Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_Cl5VjnMmueL1LUQw3cO7-HPris.roa
File: _Cl5VjnMmueL1LUQw3cO7-HPris.roa (raw, json)
Hash identifier: mJPpMpRwOt7toNm9q2zlDo4HLS7I0frhUmPFyP0c8AA=
Subject key identifier: FC:29:79:56:39:CC:9A:E7:8B:D4:B5:10:C3:77:0E:EF:E1:CF:AE:2B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01938323EEA97A4DEC013AA20DEA8632EABB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_Cl5VjnMmueL1LUQw3cO7-HPris.roa
Signing time: Sun 01 Dec 2024 16:53:10 +0000
ROA not before: Sun 01 Dec 2024 16:53:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215224
IP address blocks: 195.133.59.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:83:23:ee:a9:7a:4d:ec:01:3a:a2:0d:ea:86:32:ea:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 1 16:53:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fc29795639cc9ae78bd4b510c3770eefe1cfae2b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:c5:15:4a:b8:bf:1c:7a:a6:8d:ec:99:2b:be:
80:4f:b3:82:af:09:c5:d9:ce:22:f7:96:d3:e4:83:
99:3d:33:24:b0:8f:15:e1:11:b2:8c:92:58:5a:e9:
7d:6c:7f:b2:7f:a0:20:e2:0c:84:d4:f4:21:b4:b1:
17:8d:25:df:e7:0e:9b:8c:37:e0:4c:fd:ce:76:a3:
4e:20:98:c0:d4:e0:8d:eb:86:94:9c:43:9d:f7:92:
4b:f6:25:7b:ab:ed:41:f8:4d:45:6d:dc:be:eb:df:
88:8e:a2:b9:18:e1:b1:25:75:b7:85:c7:92:01:d3:
c1:e2:6f:a9:3c:30:40:44:de:04:5e:9b:67:d2:13:
05:5b:d1:73:dd:83:32:88:9f:c7:30:d2:63:84:ab:
2a:23:81:b0:c0:c5:48:3e:9e:fe:c1:46:64:60:a1:
8e:bd:a1:0f:08:cf:4c:36:2e:4e:53:ee:eb:b9:02:
c4:5d:78:cb:c5:85:c2:f4:f9:9a:5f:03:d8:52:2a:
6b:e6:50:a6:ae:da:ef:0a:a5:98:19:7d:77:2d:38:
3f:9b:d2:84:3b:72:f7:f2:15:b4:72:b3:9d:6b:51:
75:c3:5b:a4:19:6a:76:0c:f2:4a:34:24:5d:93:e0:
c3:dc:ee:32:67:1d:b4:77:6e:dc:17:48:65:b7:95:
17:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:29:79:56:39:CC:9A:E7:8B:D4:B5:10:C3:77:0E:EF:E1:CF:AE:2B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_Cl5VjnMmueL1LUQw3cO7-HPris.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.133.59.0/24
212.192.214.0/24
Signature Algorithm: sha256WithRSAEncryption
59:d8:d7:14:19:1d:90:30:2e:fe:e3:ca:a9:a8:df:16:9f:1f:
fa:78:02:f5:c4:07:82:1e:c3:65:eb:4d:77:62:40:bb:af:84:
a9:cc:fd:5e:fa:f7:12:6d:e3:be:04:b3:8a:41:8a:a9:82:f3:
96:e7:76:74:bf:f1:07:71:b2:7a:88:a1:1b:76:99:8d:fd:c7:
c0:24:43:5d:55:55:bf:97:3c:b1:60:52:2a:76:2f:51:05:6d:
14:7c:8b:96:91:ab:aa:19:16:2a:5e:4e:a7:18:ed:c0:f9:fd:
85:61:fd:3d:58:85:bc:4e:b2:24:89:ce:f0:01:be:c7:ce:5b:
bf:f9:dc:8d:15:78:f0:cf:39:39:4d:9d:8b:09:d2:fe:a7:e5:
b2:af:6c:d2:bc:16:63:3e:e8:4f:77:cd:14:75:d7:14:a8:f7:
b2:79:92:0e:d8:02:01:1c:ee:25:c3:16:e4:1f:b8:d6:72:8a:
97:73:f9:2e:5b:1f:cf:ed:fa:40:d7:47:55:c2:e5:7c:c7:53:
99:10:44:ba:6a:ea:76:ec:59:d0:07:72:11:fe:9e:57:cb:d7:
c8:cb:22:8b:87:b4:72:ee:71:24:f3:26:19:ee:d4:5d:0e:6e:
9f:b7:e4:df:d8:2d:74:4a:33:06:58:e9:04:de:53:ec:33:4f:
d1:8b:9a:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZODI+6pek3sATqiDeqGMuq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjAxMTY1MzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzI5Nzk1NjM5Y2M5YWU3OGJkNGI1MTBjMzc3MGVlZmUxY2ZhZTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsUVSri/HHqmjeyZK76AT7OCrwnF
2c4i95bT5IOZPTMksI8V4RGyjJJYWul9bH+yf6Ag4gyE1PQhtLEXjSXf5w6bjDfg
TP3OdqNOIJjA1OCN64aUnEOd95JL9iV7q+1B+E1Fbdy+69+IjqK5GOGxJXW3hceS
AdPB4m+pPDBARN4EXptn0hMFW9Fz3YMyiJ/HMNJjhKsqI4GwwMVIPp7+wUZkYKGO
vaEPCM9MNi5OU+7ruQLEXXjLxYXC9PmaXwPYUipr5lCmrtrvCqWYGX13LTg/m9KE
O3L38hW0crOda1F1w1ukGWp2DPJKNCRdk+DD3O4yZx20d27cF0hlt5UXRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPwpeVY5zJrni9S1EMN3Du/hz64rMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvX0NsNVZqbk1tdWVMMUxVUXczY083LUhQcmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4U7AwQA
1MDWMA0GCSqGSIb3DQEBCwUAA4IBAQBZ2NcUGR2QMC7+48qpqN8Wnx/6eAL1xAeC
HsNl6013YkC7r4SpzP1e+vcSbeO+BLOKQYqpgvOW53Z0v/EHcbJ6iKEbdpmN/cfA
JENdVVW/lzyxYFIqdi9RBW0UfIuWkauqGRYqXk6nGO3A+f2FYf09WIW8TrIkic7w
Ab7Hzlu/+dyNFXjwzzk5TZ2LCdL+p+Wyr2zSvBZjPuhPd80UddcUqPeyeZIO2AIB
HO4lwxbkH7jWcoqXc/kuWx/P7fpA10dVwuV8x1OZEES6aup27FnQB3IR/p5Xy9fI
yyKLh7Ry7nEk8yYZ7tRdDm6ft+Tf2C10SjMGWOkE3lPsM0/Ri5q5
-----END CERTIFICATE-----
Generated at Sun Jun 8 22:12:25 2025 by rpki-client