a0:09:
2e:91:76:ce:86:98:f4:70:26:d8:31:f4:17:49:16:21:b7:55:
fc:f2:90:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJOg7pZ63oRq8S4VTfzJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDNhODU0MzZkNmU2NjBmYTM5Yzg5YmRjNTg3NjgyMzhjZWIwYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uELVnqej+xnmMgAyIgABCE9ocY9
huWDQLzw4OFnb2vE21cGNfUeanoxiswVsFXErKGtzQ75TDsYdY3BzxIl+3RLX9pT
Ixju6gKCdsWFQMwXvvxpXZtOF1MTe2n+TL7zTEiITenLgI226owFC/E2rVlc/26+
od3ScphN6Vl+njWd/1RNWchCgUhvzsYdyt5LGrHGXMZo9/dbJdjpR+VgJD/CHDeo
BaoJGDjctuJzQS1WWK/ty5Yi8ELY4QjUOErP8lnPBNy6obDcC21VCWUUoowMWOoi
zorbHhHjC2mABj1//HlR7uP3CZb9zCup5qZN38jj4iiY04QNb+CbrvPjDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCQ6hUNtbmYPo5yJvcWHaCOM6wsjMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSkRxRlEyMXVaZy1qbkltOXhZZG9JNHpyQ3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlX5MA0G
CSqGSIb3DQEBCwUAA4IBAQBMW4nzhc9OvDFI4AGbm9QJFTfkOazcFPk8ehZgFuY2
qoX9KkliJ0NR9d6SKf/jCBV4dgIoPsxVQLfsmB5T8fGQ4cijtdhVsPRNdPkUkfHM
KcUjHB9bVTf8FhoCekMVPScfSkma8uxYzOXrdGNPeEO2iW5cTPEfybAu6pVcTWnf
zXkz58w85UlqAaj7bDGVbTskoFw6AZQmWks6NZsa8RPpj/vlzGsqQhMXUfFyzLVE
m0rwRbP4CWCqh4uP5aS6pjpWRoWOX0GElSsp+jdpvWP8QkKlmd7dldT6S06CeHZP
hNYvwgVOmMzIoAkukXbOhpj0cCbYMfQXSRYht1X88pDG
-----END CERTIFICATE-----
Generated at Sun Jun 8 16:20:29 2025 by rpki-client