Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MqgB6pinwNyoZMsPGp1khslABI0.roa
File: MqgB6pinwNyoZMsPGp1khslABI0.roa (raw, json)
Hash identifier: bVgOjrRyYNr+MvWJatIbPSdrrkG2IOjyFV5BDeyA0po=
Subject key identifier: 32:A8:01:EA:98:A7:C0:DC:A8:64:CB:0F:1A:9D:64:86:C9:40:04:8D
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0191BD58DB120584CD16FDC8D6497F7F23E6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MqgB6pinwNyoZMsPGp1khslABI0.roa
Signing time: Wed 04 Sep 2024 14:03:22 +0000
ROA not before: Wed 04 Sep 2024 14:03:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 194.58.155.0/24 maxlen: 24
194.87.58.0/23 maxlen: 23
194.87.169.0/24 maxlen: 24
195.133.18.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.63.0/24 maxlen: 24
195.133.73.0/24 maxlen: 24
195.133.81.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
195.133.194.0/24 maxlen: 24
212.192.1.0/24 maxlen: 24
212.192.217.0/24 maxlen: 24
212.192.246.0/24 maxlen: 24
212.192.248.0/24 maxlen: 24
212.193.24.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
212.193.30.0/24 maxlen: 24
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:bd:58:db:12:05:84:cd:16:fd:c8:d6:49:7f:7f:23:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Sep 4 14:03:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=32a801ea98a7c0dca864cb0f1a9d6486c940048d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:08:05:a4:c0:38:fc:7a:01:6d:9b:ad:86:fa:
d8:57:01:b2:28:ed:b3:c1:83:fe:10:52:a6:e0:b1:
c1:5f:87:6a:d2:73:2a:59:52:17:cb:4a:d8:b1:6c:
ed:37:84:5a:cf:08:21:97:af:c4:bd:b3:5b:25:76:
c2:3b:43:e7:29:c3:dd:2b:98:89:5f:92:d0:78:af:
7c:34:02:3e:f4:a0:ed:d2:1e:5f:28:71:e7:03:0e:
07:20:08:9c:90:c9:e3:95:75:14:6e:38:33:39:d9:
fa:c7:a9:5a:ac:26:16:2e:63:6a:cb:8d:bd:1f:70:
39:36:bc:2a:ed:65:a5:f2:8a:e5:a0:fc:49:b3:12:
fb:3a:0c:a3:85:1e:d6:58:f6:bb:4d:2e:2c:f9:64:
b0:5a:34:be:b1:1e:1b:3a:e4:e0:47:5b:49:36:50:
a3:39:0b:17:b3:c4:0f:91:36:9a:f2:0a:e1:a9:ac:
8d:b4:2d:f9:1f:5a:06:09:79:7d:58:38:26:5a:a7:
d1:9c:da:d2:e5:b8:a5:e1:94:bc:8a:09:e5:fb:09:
27:eb:3b:78:0a:1e:04:05:b6:ca:56:25:1e:09:dd:
0c:c5:dd:66:2d:32:44:6d:c4:f9:53:37:75:95:7c:
1c:91:94:a0:8f:8a:cd:f1:58:1f:0c:90:58:06:81:
ec:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:A8:01:EA:98:A7:C0:DC:A8:64:CB:0F:1A:9D:64:86:C9:40:04:8D
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MqgB6pinwNyoZMsPGp1khslABI0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.58.155.0/24
194.87.58.0/23
194.87.169.0/24
195.133.18.0/24
195.133.24.0/23
195.133.50.0/23
195.133.63.0/24
