Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VtjgQkg8SNSwZAJWquHHBkyPLAY.roa
File: VtjgQkg8SNSwZAJWquHHBkyPLAY.roa (raw, json)
Hash identifier: 9ixtDcthl/DBf3BRQT6d1BcdqJTJioBq57BJ8tGRQks=
Subject key identifier: 56:D8:E0:42:48:3C:48:D4:B0:64:02:56:AA:E1:C7:06:4C:8F:2C:06
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824FFB278E2B9043AA21DC21425EFFA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VtjgQkg8SNSwZAJWquHHBkyPLAY.roa
Signing time: Thu 02 Jan 2025 17:51:40 +0000
ROA not before: Thu 02 Jan 2025 17:51:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204769
IP address blocks: 195.133.78.0/24 maxlen: 24
212.192.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:ff:b2:78:e2:b9:04:3a:a2:1d:c2:14:25:ef:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=56d8e042483c48d4b0640256aae1c7064c8f2c06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:af:64:37:30:7b:ee:56:bb:fc:df:aa:fc:86:
ac:9e:c8:e0:ca:f3:49:8e:18:6d:4c:29:e2:ce:f8:
7d:fe:30:e1:3f:cb:c5:1f:25:e1:b5:b7:81:fa:97:
9f:e0:d8:14:99:f2:87:2d:12:b3:de:62:cf:7e:85:
72:fe:aa:d0:be:9d:eb:1a:fb:28:75:45:2a:79:30:
48:de:b7:ea:0e:d4:6f:fd:2a:21:65:bd:0d:a1:ae:
fd:2c:59:11:e8:ac:87:8d:5f:f6:ee:e7:8a:64:90:
d4:e4:93:55:76:f8:e2:20:25:b3:67:7a:dd:5c:13:
83:46:52:5f:57:39:b3:df:73:6f:41:36:c4:47:68:
c4:15:d5:76:e0:d6:7d:6e:32:bd:42:cb:bf:0e:6a:
11:60:91:ea:66:7d:08:9a:69:6c:68:7b:d2:75:c0:
93:f3:89:09:87:de:66:7d:a7:09:00:8f:65:39:2d:
ef:16:22:96:28:e7:05:2d:cb:8c:45:6e:a3:4b:1b:
9d:1e:91:24:66:7f:7b:00:d8:4a:18:29:75:8c:25:
d6:46:94:b9:bb:dd:72:58:91:82:d2:0d:2c:e8:57:
6d:bd:ae:77:e9:3d:07:21:4f:de:9b:7a:ae:17:c0:
6e:03:f1:1b:21:73:12:68:15:a3:dc:d0:b5:78:ad:
8e:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:D8:E0:42:48:3C:48:D4:B0:64:02:56:AA:E1:C7:06:4C:8F:2C:06
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/VtjgQkg8SNSwZAJWquHHBkyPLAY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.133.78.0/24
212.192.213.0/24
Signature Algorithm: sha256WithRSAEncryption
78:b1:6b:46:ce:e6:cb:3b:4c:74:60:6f:ec:10:bb:ef:d0:f6:
b6:c4:8b:15:be:84:7e:c5:8e:fe:d3:ba:16:48:a4:c2:b7:64:
b9:fa:ad:80:dd:ee:8e:97:6b:04:ef:f5:d2:ca:9e:23:d9:51:
ee:8c:c3:d5:cd:50:8b:4b:b6:fb:76:cf:52:43:f3:92:73:5d:
25:3a:4a:4f:95:f8:4f:16:09:2a:bc:15:3c:b9:da:ab:8b:2a:
0e:7d:04:c5:c9:81:8b:7f:0b:d6:5d:ef:aa:06:76:ea:93:82:
e7:a6:00:37:b0:f1:f2:b9:03:fc:6e:f6:fc:37:07:31:a5:84:
ea:c3:1a:b1:15:38:e4:53:92:fd:4d:ee:42:18:6b:93:a1:a2:
e7:72:86:73:5d:05:86:7f:b6:77:05:c9:fe:25:b9:6d:1a:18:
00:93:ff:94:4b:e4:7d:01:56:32:a2:76:e9:56:ee:4a:ae:e6:
b4:0d:cc:98:e3:31:8e:70:13:ba:b3:5b:7e:54:c1:f2:aa:93:
05:94:19:ad:e7:c0:34:bf:14:3c:04:dc:fe:09:a9:48:d5:7d:
d0:b8:d4:cf:e6:bb:dc:72:31:6f:85:30:66:d6:0b:e8:a2:40:
cf:65:c4:c9:3f:82:aa:da:c9:3e:40:e0:96:10:96:6a:2b:2f:
1f:66:bd:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJP+yeOK5BDqiHcIUJe/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmQ4ZTA0MjQ4M2M0OGQ0YjA2NDAyNTZhYWUxYzcwNjRjOGYyYzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnq9kNzB77la7/N+q/IasnsjgyvNJ
jhhtTCnizvh9/jDhP8vFHyXhtbeB+pef4NgUmfKHLRKz3mLPfoVy/qrQvp3rGvso
dUUqeTBI3rfqDtRv/SohZb0Noa79LFkR6KyHjV/27ueKZJDU5JNVdvjiICWzZ3rd
XBODRlJfVzmz33NvQTbER2jEFdV24NZ9bjK9Qsu/DmoRYJHqZn0ImmlsaHvSdcCT
84kJh95mfacJAI9lOS3vFiKWKOcFLcuMRW6jSxudHpEkZn97ANhKGCl1jCXWRpS5
u91yWJGC0g0s6Fdtva536T0HIU/em3quF8BuA/EbIXMSaBWj3NC1eK2ObQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFbY4EJIPEjUsGQCVqrhxwZMjywGMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVnRqZ1FrZzhTTlN3WkFKV3F1SEhCa3lQTEFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4VOAwQA
1MDVMA0GCSqGSIb3DQEBCwUAA4IBAQB4sWtGzubLO0x0YG/sELvv0Pa2xIsVvoR+
xY7+07oWSKTCt2S5+q2A3e6Ol2sE7/XSyp4j2VHujMPVzVCLS7b7ds9SQ/OSc10l
OkpPlfhPFgkqvBU8udqriyoOfQTFyYGLfwvWXe+qBnbqk4LnpgA3sPHyuQP8bvb8
NwcxpYTqwxqxFTjkU5L9Te5CGGuToaLncoZzXQWGf7Z3Bcn+JbltGhgAk/+US+R9
AVYyonbpVu5Krua0DcyY4zGOcBO6s1t+VMHyqpMFlBmt58A0vxQ8BNz+CalI1X3Q
uNTP5rvccjFvhTBm1gvookDPZcTJP4Kq2sk+QOCWEJZqKy8fZr0R
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:57:46 2025 by rpki-client