Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OmKtHuE1MZHoG50tlGRWxSxv8_k.roa
File: OmKtHuE1MZHoG50tlGRWxSxv8_k.roa (raw, json)
Hash identifier: vTwyNmho5PYKIU3AHJJri00jjxQKnQeg8CiLlBZwLX4=
Subject key identifier: 3A:62:AD:1E:E1:35:31:91:E8:1B:9D:2D:94:64:56:C5:2C:6F:F3:F9
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01941C3CE0AB877C3E5631E060AD7485F59F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OmKtHuE1MZHoG50tlGRWxSxv8_k.roa
Signing time: Tue 31 Dec 2024 10:22:19 +0000
ROA not before: Tue 31 Dec 2024 10:22:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8100
IP address blocks: 193.124.227.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
212.192.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1c:3c:e0:ab:87:7c:3e:56:31:e0:60:ad:74:85:f5:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 31 10:22:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3a62ad1ee1353191e81b9d2d946456c52c6ff3f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:ac:0d:c6:67:23:60:86:3e:ab:46:fc:fa:52:
9d:42:bf:19:c4:ba:91:15:29:4e:39:82:37:f6:a3:
9c:c7:63:dc:e1:a5:34:b4:9e:95:61:04:cf:25:35:
e3:5c:91:a0:05:7f:05:10:9e:3c:3e:c3:5c:fd:bf:
60:0d:92:24:7d:2d:24:81:5c:5a:19:ec:85:93:01:
e1:f6:75:1f:bc:ba:1a:39:42:45:3c:97:67:dd:0a:
47:14:45:06:a6:28:d1:30:5c:fe:a7:95:7b:8b:c6:
c8:ec:55:0c:2c:46:73:51:9c:9e:3a:76:8e:08:af:
4e:14:de:ef:64:dc:9c:2b:41:71:79:bb:71:7c:bb:
96:df:71:a6:6e:dc:3e:e6:08:82:94:af:51:30:bc:
96:c4:ae:c7:e3:d1:fe:2e:e9:80:16:29:5c:05:ef:
4f:39:54:31:cd:38:91:ba:1d:a7:96:da:f8:02:cc:
e0:6f:70:e3:ea:11:cc:65:71:91:96:72:17:16:49:
10:af:b3:6a:fe:94:dc:48:56:78:8c:5a:18:41:63:
12:57:bc:3f:d4:1c:ea:52:bf:44:f1:1f:35:c4:19:
a6:71:12:cf:1c:3b:e5:f9:16:e8:23:6e:f3:db:15:
a2:16:ed:16:5e:0a:00:d2:a0:8e:67:cd:42:06:a0:
ca:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:62:AD:1E:E1:35:31:91:E8:1B:9D:2D:94:64:56:C5:2C:6F:F3:F9
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OmKtHuE1MZHoG50tlGRWxSxv8_k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.87.53.0/24
194.135.46.0/24
195.133.55.0/24
212.192.247.0/24
Signature Algorithm: sha256WithRSAEncryption
93:a9:21:cf:ec:59:cd:c1:44:ab:11:73:07:ab:0f:2b:65:f0:
32:9a:96:bc:fe:2b:ab:19:61:7a:ed:58:9d:f0:42:5d:71:09:
22:33:2f:72:d4:f8:ef:73:cf:94:05:76:cf:d0:4b:f4:32:3e:
dd:a3:4d:f1:19:2b:c8:2a:a1:75:e5:5d:ad:4c:e0:86:55:78:
08:19:e7:a1:5e:1b:7a:3a:06:26:a5:c0:65:02:0d:60:46:f8:
f9:09:38:1a:8a:a7:60:c8:72:ce:93:21:f4:a5:27:c6:34:a1:
ac:54:a0:34:a4:07:2d:78:01:d4:2f:c2:dc:bb:3d:66:64:18:
d0:f1:e1:f4:bb:80:e3:16:f0:8a:df:82:db:61:ef:60:31:80:
69:3a:a6:3f:b0:60:32:27:7a:c2:ab:0c:05:f1:82:f1:af:38:
2b:88:42:e6:a8:a0:de:20:2c:4f:eb:b4:f3:05:af:2c:d1:5d:
bf:86:7d:a7:4d:95:f3:fb:1c:9d:59:f6:76:11:6a:da:b8:d8:
b3:6a:7d:9c:c1:b4:b4:81:36:bc:2e:70:44:4d:fb:a4:bf:51:
74:f7:40:44:56:7f:44:83:4f:ea:72:2e:ea:8a:6d:16:5b:c6:
0c:c8:8a:b9:99:30:a5:f1:96:f1:4b:62:5c:83:6e:c1:a8:44:
23:9b:2c:83
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQcPOCrh3w+VjHgYK10hfWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjMxMTAyMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTYyYWQxZWUxMzUzMTkxZTgxYjlkMmQ5NDY0NTZjNTJjNmZmM2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56wNxmcjYIY+q0b8+lKdQr8ZxLqR
FSlOOYI39qOcx2Pc4aU0tJ6VYQTPJTXjXJGgBX8FEJ48PsNc/b9gDZIkfS0kgVxa
GeyFkwHh9nUfvLoaOUJFPJdn3QpHFEUGpijRMFz+p5V7i8bI7FUMLEZzUZyeOnaO
CK9OFN7vZNycK0FxebtxfLuW33Gmbtw+5giClK9RMLyWxK7H49H+LumAFilcBe9P
OVQxzTiRuh2nltr4Aszgb3Dj6hHMZXGRlnIXFkkQr7Nq/pTcSFZ4jFoYQWMSV7w/
1BzqUr9E8R81xBmmcRLPHDvl+RboI27z2xWiFu0WXgoA0qCOZ81CBqDKtQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDpirR7hNTGR6BudLZRkVsUsb/P5MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvT21LdEh1RTFNWkhvRzUwdGxHUld4U3h2OF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwXzjAwQA
wlc1AwQAwocuAwQAw4U3AwQA1MD3MA0GCSqGSIb3DQEBCwUAA4IBAQCTqSHP7FnN
wUSrEXMHqw8rZfAympa8/iurGWF67Vid8EJdcQkiMy9y1Pjvc8+UBXbP0Ev0Mj7d
o03xGSvIKqF15V2tTOCGVXgIGeehXht6OgYmpcBlAg1gRvj5CTgaiqdgyHLOkyH0
pSfGNKGsVKA0pActeAHUL8Lcuz1mZBjQ8eH0u4DjFvCK34LbYe9gMYBpOqY/sGAy
J3rCqwwF8YLxrzgriELmqKDeICxP67TzBa8s0V2/hn2nTZXz+xydWfZ2EWrauNiz
an2cwbS0gTa8LnBETfukv1F090BEVn9Eg0/qci7qim0WW8YMyIq5mTCl8ZbxS2Jc
g27BqEQjmyyD
-----END CERTIFICATE-----
Generated at Sun Jun 8 08:56:43 2025 by rpki-client