Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cRUTgPJXVngypZfW0Pk_N1_36_Q.roa
File: cRUTgPJXVngypZfW0Pk_N1_36_Q.roa (raw, json)
Hash identifier: GIYDImbi0r5FzrtTW905iQ8SuVV3ZdNdVfMDFXQZ0Kk=
Subject key identifier: 71:15:13:80:F2:57:56:78:32:A5:97:D6:D0:F9:3F:37:5F:F7:EB:F4
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019428250BB58ABCFBF0E6F9D5A38BBB3547
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cRUTgPJXVngypZfW0Pk_N1_36_Q.roa
Signing time: Thu 02 Jan 2025 17:51:43 +0000
ROA not before: Thu 02 Jan 2025 17:51:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212027
IP address blocks: 212.192.213.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:0b:b5:8a:bc:fb:f0:e6:f9:d5:a3:8b:bb:35:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=71151380f257567832a597d6d0f93f375ff7ebf4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:d0:d3:6e:0e:22:4c:24:05:d0:35:a0:a0:e2:
72:e9:e7:3a:bf:67:5f:41:b1:89:d3:3d:1d:6c:de:
bc:06:9a:26:b4:b4:a9:da:dc:9b:75:4f:66:c0:ba:
69:4f:ac:e0:43:f0:98:23:85:50:05:fa:1f:a6:c1:
d5:c1:0c:64:36:e5:b2:cd:36:b3:9d:07:cf:67:1b:
4b:19:82:f7:8f:c7:16:0f:a8:5f:43:db:55:28:25:
b8:ea:e7:98:49:7f:70:1e:66:95:6f:6a:ac:7a:22:
6d:70:57:ce:96:3a:09:21:43:e0:a9:3f:c9:46:0a:
e8:41:9d:5d:46:48:2a:c1:8a:a7:69:6f:d9:75:7b:
e9:92:cc:dc:a3:e9:3c:3f:02:c5:29:c9:f6:f9:2a:
fa:1f:f5:52:b5:b4:47:6a:a0:9f:b5:5b:ed:18:c5:
72:52:ac:2b:0f:3c:30:0f:e5:cd:30:f9:5b:fb:6d:
69:f2:46:f5:6f:b4:a5:7c:7c:8d:3e:f7:2b:9a:4a:
35:ef:39:85:a9:ac:d0:65:d5:69:34:ad:60:2f:4b:
b0:56:3b:e0:53:95:e1:58:a0:4d:aa:7c:b4:29:d4:
82:f0:c6:48:fd:c7:4a:f5:67:45:a8:46:6e:07:1a:
6c:de:11:84:f3:0d:c2:f1:dc:92:1b:68:1c:99:46:
d0:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:15:13:80:F2:57:56:78:32:A5:97:D6:D0:F9:3F:37:5F:F7:EB:F4
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cRUTgPJXVngypZfW0Pk_N1_36_Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.192.213.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:78:0d:3a:71:f2:b6:f8:ea:97:27:47:ec:bc:79:16:85:1f:
bd:59:a8:2f:4b:db:e8:0f:de:e3:b4:a9:ad:03:72:17:7c:6e:
05:39:dd:1c:b4:4c:93:de:d4:ed:73:42:44:dc:c2:4f:06:6e:
1a:fa:92:98:72:61:9d:36:c5:0d:be:12:d1:15:7b:25:e7:40:
c9:f0:d7:8b:ef:e0:ba:c0:16:52:b5:2d:32:48:a9:70:03:f8:
f2:3e:d0:07:6f:8d:1b:2c:c0:74:fa:32:f4:83:4e:e0:f7:48:
f9:68:71:c0:a5:90:6e:76:6f:ed:16:7e:93:60:b1:32:ed:a5:
a8:e1:f2:f0:27:4a:c7:f2:57:55:42:c9:0e:0b:df:1c:73:03:
1f:53:ec:e8:ad:d4:a1:b1:20:56:db:89:e5:dd:c9:ac:02:e1:
a4:9d:c6:71:73:3f:60:77:e9:f0:6a:77:59:a3:d7:74:0a:c3:
20:3c:b4:1d:88:c0:0b:80:c2:f9:72:34:e6:bd:67:47:29:60:
ed:02:fe:15:fb:07:d0:0a:4b:55:c3:b2:f1:2f:29:e4:c2:37:
4f:f9:46:35:bc:cd:57:a3:45:bb:51:28:72:c2:c9:9b:45:e7:
75:79:27:66:5d:7d:50:91:2f:40:87:38:87:6f:f0:c8:92:c9:
01:5e:8a:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQu1irz78Ob51aOLuzVHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTE1MTM4MGYyNTc1Njc4MzJhNTk3ZDZkMGY5M2YzNzVmZjdlYmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodDTbg4iTCQF0DWgoOJy6ec6v2df
QbGJ0z0dbN68BpomtLSp2tybdU9mwLppT6zgQ/CYI4VQBfofpsHVwQxkNuWyzTaz
nQfPZxtLGYL3j8cWD6hfQ9tVKCW46ueYSX9wHmaVb2qseiJtcFfOljoJIUPgqT/J
RgroQZ1dRkgqwYqnaW/ZdXvpkszco+k8PwLFKcn2+Sr6H/VStbRHaqCftVvtGMVy
UqwrDzwwD+XNMPlb+21p8kb1b7SlfHyNPvcrmko17zmFqazQZdVpNK1gL0uwVjvg
U5XhWKBNqny0KdSC8MZI/cdK9WdFqEZuBxps3hGE8w3C8dySG2gcmUbQiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEVE4DyV1Z4MqWX1tD5Pzdf9+v0MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvY1JVVGdQSlhWbmd5cFpmVzBQa19OMV8zNl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDVMA0G
CSqGSIb3DQEBCwUAA4IBAQBNeA06cfK2+OqXJ0fsvHkWhR+9WagvS9voD97jtKmt
A3IXfG4FOd0ctEyT3tTtc0JE3MJPBm4a+pKYcmGdNsUNvhLRFXsl50DJ8NeL7+C6
wBZStS0ySKlwA/jyPtAHb40bLMB0+jL0g07g90j5aHHApZBudm/tFn6TYLEy7aWo
4fLwJ0rH8ldVQskOC98ccwMfU+zordShsSBW24nl3cmsAuGkncZxcz9gd+nwandZ
o9d0CsMgPLQdiMALgML5cjTmvWdHKWDtAv4V+wfQCktVw7LxLynkwjdP+UY1vM1X
o0W7UShywsmbRed1eSdmXX1QkS9AhziHb/DIkskBXooB
-----END CERTIFICATE-----
Generated at Fri Apr 18 20:18:32 2025 by rpki-client