Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RLsMFS1WtVGoCw3NX-npxC3oLUs.roa
File: RLsMFS1WtVGoCw3NX-npxC3oLUs.roa (raw, json)
Hash identifier: eAD5EkJl7KXuUi6bJpOJ3/9EIoyWVTkBUmSydRga7ug=
Subject key identifier: 44:BB:0C:15:2D:56:B5:51:A8:0B:0D:CD:5F:E9:E9:C4:2D:E8:2D:4B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0194466E6243A1786F78767610734674E271
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RLsMFS1WtVGoCw3NX-npxC3oLUs.roa
Signing time: Wed 08 Jan 2025 15:00:26 +0000
ROA not before: Wed 08 Jan 2025 15:00:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.224.0/23 maxlen: 23
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.73.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:46:6e:62:43:a1:78:6f:78:76:76:10:73:46:74:e2:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 8 15:00:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=44bb0c152d56b551a80b0dcd5fe9e9c42de82d4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:67:17:14:78:d6:50:c8:47:34:7f:fc:d7:cc:
69:54:d5:4c:57:ec:fb:59:01:21:61:37:a2:e3:5b:
c7:a4:3e:79:4c:c6:2d:a0:19:d4:da:cb:86:8f:e4:
9d:dd:1c:2b:72:30:44:bb:ac:93:75:ec:f4:f2:91:
30:53:0c:19:15:5e:d0:89:85:40:23:0f:e7:00:2b:
3c:fa:ba:c5:18:30:df:a2:2a:c3:da:2d:a6:7d:fb:
17:77:cd:44:5f:ff:d9:da:26:77:71:8d:c6:70:72:
f1:9e:84:a0:76:4e:99:f5:a0:0d:74:17:3b:f4:e8:
59:ba:ce:96:f2:a2:7e:8f:ec:ad:8f:f9:f7:e8:b8:
09:7c:48:f5:cf:13:80:b4:fd:20:e1:4c:8b:22:80:
73:ab:b5:5d:f6:0f:ca:d0:3a:b8:2e:f2:ea:14:f1:
d9:7c:87:61:99:81:8b:8e:c1:09:c2:2a:d0:f9:0b:
84:40:c9:7b:ee:9b:d5:44:75:00:fb:c0:3b:d9:36:
83:0d:d7:03:44:a1:af:b8:55:14:c3:71:65:d9:48:
10:59:98:84:2a:83:2b:f3:d8:8e:c4:61:42:71:ee:
f0:17:c1:42:3b:f9:31:21:ed:3f:b0:c7:8b:b8:bd:
45:ac:3a:56:b5:a9:5f:85:83:f2:b3:45:65:52:f8:
e2:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:BB:0C:15:2D:56:B5:51:A8:0B:0D:CD:5F:E9:E9:C4:2D:E8:2D:4B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/RLsMFS1WtVGoCw3NX-npxC3oLUs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.224.0/23
194.58.155.0/24
194.85.251.0/24
194.87.73.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
40:b1:24:26:78:92:61:de:38:d1:23:2e:b7:af:f2:ee:0e:f4:
df:01:5e:2a:bf:d7:75:00:4b:e5:fc:6f:c4:80:40:a3:d9:3b:
52:78:ce:9f:59:56:37:32:a1:71:ba:78:9f:03:82:fa:67:bb:
fc:f2:45:1d:5e:41:14:41:f5:4b:0a:30:12:d8:b5:a3:98:f9:
75:8a:39:35:d6:9a:42:8b:61:3e:31:53:f3:99:ba:ab:4e:f0:
b8:a2:b9:14:b3:68:b2:58:bd:f5:68:07:cb:63:10:f6:e9:ee:
a5:98:1b:7a:90:20:51:55:e6:00:c9:c8:89:cb:a2:cc:80:9a:
cb:86:51:4b:6d:6b:ca:ec:04:50:c8:cb:4a:d4:1e:aa:db:e1:
9f:af:d4:d5:b9:d1:d0:07:94:58:c5:96:0d:17:55:11:2d:ea:
fe:f1:e9:84:ce:1a:31:56:a4:ea:47:4e:98:84:5d:9b:5d:3e:
4c:64:b6:fd:92:4f:41:e3:e3:78:b6:b4:95:d8:ef:ac:3f:f2:
34:f5:7b:0f:4a:4a:d4:70:78:2e:db:f2:4d:71:90:93:d8:18:
08:13:57:e1:c5:5c:3b:ef:ca:d4:20:cd:a2:b9:20:7d:d9:1c:
10:0f:79:df:11:47:50:79:a6:31:bf:2d:93:89:b2:79:78:c9:
dd:ae:d5:49
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZRGbmJDoXhveHZ2EHNGdOJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTA4MTUwMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGJiMGMxNTJkNTZiNTUxYTgwYjBkY2Q1ZmU5ZTljNDJkZTgyZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGcXFHjWUMhHNH/818xpVNVMV+z7
WQEhYTei41vHpD55TMYtoBnU2suGj+Sd3RwrcjBEu6yTdez08pEwUwwZFV7QiYVA
Iw/nACs8+rrFGDDfoirD2i2mffsXd81EX//Z2iZ3cY3GcHLxnoSgdk6Z9aANdBc7
9OhZus6W8qJ+j+ytj/n36LgJfEj1zxOAtP0g4UyLIoBzq7Vd9g/K0Dq4LvLqFPHZ
fIdhmYGLjsEJwirQ+QuEQMl77pvVRHUA+8A72TaDDdcDRKGvuFUUw3Fl2UgQWZiE
KoMr89iOxGFCce7wF8FCO/kxIe0/sMeLuL1FrDpWtalfhYPys0VlUvjiYwIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFES7DBUtVrVRqAsNzV/p6cQt6C1LMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUkxzTUZTMVd0VkdvQ3czTlgtbnB4QzNvTFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQBwXzgAwQA
wjqbAwQAwlX7AwQAwldJAwQAwlepAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQB
w4UyAwQAw4U7AwQBw4VcAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkq
hkiG9w0BAQsFAAOCAQEAQLEkJniSYd440SMut6/y7g703wFeKr/XdQBL5fxvxIBA
o9k7UnjOn1lWNzKhcbp4nwOC+me7/PJFHV5BFEH1SwowEti1o5j5dYo5NdaaQoth
PjFT85m6q07wuKK5FLNosli99WgHy2MQ9unupZgbepAgUVXmAMnIicuizICay4ZR
S21ryuwEUMjLStQeqtvhn6/U1bnR0AeUWMWWDRdVES3q/vHphM4aMVak6kdOmIRd
m10+TGS2/ZJPQePjeLa0ldjvrD/yNPV7D0pK1HB4LtvyTXGQk9gYCBNX4cVcO+/K
1CDNorkgfdkcEA953xFHUHmmMb8tk4myeXjJ3a7VSQ==
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:14:08 2025 by rpki-client