Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PIoKa0nMl0sDA8sPHYZz_zKgydw.roa
File: PIoKa0nMl0sDA8sPHYZz_zKgydw.roa (raw, json)
Hash identifier: 876Tbwr8R7E6cqklRXucVLanPCo+0YjfSu+zyDevyFU=
Subject key identifier: 3C:8A:0A:6B:49:CC:97:4B:03:03:CB:0F:1D:86:73:FF:32:A0:C9:DC
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824E58CE60B71AABEB41AFC90340C9F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PIoKa0nMl0sDA8sPHYZz_zKgydw.roa
Signing time: Thu 02 Jan 2025 17:51:34 +0000
ROA not before: Thu 02 Jan 2025 17:51:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 194.135.30.0/24 maxlen: 24
195.58.35.0/24 maxlen: 24
212.192.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:e5:8c:e6:0b:71:aa:be:b4:1a:fc:90:34:0c:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3c8a0a6b49cc974b0303cb0f1d8673ff32a0c9dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:37:cd:8e:95:88:20:cb:a7:8d:a3:37:65:a0:
fb:96:b5:f8:b1:e7:4c:37:79:8d:b7:58:e7:ae:f3:
3b:26:9a:02:6e:01:92:46:f9:cd:06:9e:5c:b0:ed:
82:54:7b:1d:53:d8:9b:35:52:6f:59:12:ae:47:8e:
d2:0a:a9:f6:61:8b:78:79:b7:37:30:21:db:c7:9e:
9b:3c:78:e9:73:2a:f0:c1:14:c0:23:be:4d:ea:a1:
dd:23:17:08:f1:97:ec:b5:3b:72:fc:98:f2:f9:a1:
15:72:69:63:dd:5f:10:d7:d5:38:5f:4e:1a:2b:6d:
0f:94:15:cf:41:ed:69:10:e0:86:fd:09:5b:f1:40:
90:ef:85:06:7b:10:9c:17:20:8c:89:0c:de:1f:31:
00:f6:fe:e8:8f:53:b9:4d:ea:40:18:e0:62:e4:74:
4e:26:fa:dc:1a:d4:7b:70:e2:a3:cc:0d:b1:ef:6f:
51:f1:8a:a2:24:97:db:37:91:78:64:46:67:30:f5:
c3:20:83:59:3f:d6:65:90:02:ae:9d:b9:b3:29:8d:
a3:b3:d8:75:67:8c:ee:0a:f4:fa:71:41:00:b9:4e:
d4:76:75:ce:93:20:c4:37:e7:4c:e5:2c:54:02:f4:
83:0c:57:c0:28:b9:b0:7e:f6:1e:63:c0:ad:53:ef:
90:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:8A:0A:6B:49:CC:97:4B:03:03:CB:0F:1D:86:73:FF:32:A0:C9:DC
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PIoKa0nMl0sDA8sPHYZz_zKgydw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.135.30.0/24
195.58.35.0/24
212.192.254.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:6a:21:c9:01:7d:2d:7d:c1:97:6a:64:e3:6d:44:33:7a:c4:
44:f6:f6:ba:bd:f1:41:e3:a0:b6:77:c0:e1:fd:0b:68:c4:02:
60:b5:f1:c3:1c:47:f7:f4:11:47:1c:91:88:79:f9:5f:ce:22:
9f:a3:ae:0f:0b:ae:20:1e:40:c4:16:75:40:a1:f8:d0:a2:c6:
09:17:81:b0:d3:8b:7f:63:ed:8f:b6:da:eb:0c:bc:53:8e:c0:
d3:e3:06:03:35:09:ef:35:2e:cb:26:69:31:3a:5d:1f:d2:05:
22:11:6c:2c:57:a2:11:95:14:26:45:13:56:d7:e1:17:fd:02:
c1:7b:c4:67:f2:79:88:09:3b:aa:bb:4f:f7:d2:74:d1:52:63:
89:ab:2c:7f:4c:ee:3d:aa:44:19:b0:77:b1:c7:83:d6:16:88:
5f:fe:17:17:d0:5e:39:19:83:57:8a:a6:b2:c7:4e:6a:46:ac:
27:50:bb:10:ec:a3:b3:57:cd:ce:87:f7:04:56:f8:c6:61:2c:
fb:06:50:9e:f6:53:c2:68:e3:cf:b3:e6:ad:10:f8:9e:4e:e8:
3b:bd:67:5b:4a:de:ae:c7:30:07:88:04:5c:f7:8e:86:92:35:
d2:94:c3:d0:ea:fd:99:7a:16:e8:22:62:df:3c:de:a8:e4:0c:
9c:c8:3f:d5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJOWM5gtxqr60GvyQNAyfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzhhMGE2YjQ5Y2M5NzRiMDMwM2NiMGYxZDg2NzNmZjMyYTBjOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjfNjpWIIMunjaM3ZaD7lrX4sedM
N3mNt1jnrvM7JpoCbgGSRvnNBp5csO2CVHsdU9ibNVJvWRKuR47SCqn2YYt4ebc3
MCHbx56bPHjpcyrwwRTAI75N6qHdIxcI8ZfstTty/Jjy+aEVcmlj3V8Q19U4X04a
K20PlBXPQe1pEOCG/Qlb8UCQ74UGexCcFyCMiQzeHzEA9v7oj1O5TepAGOBi5HRO
JvrcGtR7cOKjzA2x729R8YqiJJfbN5F4ZEZnMPXDIINZP9ZlkAKunbmzKY2js9h1
Z4zuCvT6cUEAuU7UdnXOkyDEN+dM5SxUAvSDDFfAKLmwfvYeY8CtU++QPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDyKCmtJzJdLAwPLDx2Gc/8yoMncMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUElvS2Ewbk1sMHNEQThzUEhZWnpfektneWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwoceAwQA
wzojAwQA1MD+MA0GCSqGSIb3DQEBCwUAA4IBAQAcaiHJAX0tfcGXamTjbUQzesRE
9va6vfFB46C2d8Dh/QtoxAJgtfHDHEf39BFHHJGIeflfziKfo64PC64gHkDEFnVA
ofjQosYJF4Gw04t/Y+2PttrrDLxTjsDT4wYDNQnvNS7LJmkxOl0f0gUiEWwsV6IR
lRQmRRNW1+EX/QLBe8Rn8nmICTuqu0/30nTRUmOJqyx/TO49qkQZsHexx4PWFohf
/hcX0F45GYNXiqayx05qRqwnULsQ7KOzV83Oh/cEVvjGYSz7BlCe9lPCaOPPs+at
EPieTug7vWdbSt6uxzAHiARc946GkjXSlMPQ6v2ZehboImLfPN6o5AycyD/V
-----END CERTIFICATE-----
Generated at Sun Jun 8 16:13:03 2025 by rpki-client