Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TPvyrDwjHrsGIt_RBs6oGGtermw.roa
File: TPvyrDwjHrsGIt_RBs6oGGtermw.roa (raw, json)
Hash identifier: Vb43E8x/Bz2jHxY7CMfqMIEEaXxK5xeVly6UpT3iG64=
Subject key identifier: 4C:FB:F2:AC:3C:23:1E:BB:06:22:DF:D1:06:CE:A8:18:6B:5E:AE:6C
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193D37E31EAF2E823654E6247466244C2FD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TPvyrDwjHrsGIt_RBs6oGGtermw.roa
Signing time: Tue 17 Dec 2024 07:21:23 +0000
ROA not before: Tue 17 Dec 2024 07:21:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215224
IP address blocks: 193.124.227.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:d3:7e:31:ea:f2:e8:23:65:4e:62:47:46:62:44:c2:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 17 07:21:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4cfbf2ac3c231ebb0622dfd106cea8186b5eae6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:7e:6f:bf:d1:94:08:8c:6b:d6:7c:40:a9:54:
22:31:ce:51:4b:27:58:d0:ca:24:2c:a3:85:ad:de:
6e:e0:c1:cb:cf:49:fb:62:77:fe:d5:aa:17:81:1a:
1d:ef:8b:34:5d:9b:77:88:2f:82:e0:34:97:e1:b2:
9e:97:15:c5:40:d0:8e:df:75:10:40:fd:46:89:c4:
f2:c4:37:e6:13:15:6e:85:ae:d7:19:86:a7:0c:20:
e0:f3:d3:df:23:68:cf:af:b4:ff:e7:49:5e:ac:72:
83:17:78:02:7d:47:68:32:3d:51:b8:62:6a:5c:d8:
9c:98:ee:5d:e7:73:a5:ec:67:f2:26:13:8f:5a:8c:
e8:34:0b:4a:12:96:45:9d:af:f3:72:08:2d:fd:f0:
f5:ba:58:f7:81:84:d1:48:13:e7:74:13:58:4d:6f:
2e:ba:0f:36:ec:bc:3c:37:5e:a2:72:24:1d:64:dd:
25:a2:79:52:11:4d:f0:d0:8d:cc:5a:f2:f8:bf:49:
6b:74:56:8a:ce:0c:2c:69:b4:65:d6:aa:98:ef:44:
0e:84:c8:00:d0:3b:e8:d8:d7:85:50:26:cd:31:c3:
29:aa:8b:bc:97:ea:f6:9d:d8:7e:53:70:04:6b:35:
1b:82:0d:a3:5b:9c:c5:05:d7:06:36:8a:e4:b9:34:
cd:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:FB:F2:AC:3C:23:1E:BB:06:22:DF:D1:06:CE:A8:18:6B:5E:AE:6C
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/TPvyrDwjHrsGIt_RBs6oGGtermw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.135.46.0/24
195.133.55.0/24
195.133.59.0/24
Signature Algorithm: sha256WithRSAEncryption
45:e8:f4:7b:b6:7e:da:08:99:85:1f:a1:5e:39:e9:b5:b4:e4:
1c:a7:cc:fe:4c:5f:dd:75:4e:19:99:60:fa:80:38:10:ef:a4:
cd:f7:7e:5d:26:07:0e:85:5a:32:83:d9:41:72:a2:bd:d8:32:
5d:ba:fd:e0:46:93:98:28:63:b7:ee:f2:7a:70:38:ff:90:db:
f2:ce:38:47:33:7c:d2:7b:51:20:f1:3b:b2:22:48:81:6b:1f:
64:a8:f7:9a:a1:4e:48:f4:49:3b:09:de:1d:cc:3d:24:45:a6:
8a:fe:4a:53:60:aa:4b:3a:42:96:81:4a:07:2a:72:6a:e6:4f:
cc:8b:ba:bb:94:ff:3b:50:71:3a:a5:02:45:2c:9a:7e:4d:46:
8d:19:ff:1a:22:c9:0a:c1:c9:97:8f:e7:64:d4:36:be:b4:3d:
f1:3e:72:49:6d:35:9c:8b:e7:3a:b7:59:4a:c9:bb:cc:b7:51:
57:b6:88:46:dd:42:c5:0b:36:e0:b7:63:27:4a:5e:6f:18:ee:
2b:bd:84:f5:77:e4:f4:c3:98:be:0f:0e:da:dd:65:41:c9:fc:
3c:e5:fa:25:9a:75:6d:42:78:01:d6:36:06:f7:a3:2c:03:f7:
3f:53:42:a0:f7:12:64:4e:fd:50:68:ac:2a:00:ee:02:16:2f:
1b:7c:6c:aa
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZPTfjHq8ugjZU5iR0ZiRML9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjE3MDcyMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2ZiZjJhYzNjMjMxZWJiMDYyMmRmZDEwNmNlYTgxODZiNWVhZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwn5vv9GUCIxr1nxAqVQiMc5RSydY
0MokLKOFrd5u4MHLz0n7Ynf+1aoXgRod74s0XZt3iC+C4DSX4bKelxXFQNCO33UQ
QP1GicTyxDfmExVuha7XGYanDCDg89PfI2jPr7T/50lerHKDF3gCfUdoMj1RuGJq
XNicmO5d53Ol7GfyJhOPWozoNAtKEpZFna/zcggt/fD1ulj3gYTRSBPndBNYTW8u
ug827Lw8N16iciQdZN0lonlSEU3w0I3MWvL4v0lrdFaKzgwsabRl1qqY70QOhMgA
0Dvo2NeFUCbNMcMpqou8l+r2ndh+U3AEazUbgg2jW5zFBdcGNorkuTTN4wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEz78qw8Ix67BiLf0QbOqBhrXq5sMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVFB2eXJEd2pIcnNHSXRfUkJzNm9HR3Rlcm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwXzjAwQA
wocuAwQAw4U3AwQAw4U7MA0GCSqGSIb3DQEBCwUAA4IBAQBF6PR7tn7aCJmFH6Fe
Oem1tOQcp8z+TF/ddU4ZmWD6gDgQ76TN935dJgcOhVoyg9lBcqK92DJduv3gRpOY
KGO37vJ6cDj/kNvyzjhHM3zSe1Eg8TuyIkiBax9kqPeaoU5I9Ek7Cd4dzD0kRaaK
/kpTYKpLOkKWgUoHKnJq5k/Mi7q7lP87UHE6pQJFLJp+TUaNGf8aIskKwcmXj+dk
1Da+tD3xPnJJbTWci+c6t1lKybvMt1FXtohG3ULFCzbgt2MnSl5vGO4rvYT1d+T0
w5i+Dw7a3WVByfw85folmnVtQngB1jYG96MsA/c/U0Kg9xJkTv1QaKwqAO4CFi8b
fGyq
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:21:33 2025 by rpki-client