Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YTdweOrytT98uRfiTzStNb03DKs.roa
File: YTdweOrytT98uRfiTzStNb03DKs.roa (raw, json)
Hash identifier: w3ILxtTryk/ZyAnzJ/X4zsNgq+3fvrLpu8D2dq9z7/o=
Subject key identifier: 61:37:70:78:EA:F2:B5:3F:7C:B9:17:E2:4F:34:AD:35:BD:37:0C:AB
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01938587810A88BF860B713259020BF007FC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YTdweOrytT98uRfiTzStNb03DKs.roa
Signing time: Mon 02 Dec 2024 04:01:10 +0000
ROA not before: Mon 02 Dec 2024 04:01:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.89.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.17.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.37.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.1.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:85:87:81:0a:88:bf:86:0b:71:32:59:02:0b:f0:07:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 2 04:01:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=61377078eaf2b53f7cb917e24f34ad35bd370cab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:a0:49:b4:36:1d:25:03:c5:77:d9:58:c7:56:
e2:5a:ae:01:4c:0c:df:38:82:fd:55:04:52:e9:66:
34:11:f5:56:34:dc:ef:97:ac:12:fc:57:73:19:a7:
7c:b2:6b:56:35:9e:be:86:ec:ad:ae:1e:5a:08:f3:
c5:04:9d:b1:b5:4b:db:37:f2:08:40:99:b9:ae:38:
33:0e:e1:fe:e3:18:a8:a2:50:74:e0:5a:5e:d0:c1:
93:e6:a5:67:3f:82:60:d6:fc:72:2b:aa:d7:bb:57:
3d:13:d1:f7:a1:f5:0e:49:85:88:af:3c:65:7c:a1:
a0:81:05:00:d1:24:d7:ce:72:6e:9f:ff:85:0b:83:
19:bc:d8:32:d2:91:e0:cc:54:71:25:6a:99:12:f4:
de:de:df:7f:f7:b2:21:41:96:35:93:bc:e1:a0:cd:
80:d5:ed:71:e6:18:2e:1a:37:9a:41:cc:2c:02:8b:
1f:c3:ba:4e:4c:92:e8:be:70:ea:3a:c0:35:a4:96:
23:ec:ce:de:18:9d:96:9b:22:ac:46:85:81:c4:ba:
e6:09:e3:4c:5f:8c:ea:de:5e:7c:da:a0:52:19:2a:
d7:33:95:da:72:a0:0d:cb:03:c8:a2:8c:39:5c:4a:
0e:69:c5:fd:44:f2:d7:81:72:13:87:31:41:f1:4c:
34:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:37:70:78:EA:F2:B5:3F:7C:B9:17:E2:4F:34:AD:35:BD:37:0C:AB
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YTdweOrytT98uRfiTzStNb03DKs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.89.0/24
194.58.155.0/24
194.85.251.0/24
194.87.17.0/24
194.87.108.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.37.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.1.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
0c:45:0f:ae:e2:b9:e6:48:c1:28:98:6b:42:4f:c1:25:7e:65:
fc:87:7f:dd:ce:22:01:46:f6:92:db:2f:49:94:d8:b6:fe:cc:
44:27:44:83:f0:ea:40:7b:06:5a:33:28:83:70:97:cf:29:1b:
7c:92:1e:dc:bb:02:6c:fc:a0:b8:89:8a:d7:1b:36:c0:01:77:
44:16:17:6d:6d:69:f6:e0:52:dc:7a:9a:4a:07:93:25:fd:06:
d4:46:67:77:e8:7d:b9:60:83:bd:0d:8f:9a:83:4a:c8:3b:c6:
0f:a2:58:df:ef:da:62:62:78:e1:87:02:94:7d:d8:e2:b5:24:
21:d6:44:94:4e:b9:71:f4:25:6d:bd:0a:92:0e:9d:6e:cd:e2:
9a:b3:b7:c9:85:45:14:e8:29:c4:5b:e6:4e:d2:a0:84:f7:d3:
07:c9:1b:06:b3:10:9c:69:52:c2:85:e2:93:90:24:18:c0:0d:
86:0a:2c:2b:71:bd:38:3c:72:05:1a:db:c6:92:e2:b0:99:fc:
c6:60:52:d4:b8:a4:98:e6:02:e3:2b:85:ee:4e:54:90:76:a5:
e3:c3:04:7a:09:5c:76:33:91:27:97:50:53:0d:2d:49:20:f3:
74:9d:5e:4f:94:84:6f:0e:88:bb:e3:c4:e7:9f:1c:af:3a:36:
00:46:fe:2d
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAZOFh4EKiL+GC3EyWQIL8Af8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjAyMDQwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTM3NzA3OGVhZjJiNTNmN2NiOTE3ZTI0ZjM0YWQzNWJkMzcwY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKBJtDYdJQPFd9lYx1biWq4BTAzf
OIL9VQRS6WY0EfVWNNzvl6wS/FdzGad8smtWNZ6+huytrh5aCPPFBJ2xtUvbN/II
QJm5rjgzDuH+4xioolB04Fpe0MGT5qVnP4Jg1vxyK6rXu1c9E9H3ofUOSYWIrzxl
fKGggQUA0STXznJun/+FC4MZvNgy0pHgzFRxJWqZEvTe3t9/97IhQZY1k7zhoM2A
1e1x5hguGjeaQcwsAosfw7pOTJLovnDqOsA1pJYj7M7eGJ2WmyKsRoWBxLrmCeNM
X4zq3l582qBSGSrXM5XacqANywPIoow5XEoOacX9RPLXgXIThzFB8Uw0FQIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFGE3cHjq8rU/fLkX4k80rTW9NwyrMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWVRkd2VPcnl0VDk4dVJmaVR6U3ROYjAzREtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwYAQCAAEwWgMEAMF8WQME
AMI6mwMEAMJV+wMEAMJXEQMEAMJXbAMEAMJXqQMEAMJX4AMEAMKHIQMEAcOFGAME
AMOFJQMEAcOFKAMEAcOFMgMEAcOFXAMEANTAAQMEAdTBGjAUBAIAAjAOAwUDKgFX
wAMFAyoM/0AwDQYJKoZIhvcNAQELBQADggEBAAxFD67iueZIwSiYa0JPwSV+ZfyH
f93OIgFG9pLbL0mU2Lb+zEQnRIPw6kB7BlozKINwl88pG3ySHty7Amz8oLiJitcb
NsABd0QWF21tafbgUtx6mkoHkyX9BtRGZ3fofblgg70Nj5qDSsg7xg+iWN/v2mJi
eOGHApR92OK1JCHWRJROuXH0JW29CpIOnW7N4pqzt8mFRRToKcRb5k7SoIT30wfJ
GwazEJxpUsKF4pOQJBjADYYKLCtxvTg8cgUa28aS4rCZ/MZgUtS4pJjmAuMrhe5O
VJB2pePDBHoJXHYzkSeXUFMNLUkg83SdXk+UhG8OiLvjxOefHK86NgBG/i0=
-----END CERTIFICATE-----
Generated at Tue May 6 00:38:14 2025 by rpki-client