Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X3wN4k91F-3ADC3zYbmHmk2ItRM.roa
File: X3wN4k91F-3ADC3zYbmHmk2ItRM.roa (raw, json)
Hash identifier: nY/CWMe1agzTZAjXerJCw5PYjD9LvXWrmD297o7BRKI=
Subject key identifier: 5F:7C:0D:E2:4F:75:17:ED:C0:0C:2D:F3:61:B9:87:9A:4D:88:B5:13
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019482D729A9C1976586E34F0F188D473021
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X3wN4k91F-3ADC3zYbmHmk2ItRM.roa
Signing time: Mon 20 Jan 2025 08:32:06 +0000
ROA not before: Mon 20 Jan 2025 08:32:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.207.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:82:d7:29:a9:c1:97:65:86:e3:4f:0f:18:8d:47:30:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 20 08:32:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f7c0de24f7517edc00c2df361b9879a4d88b513
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:37:ae:42:a2:79:7f:8c:0e:f2:76:fb:45:fa:
5e:98:06:e9:a5:4d:c3:6b:2f:ad:6e:98:98:65:cc:
bd:f5:b8:0a:a7:0b:4e:0d:bc:e4:f2:2d:29:42:50:
b4:7b:18:77:ff:39:7f:fb:b5:8e:4f:1c:eb:d7:8f:
d1:32:c4:59:59:fd:1f:4f:b0:d7:c2:2f:ca:51:0c:
f8:d4:09:d6:77:16:7f:3b:4c:e4:e3:9e:ce:0f:74:
4e:e7:10:e8:51:54:f6:d0:c7:11:c8:ab:e0:14:2f:
2c:61:03:75:18:37:33:83:ba:28:f9:95:15:bb:a2:
20:08:a8:23:dd:ce:14:b5:e0:46:43:d6:f9:e5:81:
a9:fb:ed:7f:32:56:67:74:03:04:94:f1:9f:27:4b:
71:6c:3d:2c:3e:89:b7:c8:53:18:de:e0:8b:5a:6e:
69:22:6d:58:14:5e:aa:37:21:12:34:26:a2:0f:31:
be:70:37:1a:1f:2a:4d:ff:1a:64:dc:a5:45:0f:7c:
2b:f5:ab:a6:95:70:d6:e4:c9:85:06:3d:0c:ef:6a:
80:f6:de:d4:38:08:75:26:7c:95:e6:90:f3:ff:02:
05:f3:c5:fa:67:d2:63:1d:62:93:48:fc:27:11:46:
93:7a:04:07:bf:50:c1:03:30:4a:11:b2:3b:f0:fc:
cf:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:7C:0D:E2:4F:75:17:ED:C0:0C:2D:F3:61:B9:87:9A:4D:88:B5:13
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/X3wN4k91F-3ADC3zYbmHmk2ItRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.207.0/24
194.58.155.0/24
194.85.251.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
24:6b:35:77:8a:58:ff:70:0e:ac:b8:49:c4:49:43:79:05:03:
86:49:90:21:fc:59:d6:69:d0:4a:38:20:17:09:bd:18:f7:37:
3a:9e:5e:a1:d8:54:02:f0:6a:1a:ec:98:f9:6b:47:b3:6a:ad:
71:3d:e2:80:5e:48:74:3d:3f:9f:98:7a:16:14:cc:e0:a1:10:
cc:51:a1:e8:a2:01:c3:2c:fb:f1:28:21:fa:e5:b2:26:14:0a:
0b:cf:63:99:53:a8:94:99:2c:d7:7b:df:96:54:13:d2:ea:0b:
8b:a6:5b:89:61:a9:0d:47:cf:52:aa:48:bd:cf:b0:7d:e4:cc:
c3:93:2d:34:bb:23:8b:61:dd:75:2e:88:dc:de:d4:53:3d:4b:
cf:8d:57:25:66:c7:f7:2a:1e:18:2e:4a:d1:d4:0d:b3:ba:2f:
91:d9:89:25:44:38:32:84:37:46:1c:2b:f0:69:f2:21:0b:44:
c9:fe:04:b4:4e:0d:dc:ef:9a:db:f4:98:13:69:4f:db:2e:4c:
c7:90:3d:cf:d3:9a:c9:78:b5:77:c0:7e:a8:79:01:99:15:44:
79:f7:8e:65:b2:76:5d:29:68:59:08:3b:d0:b0:e3:56:c5:37:
06:56:f9:2e:73:03:40:15:b3:f3:a6:c4:48:26:c3:ed:6b:e6:
6a:68:d3:19
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZSC1ympwZdlhuNPDxiNRzAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTIwMDgzMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjdjMGRlMjRmNzUxN2VkYzAwYzJkZjM2MWI5ODc5YTRkODhiNTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjeuQqJ5f4wO8nb7RfpemAbppU3D
ay+tbpiYZcy99bgKpwtODbzk8i0pQlC0exh3/zl/+7WOTxzr14/RMsRZWf0fT7DX
wi/KUQz41AnWdxZ/O0zk457OD3RO5xDoUVT20McRyKvgFC8sYQN1GDczg7oo+ZUV
u6IgCKgj3c4UteBGQ9b55YGp++1/MlZndAMElPGfJ0txbD0sPom3yFMY3uCLWm5p
Im1YFF6qNyESNCaiDzG+cDcaHypN/xpk3KVFD3wr9aumlXDW5MmFBj0M72qA9t7U
OAh1JnyV5pDz/wIF88X6Z9JjHWKTSPwnEUaTegQHv1DBAzBKEbI78PzPxwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFF98DeJPdRftwAwt82G5h5pNiLUTMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWDN3TjRrOTFGLTNBREMzellibUhtazJJdFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBOBAIAATBIAwQAwXzPAwQA
wjqbAwQAwlX7AwQAwlepAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQBw4UyAwQA
w4U7AwQBw4VcAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0B
AQsFAAOCAQEAJGs1d4pY/3AOrLhJxElDeQUDhkmQIfxZ1mnQSjggFwm9GPc3Op5e
odhUAvBqGuyY+WtHs2qtcT3igF5IdD0/n5h6FhTM4KEQzFGh6KIBwyz78Sgh+uWy
JhQKC89jmVOolJks13vfllQT0uoLi6ZbiWGpDUfPUqpIvc+wfeTMw5MtNLsji2Hd
dS6I3N7UUz1Lz41XJWbH9yoeGC5K0dQNs7ovkdmJJUQ4MoQ3Rhwr8GnyIQtEyf4E
tE4N3O+a2/SYE2lP2y5Mx5A9z9OayXi1d8B+qHkBmRVEefeOZbJ2XSloWQg70LDj
VsU3Blb5LnMDQBWz86bESCbD7WvmamjTGQ==
-----END CERTIFICATE-----
Generated at Sun Apr 20 18:55:28 2025 by rpki-client