Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OSA4vzS6PYoekyUR_40Hsxlxcbw.roa
File: OSA4vzS6PYoekyUR_40Hsxlxcbw.roa (raw, json)
Hash identifier: P5RMvru54bUHNj81ZtGmKrSL21ET7hyHRxwwqvhKww0=
Subject key identifier: 39:20:38:BF:34:BA:3D:8A:1E:93:25:11:FF:8D:07:B3:19:71:71:BC
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193DD9A19960EAD803E0919840B099CBD53
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OSA4vzS6PYoekyUR_40Hsxlxcbw.roa
Signing time: Thu 19 Dec 2024 06:28:04 +0000
ROA not before: Thu 19 Dec 2024 06:28:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8100
IP address blocks: 193.124.227.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:dd:9a:19:96:0e:ad:80:3e:09:19:84:0b:09:9c:bd:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 19 06:28:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=392038bf34ba3d8a1e932511ff8d07b3197171bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:04:6e:cf:23:bf:b5:c5:c6:4e:4c:e0:d5:59:
06:67:08:7a:81:4f:af:60:7d:6e:dd:77:dc:48:4b:
73:21:18:59:54:e0:84:1c:da:bc:ef:05:c2:06:65:
fa:36:65:95:af:65:6c:b2:13:ba:90:64:ba:a9:74:
c8:42:f9:e6:42:23:4a:67:5b:f0:55:d6:25:76:a7:
8e:17:0f:80:7c:bc:93:eb:a8:e8:60:94:57:ee:3c:
57:15:c1:07:dd:47:ba:b2:55:2a:e8:a7:cd:6b:f5:
c9:6d:cb:16:8d:41:64:e7:da:46:db:11:30:16:3f:
60:fe:41:ed:ef:44:d5:b3:c2:4a:b3:80:e3:61:9c:
c7:9b:52:c9:76:17:78:2f:ed:8a:e9:52:47:ed:c0:
c8:f7:f0:43:ae:78:0e:46:64:a4:ed:68:51:04:c7:
60:e1:20:a7:ff:00:dc:50:a6:29:f2:45:04:58:0f:
d2:c8:b4:97:19:cb:e3:31:c5:28:2c:ab:d1:91:1a:
4e:4b:db:e8:f4:b9:79:2a:a4:fd:b2:e1:1e:f1:1c:
69:32:cf:eb:b3:fe:53:54:a5:d2:10:1a:61:81:32:
35:00:90:be:27:f0:54:0a:90:32:2c:3d:be:98:c2:
43:9b:14:59:15:18:c8:06:6a:7f:af:d6:45:14:7c:
1f:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:20:38:BF:34:BA:3D:8A:1E:93:25:11:FF:8D:07:B3:19:71:71:BC
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OSA4vzS6PYoekyUR_40Hsxlxcbw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.87.53.0/24
194.135.46.0/24
195.133.55.0/24
195.133.59.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:09:08:a3:6d:8c:3f:6b:7d:1e:51:9f:bc:df:df:3b:5f:db:
81:6c:79:1e:dd:78:11:59:a2:3d:81:4f:ea:62:21:dd:6a:e1:
11:58:55:3e:d3:61:5a:a6:6c:12:52:54:72:2e:e9:c7:45:03:
ba:85:38:25:c2:3d:db:21:32:9b:84:d5:83:ae:dc:bf:f2:10:
8f:03:75:c6:3a:05:8b:db:74:a7:48:52:8d:92:85:ed:a2:62:
54:32:11:a9:56:e9:a3:bd:c1:e8:9f:40:2f:9b:af:cf:de:7f:
2e:b2:d0:d0:89:f3:90:34:05:fa:47:d6:85:83:dd:56:89:d8:
71:f4:96:94:5d:36:f8:04:d2:af:11:4f:41:06:01:fd:45:de:
7f:a7:0c:b4:6d:a1:52:68:1c:77:48:0b:3a:04:5a:ac:f7:04:
9c:63:97:6e:1f:83:63:9f:11:68:93:19:95:e9:be:b0:05:d8:
7a:37:50:86:82:bf:61:28:58:f1:7c:35:4b:55:71:d4:e1:1f:
16:86:a5:44:63:6c:fe:63:8e:af:58:b2:65:2e:08:8a:ac:1a:
f4:5d:b1:61:46:ff:d2:07:4b:e2:41:78:26:e5:76:74:a5:58:
e0:70:92:9f:02:2a:8c:9c:18:4a:bc:e5:51:51:e8:35:8f:59:
3f:1b:ac:c6
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZPdmhmWDq2APgkZhAsJnL1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjE5MDYyODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTIwMzhiZjM0YmEzZDhhMWU5MzI1MTFmZjhkMDdiMzE5NzE3MWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QRuzyO/tcXGTkzg1VkGZwh6gU+v
YH1u3XfcSEtzIRhZVOCEHNq87wXCBmX6NmWVr2VsshO6kGS6qXTIQvnmQiNKZ1vw
VdYldqeOFw+AfLyT66joYJRX7jxXFcEH3Ue6slUq6KfNa/XJbcsWjUFk59pG2xEw
Fj9g/kHt70TVs8JKs4DjYZzHm1LJdhd4L+2K6VJH7cDI9/BDrngORmSk7WhRBMdg
4SCn/wDcUKYp8kUEWA/SyLSXGcvjMcUoLKvRkRpOS9vo9Ll5KqT9suEe8RxpMs/r
s/5TVKXSEBphgTI1AJC+J/BUCpAyLD2+mMJDmxRZFRjIBmp/r9ZFFHwfAwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDkgOL80uj2KHpMlEf+NB7MZcXG8MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvT1NBNHZ6UzZQWW9la3lVUl80MEhzeGx4Y2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwXzjAwQA
wlc1AwQAwocuAwQAw4U3AwQAw4U7MA0GCSqGSIb3DQEBCwUAA4IBAQBrCQijbYw/
a30eUZ+83987X9uBbHke3XgRWaI9gU/qYiHdauERWFU+02FapmwSUlRyLunHRQO6
hTglwj3bITKbhNWDrty/8hCPA3XGOgWL23SnSFKNkoXtomJUMhGpVumjvcHon0Av
m6/P3n8ustDQifOQNAX6R9aFg91Widhx9JaUXTb4BNKvEU9BBgH9Rd5/pwy0baFS
aBx3SAs6BFqs9wScY5duH4NjnxFokxmV6b6wBdh6N1CGgr9hKFjxfDVLVXHU4R8W
hqVEY2z+Y46vWLJlLgiKrBr0XbFhRv/SB0viQXgm5XZ0pVjgcJKfAiqMnBhKvOVR
Ueg1j1k/G6zG
-----END CERTIFICATE-----
Generated at Fri Apr 18 20:08:28 2025 by rpki-client