Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/WhL7kOzC1eHJPFkY-3O__F6NNcE.roa
File: WhL7kOzC1eHJPFkY-3O__F6NNcE.roa (raw, json)
Hash identifier: AjVeftjcU0wmjfK+eT3tL0f/2zJUxptwRQizEDNoygg=
Subject key identifier: 5A:12:FB:90:EC:C2:D5:E1:C9:3C:59:18:FB:73:BF:FC:5E:8D:35:C1
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01938323EDC594F4EBFB1022034EB8CEE9D8
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/WhL7kOzC1eHJPFkY-3O__F6NNcE.roa
Signing time: Sun 01 Dec 2024 16:53:10 +0000
ROA not before: Sun 01 Dec 2024 16:53:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.89.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.17.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.37.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.1.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:83:23:ed:c5:94:f4:eb:fb:10:22:03:4e:b8:ce:e9:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 1 16:53:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5a12fb90ecc2d5e1c93c5918fb73bffc5e8d35c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:65:49:12:cd:75:46:63:11:c1:a5:1c:89:59:
99:45:ee:69:68:91:8a:e3:4f:8c:26:db:ab:2f:90:
a4:57:eb:68:db:54:54:46:78:63:3f:e6:84:1d:20:
0b:c1:14:9e:3b:1c:32:66:f3:d2:be:de:de:7e:13:
95:0b:a8:84:4e:03:37:fb:ed:6b:ce:b0:5f:86:da:
5a:c0:04:c8:3e:d3:c7:6c:4c:a5:fb:5f:88:90:86:
5f:e2:26:20:03:47:47:0c:a8:07:4b:08:a9:b6:52:
da:88:bb:8d:8b:2b:5e:9a:40:95:41:a6:23:82:d2:
9f:02:5d:16:ab:8c:3c:ec:73:5a:67:4a:11:2b:f6:
0e:08:e2:92:47:3d:d3:2d:27:3c:4e:5f:07:c3:dc:
a5:97:f6:41:79:27:dd:2d:84:ed:1f:1f:96:1b:bc:
42:3f:4b:43:82:d5:c2:d3:36:c7:4c:25:bd:d9:ce:
69:49:69:4d:83:d1:c7:9d:76:41:43:58:23:ea:58:
10:99:7a:a1:f6:de:68:c6:16:7e:3c:b7:32:fe:3d:
54:77:dd:f0:42:f0:0b:ed:af:f9:8f:83:21:df:a7:
f3:a9:63:13:36:95:19:03:5b:fc:84:3c:ec:81:9f:
98:0d:36:50:1f:25:22:a9:3b:48:f2:c6:18:1d:a5:
81:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:12:FB:90:EC:C2:D5:E1:C9:3C:59:18:FB:73:BF:FC:5E:8D:35:C1
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/WhL7kOzC1eHJPFkY-3O__F6NNcE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.89.0/24
194.58.155.0/24
194.85.251.0/24
194.87.17.0/24
194.87.108.0/24
194.87.169.0/24
194.87.178.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.37.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.1.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
4e:30:0e:87:62:e7:f5:55:b2:03:5f:08:63:64:c9:86:89:f1:
73:dd:fc:3f:98:90:51:22:87:d8:ef:66:1e:48:1e:40:7b:d9:
3e:7e:ec:a1:d5:83:d2:c6:cd:12:bb:37:2b:3e:19:d3:0e:ab:
f0:1b:99:1b:aa:15:6b:f5:0c:29:b6:70:a5:13:8b:49:86:0b:
9e:9f:79:ca:fc:cc:f2:79:73:c3:38:10:ac:3d:bc:75:22:d5:
94:48:7b:44:3c:4b:89:cf:a8:74:14:6d:c3:6c:2c:a5:e5:75:
92:b2:ba:a9:c5:dd:0c:4d:a9:c0:b0:e7:0e:a9:27:e8:50:59:
6c:f6:1d:ac:c7:3c:b5:bd:45:5a:33:f6:f2:bd:d2:55:b7:00:
b3:be:5c:d6:0a:85:dd:5e:21:30:3a:c5:c1:4a:e5:d9:2d:48:
e1:e3:ac:60:c6:2d:69:99:06:a9:e9:78:e4:1d:eb:20:77:e8:
b1:d6:15:32:15:1f:36:9a:19:c8:c0:8a:56:4d:aa:54:fc:d0:
68:36:45:e8:a7:46:8c:b0:ee:4c:a6:f0:f8:5f:9b:4b:bf:de:
6a:51:25:28:03:a6:1a:c8:71:80:da:c9:2e:ac:d1:df:27:67:
52:6d:cd:4e:0d:1c:33:d3:09:04:d9:93:09:74:d4:25:38:3b:
19:7e:26:12
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAZODI+3FlPTr+xAiA064zunYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjAxMTY1MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTEyZmI5MGVjYzJkNWUxYzkzYzU5MThmYjczYmZmYzVlOGQzNWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmVJEs11RmMRwaUciVmZRe5paJGK
40+MJturL5CkV+to21RURnhjP+aEHSALwRSeOxwyZvPSvt7efhOVC6iETgM3++1r
zrBfhtpawATIPtPHbEyl+1+IkIZf4iYgA0dHDKgHSwiptlLaiLuNiytemkCVQaYj
gtKfAl0Wq4w87HNaZ0oRK/YOCOKSRz3TLSc8Tl8Hw9yll/ZBeSfdLYTtHx+WG7xC
P0tDgtXC0zbHTCW92c5pSWlNg9HHnXZBQ1gj6lgQmXqh9t5oxhZ+PLcy/j1Ud93w
QvAL7a/5j4Mh36fzqWMTNpUZA1v8hDzsgZ+YDTZQHyUiqTtI8sYYHaWBJQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFFoS+5DswtXhyTxZGPtzv/xejTXBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvV2hMN2tPekMxZUhKUEZrWS0zT19fRjZOTmNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MGYEAgABMGADBADBfFkD
BADCOpsDBADCVfsDBADCVxEDBADCV2wDBADCV6kDBADCV7IDBADCV+ADBADChyED
BAHDhRgDBADDhSUDBAHDhSgDBAHDhTIDBAHDhVwDBADUwAEDBAHUwRowFAQCAAIw
DgMFAyoBV8ADBQMqDP9AMA0GCSqGSIb3DQEBCwUAA4IBAQBOMA6HYuf1VbIDXwhj
ZMmGifFz3fw/mJBRIofY72YeSB5Ae9k+fuyh1YPSxs0SuzcrPhnTDqvwG5kbqhVr
9QwptnClE4tJhguen3nK/MzyeXPDOBCsPbx1ItWUSHtEPEuJz6h0FG3DbCyl5XWS
srqpxd0MTanAsOcOqSfoUFls9h2sxzy1vUVaM/byvdJVtwCzvlzWCoXdXiEwOsXB
SuXZLUjh46xgxi1pmQap6XjkHesgd+ix1hUyFR82mhnIwIpWTapU/NBoNkXop0aM
sO5MpvD4X5tLv95qUSUoA6YayHGA2skurNHfJ2dSbc1ODRwz0wkE2ZMJdNQlODsZ
fiYS
-----END CERTIFICATE-----
Generated at Sun Jun 8 23:14:25 2025 by rpki-client