Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KUoMkdoy0buTmks4YYvYyw3XNro.roa
File: KUoMkdoy0buTmks4YYvYyw3XNro.roa (raw, json)
Hash identifier: 5/5heoFfFede6XyWKqvz4Tj+XAY/rGdnUKGxT94cLnI=
Subject key identifier: 29:4A:0C:91:DA:32:D1:BB:93:9A:4B:38:61:8B:D8:CB:0D:D7:36:BA
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018A2C2E32078D219FEB9D2A7CE0001F183F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KUoMkdoy0buTmks4YYvYyw3XNro.roa
Signing time: Fri 25 Aug 2023 10:12:19 +0000
ROA not before: Fri 25 Aug 2023 10:12:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200385
IP address blocks: 194.87.205.0/24 maxlen: 24
193.124.227.0/24 maxlen: 24
62.76.235.0/24 maxlen: 24
194.87.23.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
195.133.37.0/24 maxlen: 24
194.58.60.0/24 maxlen: 24
193.124.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:2c:2e:32:07:8d:21:9f:eb:9d:2a:7c:e0:00:1f:18:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Aug 25 10:12:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=294a0c91da32d1bb939a4b38618bd8cb0dd736ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:36:93:79:08:5f:78:7e:f2:50:65:5c:e7:ed:
95:71:24:24:ef:c1:c0:2a:35:42:b8:39:ce:ab:50:
f3:52:db:cf:82:5d:02:7e:5b:0b:e4:eb:43:e5:02:
fc:6b:6d:b7:8b:95:0f:f6:a3:8f:a2:2c:54:02:a8:
bd:01:4d:95:32:c4:12:d8:cd:09:fc:39:ef:82:8f:
0a:5b:03:0f:b3:66:58:85:f2:d9:29:1d:77:29:f6:
8a:53:cf:3f:ff:96:74:77:5a:55:c6:d1:64:98:78:
0f:59:9c:ce:c0:a7:f6:19:0a:35:e2:5a:78:b9:ef:
d2:89:ba:44:8f:10:09:1c:fe:ad:0d:80:73:09:72:
4a:df:7d:87:65:52:c2:ca:5b:80:0b:6c:c0:18:e4:
29:a8:a3:d0:4b:cb:61:5f:5d:23:e1:3f:c9:30:dd:
d9:6a:7f:e6:55:16:1c:03:00:1b:e8:1f:30:10:a9:
22:f7:a5:73:14:f3:25:b8:ae:97:78:31:e1:1a:1b:
56:ec:d7:c4:50:39:1e:db:9f:de:90:21:49:f4:03:
d6:d0:29:71:96:81:54:e8:8b:d5:72:ed:d7:79:00:
56:64:77:ca:42:17:0b:b7:28:7f:bd:17:57:39:20:
21:5f:2f:51:d1:28:8e:fb:c6:c0:06:46:f8:61:37:
15:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:4A:0C:91:DA:32:D1:BB:93:9A:4B:38:61:8B:D8:CB:0D:D7:36:BA
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KUoMkdoy0buTmks4YYvYyw3XNro.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.235.0/24
193.124.49.0/24
193.124.91.0/24
193.124.227.0/24
194.58.60.0/24
194.87.23.0/24
194.87.205.0/24
195.133.37.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:4d:d3:8b:ea:de:dc:7a:21:3a:cc:b8:50:14:ee:45:27:ea:
a7:b1:e5:08:a9:19:c3:70:6a:52:31:bb:c4:25:d2:98:e4:6b:
00:7e:ac:1c:f7:7c:83:b4:48:42:69:2b:ec:52:1b:38:ce:8f:
ed:d7:9e:eb:68:25:93:65:6b:69:ea:4b:d8:2b:b2:df:cd:75:
e8:18:49:35:ce:16:d0:1e:fb:27:36:86:76:11:06:ec:78:35:
38:2a:6f:16:11:05:9a:f5:77:ff:ea:fd:e9:7f:49:97:99:53:
31:56:37:d8:48:b3:de:2a:49:cd:5c:76:76:4e:1d:53:89:3c:
17:1f:ee:22:7c:d7:bf:65:a0:22:69:16:d6:fc:40:f7:c8:17:
98:8c:38:c0:25:81:ca:43:c5:1e:98:77:51:13:d0:23:b3:45:
eb:16:53:42:8b:a9:bd:f3:2e:19:34:5e:28:d1:08:de:ff:7b:
f2:b1:ab:35:d2:16:94:fb:5e:18:18:6a:26:8f:fa:59:3b:70:
60:1a:61:4e:38:df:8f:cb:2b:24:d1:17:ec:f3:04:1c:d2:b0:
a8:ed:41:ca:e8:2e:0c:c6:7c:41:6d:b6:65:6e:40:92:e0:cc:
db:f5:17:3a:07:ad:b0:f1:2c:9a:a6:d9:4a:7f:52:ca:1a:e2:
51:21:fa:5b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYosLjIHjSGf650qfOAAHxg/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwODI1MTAxMjE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRhMGM5MWRhMzJkMWJiOTM5YTRiMzg2MThiZDhjYjBkZDczNmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTaTeQhfeH7yUGVc5+2VcSQk78HA
KjVCuDnOq1DzUtvPgl0CflsL5OtD5QL8a223i5UP9qOPoixUAqi9AU2VMsQS2M0J
/Dnvgo8KWwMPs2ZYhfLZKR13KfaKU88//5Z0d1pVxtFkmHgPWZzOwKf2GQo14lp4
ue/SibpEjxAJHP6tDYBzCXJK332HZVLCyluAC2zAGOQpqKPQS8thX10j4T/JMN3Z
an/mVRYcAwAb6B8wEKki96VzFPMluK6XeDHhGhtW7NfEUDke25/ekCFJ9APW0Clx
loFU6IvVcu3XeQBWZHfKQhcLtyh/vRdXOSAhXy9R0SiO+8bABkb4YTcVbwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFClKDJHaMtG7k5pLOGGL2MsN1za6MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvS1VvTWtkb3kwYnVUbWtzNFlZdll5dzNYTnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAPkzrAwQA
wXwxAwQAwXxbAwQAwXzjAwQAwjo8AwQAwlcXAwQAwlfNAwQAw4UlMA0GCSqGSIb3
DQEBCwUAA4IBAQAdTdOL6t7ceiE6zLhQFO5FJ+qnseUIqRnDcGpSMbvEJdKY5GsA
fqwc93yDtEhCaSvsUhs4zo/t157raCWTZWtp6kvYK7LfzXXoGEk1zhbQHvsnNoZ2
EQbseDU4Km8WEQWa9Xf/6v3pf0mXmVMxVjfYSLPeKknNXHZ2Th1TiTwXH+4ifNe/
ZaAiaRbW/ED3yBeYjDjAJYHKQ8UemHdRE9Ajs0XrFlNCi6m98y4ZNF4o0Qje/3vy
sas10haU+14YGGomj/pZO3BgGmFOON+Pyysk0Rfs8wQc0rCo7UHK6C4MxnxBbbZl
bkCS4Mzb9Rc6B62w8SyaptlKf1LKGuJRIfpb
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:18:52 2025 by rpki-client