Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YnZYeINUag6LLAwvYHGNWkk1psI.roa
File: YnZYeINUag6LLAwvYHGNWkk1psI.roa (raw, json)
Hash identifier: +ltgkfDHp8srKA7bhFbGAcRJ23aM3/Ie+3u8j/CRGn0=
Subject key identifier: 62:76:58:78:83:54:6A:0E:8B:2C:0C:2F:60:71:8D:5A:49:35:A6:C2
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0194A8299BB1916FAD7D491301B796DFA37D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YnZYeINUag6LLAwvYHGNWkk1psI.roa
Signing time: Mon 27 Jan 2025 14:28:06 +0000
ROA not before: Mon 27 Jan 2025 14:28:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.89.0/24 maxlen: 24
193.124.207.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:a8:29:9b:b1:91:6f:ad:7d:49:13:01:b7:96:df:a3:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 27 14:28:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6276587883546a0e8b2c0c2f60718d5a4935a6c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:ad:28:94:af:8a:e6:75:e6:ff:ca:1b:e0:48:
11:30:8f:65:9a:f0:2f:85:ae:e5:53:34:01:61:99:
29:ce:fc:00:fc:36:32:8c:f3:d7:9b:b5:f5:c9:f1:
37:50:3f:f2:fa:d4:56:08:f3:ab:80:41:73:6a:23:
71:70:d6:67:9f:bf:ac:66:d2:88:50:55:27:5b:5c:
5f:fc:86:91:43:25:e3:a4:97:f4:db:34:f8:bc:58:
4e:db:10:18:16:f0:c3:5f:61:50:fa:3f:ec:c8:d7:
c5:3d:11:69:a7:a6:62:ad:18:70:a2:76:5f:17:27:
c1:0b:c7:ca:41:08:c8:13:9e:54:fc:ff:35:1d:9c:
a9:c6:4a:aa:6e:ce:73:d3:42:88:c9:50:e7:69:e7:
de:4c:ce:9a:e2:3f:64:76:ca:68:e3:71:b8:dc:98:
d7:5c:5f:5b:76:f5:3d:84:ce:92:33:82:0b:e8:95:
e6:9d:1a:29:f8:33:ad:d0:6e:e0:52:32:75:95:64:
b7:96:48:c4:ab:de:f9:2e:77:1f:bf:fd:9a:e2:1f:
e7:65:1a:f0:82:14:c1:6f:dc:8e:29:21:91:76:70:
7e:95:d8:4a:20:4b:3e:10:3d:d2:ed:c3:86:72:d2:
f6:6f:58:40:25:2e:bd:99:f3:66:f2:2f:59:0c:2a:
37:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:76:58:78:83:54:6A:0E:8B:2C:0C:2F:60:71:8D:5A:49:35:A6:C2
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/YnZYeINUag6LLAwvYHGNWkk1psI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.89.0/24
193.124.207.0/24
194.58.155.0/24
194.85.251.0/24
194.87.169.0/24
194.87.224.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
2f:04:05:99:e9:32:d1:9f:38:18:e7:44:5e:6b:cc:4e:4f:c0:
a0:20:3e:7a:84:8c:5e:7e:0a:fc:8f:f1:e3:3a:98:46:8f:bf:
8b:40:a6:4c:cf:4a:f9:da:46:cd:93:d0:2f:5c:30:b6:ba:56:
7b:4e:6d:80:73:e7:75:5c:bd:2c:9b:99:9d:53:56:f5:0f:20:
d7:87:47:a1:48:91:07:da:f8:9b:c8:22:fe:38:41:b8:62:85:
39:12:fb:01:76:1d:14:3e:a3:29:a6:45:f6:cb:df:9f:bb:eb:
d2:d6:17:74:7b:cb:a4:0a:03:9b:dc:04:91:90:25:f4:58:dd:
8c:63:44:63:e8:5b:da:5d:65:71:9b:46:f2:27:34:9c:09:39:
bc:d9:49:d2:ec:3c:fa:a3:d9:e5:07:e6:75:6c:23:df:03:f7:
43:52:af:34:15:38:9e:b0:a8:cf:c1:d8:33:14:9c:4e:45:d0:
bf:98:f8:37:93:4b:7b:3b:cb:cf:22:1c:79:2e:49:5f:2c:f9:
33:7c:76:e0:eb:a2:ff:e4:e6:1d:4e:22:97:b6:d1:12:32:b4:
ec:73:f9:31:2f:14:df:6b:ed:30:36:bf:3d:12:3c:f7:6e:0a:
b4:a2:db:e1:e8:8e:57:ac:a3:da:1c:57:d3:7d:d7:13:aa:d9:
3c:a0:c5:b7
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZSoKZuxkW+tfUkTAbeW36N9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTI3MTQyODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjc2NTg3ODgzNTQ2YTBlOGIyYzBjMmY2MDcxOGQ1YTQ5MzVhNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoq0olK+K5nXm/8ob4EgRMI9lmvAv
ha7lUzQBYZkpzvwA/DYyjPPXm7X1yfE3UD/y+tRWCPOrgEFzaiNxcNZnn7+sZtKI
UFUnW1xf/IaRQyXjpJf02zT4vFhO2xAYFvDDX2FQ+j/syNfFPRFpp6ZirRhwonZf
FyfBC8fKQQjIE55U/P81HZypxkqqbs5z00KIyVDnaefeTM6a4j9kdspo43G43JjX
XF9bdvU9hM6SM4IL6JXmnRop+DOt0G7gUjJ1lWS3lkjEq975Lncfv/2a4h/nZRrw
ghTBb9yOKSGRdnB+ldhKIEs+ED3S7cOGctL2b1hAJS69mfNm8i9ZDCo3vwIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFGJ2WHiDVGoOiywML2BxjVpJNabCMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWW5aWWVJTlVhZzZMTEF3dllIR05Xa2sxcHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBOBAIAATBIAwQAwXxZAwQA
wXzPAwQAwjqbAwQAwlX7AwQAwlepAwQAwlfgAwQBw4UYAwQBw4UoAwQBw4UyAwQA
w4U7AwQBw4VcAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0B
AQsFAAOCAQEALwQFmeky0Z84GOdEXmvMTk/AoCA+eoSMXn4K/I/x4zqYRo+/i0Cm
TM9K+dpGzZPQL1wwtrpWe05tgHPndVy9LJuZnVNW9Q8g14dHoUiRB9r4m8gi/jhB
uGKFORL7AXYdFD6jKaZF9svfn7vr0tYXdHvLpAoDm9wEkZAl9FjdjGNEY+hb2l1l
cZtG8ic0nAk5vNlJ0uw8+qPZ5QfmdWwj3wP3Q1KvNBU4nrCoz8HYMxScTkXQv5j4
N5NLezvLzyIceS5JXyz5M3x24Oui/+TmHU4il7bREjK07HP5MS8U32vtMDa/PRI8
924KtKLb4eiOV6yj2hxX033XE6rZPKDFtw==
-----END CERTIFICATE-----
Generated at Sun Apr 20 18:55:09 2025 by rpki-client