Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JfiEJ4ZWeH52EMmIgQj3QnOn4_4.roa
File: JfiEJ4ZWeH52EMmIgQj3QnOn4_4.roa (raw, json)
Hash identifier: /IYWY8Ppe32OU7lbmxW2vPjJ2Tkx27F5jrJ+OSRAbVw=
Subject key identifier: 25:F8:84:27:86:56:78:7E:76:10:C9:88:81:08:F7:42:73:A7:E3:FE
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019428250F57747BA16EEF1D622DB599543E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JfiEJ4ZWeH52EMmIgQj3QnOn4_4.roa
Signing time: Thu 02 Jan 2025 17:51:44 +0000
ROA not before: Thu 02 Jan 2025 17:51:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213035
IP address blocks: 194.87.132.0/24 maxlen: 24
195.133.16.0/24 maxlen: 24
212.192.216.0/24 maxlen: 24
212.192.218.0/24 maxlen: 24
212.192.219.0/24 maxlen: 24
212.192.240.0/24 maxlen: 24
212.192.243.0/24 maxlen: 24
212.193.29.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:0f:57:74:7b:a1:6e:ef:1d:62:2d:b5:99:54:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=25f884278656787e7610c9888108f74273a7e3fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:b9:9e:e4:85:8f:23:29:7a:ca:f3:1e:70:4a:
2f:4d:f8:45:5e:18:9e:2a:87:9f:70:cf:8d:d5:d5:
b3:7d:a8:ad:02:21:e0:9c:50:2a:6a:03:11:1c:19:
61:70:c1:8a:bb:45:76:79:bb:94:69:4b:64:2e:9a:
1a:f7:e9:d5:f6:3f:e7:e3:bb:17:20:59:b3:0e:4f:
a8:91:c1:3a:10:ab:b8:4a:46:5f:39:da:77:60:ce:
9b:61:0c:78:24:0c:91:0e:6b:91:f2:16:75:37:e4:
9f:14:a9:da:b7:b9:b1:15:93:77:cc:4c:8a:6f:96:
af:84:22:18:a7:2a:5d:5d:4f:cc:6f:25:18:33:b4:
96:c1:88:f4:4d:d5:9e:b4:8d:32:70:9c:62:03:08:
d1:33:7d:6b:4f:54:62:5e:af:ba:c3:8c:51:5b:b1:
d6:e5:88:ff:64:08:02:da:be:cf:f9:fd:b9:b0:d1:
6f:68:a5:5f:26:d0:ac:d7:67:53:f4:8d:17:03:74:
53:40:65:f9:55:bc:c8:ec:0c:0b:95:51:61:eb:48:
72:e0:0e:8b:fc:82:17:e5:c2:de:89:ab:56:17:2c:
3a:ff:0f:a5:96:7f:da:5a:a3:56:1c:d8:a0:d8:7e:
04:31:92:be:31:6e:e8:09:13:46:00:ad:11:4b:9f:
4e:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:F8:84:27:86:56:78:7E:76:10:C9:88:81:08:F7:42:73:A7:E3:FE
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JfiEJ4ZWeH52EMmIgQj3QnOn4_4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.132.0/24
195.133.16.0/24
212.192.216.0/24
212.192.218.0/23
212.192.240.0/24
212.192.243.0/24
212.193.29.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:ea:98:f5:42:fc:38:d4:65:c8:8e:eb:ee:a0:3e:de:77:33:
6f:83:b4:25:1c:be:d4:84:29:50:75:78:9c:11:d3:9b:ce:82:
ad:05:cb:a6:bb:b7:3c:5b:42:0e:5f:5b:60:ef:74:66:5f:06:
d9:19:04:8c:68:5a:76:4b:b7:89:b1:18:97:3e:12:df:ef:87:
61:02:ff:f2:bb:e6:0f:11:f5:06:c6:b5:1a:29:7e:c0:e7:ad:
8d:81:1e:2a:4f:f6:82:88:83:56:a1:12:d8:d9:32:50:7b:ca:
ba:7f:bc:b4:a2:25:7e:18:4a:46:0c:d3:c8:31:ec:d2:81:7d:
df:3f:41:c3:85:88:52:cf:7e:8a:87:36:f9:23:f0:01:44:ea:
c6:76:de:98:86:2d:49:94:c7:e4:88:28:47:79:b9:56:d5:6e:
63:21:98:54:5e:e3:fb:9e:d1:83:24:01:d5:6c:80:fb:f3:61:
46:ad:a0:d1:38:0b:5e:7c:0c:41:fb:c0:0c:6f:eb:dd:2c:54:
91:cc:46:12:ae:89:46:bc:62:64:56:72:fa:d7:a2:1a:03:78:
db:42:f2:60:79:49:88:6d:a2:9e:25:c7:77:4f:ff:e8:33:27:
90:ef:68:04:36:39:eb:92:5a:07:55:f0:86:a5:75:be:30:f4:
41:03:37:3a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZQoJQ9XdHuhbu8dYi21mVQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY4ODQyNzg2NTY3ODdlNzYxMGM5ODg4MTA4Zjc0MjczYTdlM2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbme5IWPIyl6yvMecEovTfhFXhie
KoefcM+N1dWzfaitAiHgnFAqagMRHBlhcMGKu0V2ebuUaUtkLpoa9+nV9j/n47sX
IFmzDk+okcE6EKu4SkZfOdp3YM6bYQx4JAyRDmuR8hZ1N+SfFKnat7mxFZN3zEyK
b5avhCIYpypdXU/MbyUYM7SWwYj0TdWetI0ycJxiAwjRM31rT1RiXq+6w4xRW7HW
5Yj/ZAgC2r7P+f25sNFvaKVfJtCs12dT9I0XA3RTQGX5VbzI7AwLlVFh60hy4A6L
/IIX5cLeiatWFyw6/w+lln/aWqNWHNig2H4EMZK+MW7oCRNGAK0RS59O5QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCX4hCeGVnh+dhDJiIEI90Jzp+P+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSmZpRUo0WldlSDUyRU1tSWdRajNRbk9uNF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwleEAwQA
w4UQAwQA1MDYAwQB1MDaAwQA1MDwAwQA1MDzAwQA1MEdMA0GCSqGSIb3DQEBCwUA
A4IBAQAc6pj1Qvw41GXIjuvuoD7edzNvg7QlHL7UhClQdXicEdObzoKtBcumu7c8
W0IOX1tg73RmXwbZGQSMaFp2S7eJsRiXPhLf74dhAv/yu+YPEfUGxrUaKX7A562N
gR4qT/aCiINWoRLY2TJQe8q6f7y0oiV+GEpGDNPIMezSgX3fP0HDhYhSz36Khzb5
I/ABROrGdt6Yhi1JlMfkiChHeblW1W5jIZhUXuP7ntGDJAHVbID782FGraDROAte
fAxB+8AMb+vdLFSRzEYSrolGvGJkVnL616IaA3jbQvJgeUmIbaKeJcd3T//oMyeQ
72gENjnrkloHVfCGpXW+MPRBAzc6
-----END CERTIFICATE-----
Generated at Sun Jun 8 18:20:24 2025 by rpki-client