Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QcHyAxexk060iHWMkNl8kKoDMjc.roa
File: QcHyAxexk060iHWMkNl8kKoDMjc.roa (raw, json)
Hash identifier: tzXdy9fbQQlNUy3Olu7sAKNJFhvo8SASojoUjzf5q2s=
Subject key identifier: 41:C1:F2:03:17:B1:93:4E:B4:88:75:8C:90:D9:7C:90:AA:03:32:37
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0194412B86B2403623D43DA8591040255222
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QcHyAxexk060iHWMkNl8kKoDMjc.roa
Signing time: Tue 07 Jan 2025 14:29:19 +0000
ROA not before: Tue 07 Jan 2025 14:29:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.224.0/23 maxlen: 23
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.192.214.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:41:2b:86:b2:40:36:23:d4:3d:a8:59:10:40:25:52:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 7 14:29:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=41c1f20317b1934eb488758c90d97c90aa033237
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:54:3d:67:58:57:da:f4:5a:de:21:0e:b6:80:
3b:85:d0:3d:b3:c8:e6:e0:ae:1c:c7:7c:26:7e:a1:
ad:9a:ad:59:b3:fe:9d:1a:4c:d2:b2:60:76:f6:b1:
9b:f3:de:90:63:5a:07:dc:d1:e9:a3:7e:8b:98:0b:
dd:d2:d3:65:7c:bf:83:5c:59:02:42:d0:8b:cd:09:
95:42:ea:d3:e0:ad:4e:e0:ea:90:5b:ce:3e:3c:f7:
3b:ce:81:fa:36:b6:ee:a0:43:f5:85:cd:a6:5b:7b:
72:96:ea:40:aa:d9:20:88:4b:71:a7:c3:26:93:6a:
a7:6b:43:29:99:9d:69:30:df:10:e4:c0:37:33:0b:
c7:33:1a:7b:cf:96:4c:6e:e6:52:c4:34:02:d3:d1:
9d:0f:91:1b:d5:95:30:f5:d4:db:72:ed:25:c6:b7:
2f:fb:4c:ab:b2:c5:64:ff:79:c7:74:bb:05:bb:7f:
95:a2:73:ac:c1:5e:07:0c:9f:3d:e6:11:b6:be:b6:
bf:d5:a6:aa:7a:0f:82:28:45:e4:36:77:9e:cc:6a:
3d:ff:88:72:5d:a5:77:73:3c:89:8b:77:87:c8:f1:
b7:0d:e2:47:fa:8c:12:33:cd:37:90:d2:f1:d4:46:
60:d3:6d:02:94:43:48:97:4c:a2:2f:fa:2b:e0:1c:
c9:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:C1:F2:03:17:B1:93:4E:B4:88:75:8C:90:D9:7C:90:AA:03:32:37
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/QcHyAxexk060iHWMkNl8kKoDMjc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.224.0/23
194.58.155.0/24
194.85.251.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.192.214.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
2d:77:e4:14:13:20:42:ba:b6:a7:b0:20:c4:f9:0a:ea:ef:4b:
be:1c:c5:25:cb:f4:44:c9:8c:da:b0:3a:74:a0:eb:52:02:be:
51:04:85:34:1f:5b:fb:85:43:b1:61:8f:72:82:4b:6b:fe:8b:
ec:c5:7f:45:31:b1:d1:a9:1d:d5:29:c6:21:1c:d0:da:e5:5a:
4b:df:8c:28:7f:2d:fa:95:29:80:f6:f7:5f:95:a2:69:5e:a5:
6d:29:90:35:ad:ab:a3:e4:37:96:aa:84:f5:52:45:db:10:80:
6c:70:b9:3a:01:c6:e5:24:ee:1f:a9:6d:1f:ca:5b:c4:41:16:
d7:02:87:ea:06:f3:ed:44:b7:99:85:d0:9a:86:6e:a0:9b:90:
26:6f:db:95:c4:08:fb:36:29:6d:7e:95:92:d8:1d:5e:06:bc:
ee:c0:69:9e:9f:cf:d7:87:d1:a2:67:d0:e9:f1:6d:53:79:6f:
b5:80:08:43:19:46:79:da:e0:0d:71:ee:54:36:f2:81:b8:24:
f0:af:ef:4d:3d:10:12:96:33:26:bc:05:b3:2c:11:1f:95:46:
cc:43:48:8f:ba:43:57:92:a4:0a:63:99:5d:9c:59:61:0a:cd:
22:db:04:50:8b:b3:a7:42:17:66:fd:f4:2b:d0:b3:46:59:ea:
cf:62:b3:03
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZRBK4ayQDYj1D2oWRBAJVIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTA3MTQyOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWMxZjIwMzE3YjE5MzRlYjQ4ODc1OGM5MGQ5N2M5MGFhMDMzMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFQ9Z1hX2vRa3iEOtoA7hdA9s8jm
4K4cx3wmfqGtmq1Zs/6dGkzSsmB29rGb896QY1oH3NHpo36LmAvd0tNlfL+DXFkC
QtCLzQmVQurT4K1O4OqQW84+PPc7zoH6NrbuoEP1hc2mW3tylupAqtkgiEtxp8Mm
k2qna0MpmZ1pMN8Q5MA3MwvHMxp7z5ZMbuZSxDQC09GdD5Eb1ZUw9dTbcu0lxrcv
+0yrssVk/3nHdLsFu3+VonOswV4HDJ895hG2vra/1aaqeg+CKEXkNneezGo9/4hy
XaV3czyJi3eHyPG3DeJH+owSM803kNLx1EZg020ClENIl0yiL/or4BzJ9wIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFEHB8gMXsZNOtIh1jJDZfJCqAzI3MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUWNIeUF4ZXhrMDYwaUhXTWtObDhrS29ETWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQBwXzgAwQA
wjqbAwQAwlX7AwQAwlepAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQBw4UyAwQA
w4U7AwQBw4VcAwQA1MDWAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkq
hkiG9w0BAQsFAAOCAQEALXfkFBMgQrq2p7AgxPkK6u9LvhzFJcv0RMmM2rA6dKDr
UgK+UQSFNB9b+4VDsWGPcoJLa/6L7MV/RTGx0akd1SnGIRzQ2uVaS9+MKH8t+pUp
gPb3X5WiaV6lbSmQNa2ro+Q3lqqE9VJF2xCAbHC5OgHG5STuH6ltH8pbxEEW1wKH
6gbz7US3mYXQmoZuoJuQJm/blcQI+zYpbX6VktgdXga87sBpnp/P14fRomfQ6fFt
U3lvtYAIQxlGedrgDXHuVDbygbgk8K/vTT0QEpYzJrwFsywRH5VGzENIj7pDV5Kk
CmOZXZxZYQrNItsEUIuzp0IXZv30K9CzRlnqz2KzAw==
-----END CERTIFICATE-----
Generated at Sun Jun 8 18:23:16 2025 by rpki-client