195.133.73.0/24
195.133.81.0/24
195.133.92.0/23
195.133.194.0/24
212.192.1.0/24
212.192.217.0/24
212.192.246.0/24
212.192.248.0/24
212.193.24.0/24
212.193.26.0/23
212.193.30.0/24
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
79:2f:76:d2:d3:0b:4e:36:1b:ab:35:d8:50:0c:17:a5:55:a2:
8c:c1:49:96:bd:a0:78:17:d0:60:f6:b6:fd:a9:6c:9c:e7:5a:
fc:61:c0:2f:cd:83:5d:8b:f9:e0:be:2a:fa:e3:9d:56:e0:50:
78:0e:49:71:25:7d:49:d4:18:1e:0b:71:c9:97:85:83:aa:60:
ee:74:70:ce:d8:86:f2:e3:b4:6c:c6:49:80:e7:76:75:9d:fe:
2e:66:27:91:7d:b3:6f:2a:86:28:6d:b2:79:07:ac:4e:51:ee:
45:5f:67:d7:e9:de:ce:dc:2a:e1:40:fe:d6:ca:39:ac:44:6e:
c0:b9:2d:5e:4e:17:4e:c4:84:fd:3c:1f:76:39:88:a0:8f:f8:
4b:31:70:11:a8:7c:ac:28:7b:f9:e6:5c:0b:b3:65:d7:6c:ae:
c3:98:41:28:a1:01:0b:aa:52:79:9e:a5:b4:1a:1b:db:15:0c:
de:84:2f:28:dd:f3:e8:fb:9a:25:19:53:9b:7c:1d:d5:b2:93:
db:b0:42:b2:73:7f:d3:d3:d6:a6:38:70:51:85:da:2b:dd:11:
c4:75:f0:ad:89:d9:37:9d:3e:1d:89:25:b8:78:67:1c:12:7a:
86:2f:15:3e:e7:3a:00:73:d2:fc:c7:53:57:8e:ec:91:3a:e7:
7c:02:1f:f2
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAZG9WNsSBYTNFv3I1kl/fyPmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTA0MTQwMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmE4MDFlYTk4YTdjMGRjYTg2NGNiMGYxYTlkNjQ4NmM5NDAwNDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswgFpMA4/HoBbZuthvrYVwGyKO2z
wYP+EFKm4LHBX4dq0nMqWVIXy0rYsWztN4Razwghl6/EvbNbJXbCO0PnKcPdK5iJ
X5LQeK98NAI+9KDt0h5fKHHnAw4HIAickMnjlXUUbjgzOdn6x6larCYWLmNqy429
H3A5Nrwq7WWl8orloPxJsxL7OgyjhR7WWPa7TS4s+WSwWjS+sR4bOuTgR1tJNlCj
OQsXs8QPkTaa8grhqayNtC35H1oGCXl9WDgmWqfRnNrS5bil4ZS8ignl+wkn6zt4
Ch4EBbbKViUeCd0Mxd1mLTJEbcT5Uzd1lXwckZSgj4rN8VgfDJBYBoHs6QIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFDKoAeqYp8DcqGTLDxqdZIbJQASNMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTXFnQjZwaW53TnlvWk1zUEdwMWtoc2xBQkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijByBAIAATBsAwQAwjqb
AwQBwlc6AwQAwlepAwQAw4USAwQBw4UYAwQBw4UyAwQAw4U/AwQAw4VJAwQAw4VR
AwQBw4VcAwQAw4XCAwQA1MABAwQA1MDZAwQA1MD2AwQA1MD4AwQA1MEYAwQB1MEa
AwQA1MEeMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEA
eS920tMLTjYbqzXYUAwXpVWijMFJlr2geBfQYPa2/alsnOda/GHAL82DXYv54L4q
+uOdVuBQeA5JcSV9SdQYHgtxyZeFg6pg7nRwztiG8uO0bMZJgOd2dZ3+LmYnkX2z
byqGKG2yeQesTlHuRV9n1+neztwq4UD+1so5rERuwLktXk4XTsSE/TwfdjmIoI/4
SzFwEah8rCh7+eZcC7Nl12yuw5hBKKEBC6pSeZ6ltBob2xUM3oQvKN3z6PuaJRlT
m3wd1bKT27BCsnN/09PWpjhwUYXaK90RxHXwrYnZN50+HYkluHhnHBJ6hi8VPuc6
AHPS/MdTV47skTrnfAIf8g==
-----END CERTIFICATE-----
Generated at Mon Apr 21 04:08:58 2025 by rpki-client