Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cXnAniT-YHpiF4LT4CbiFKWJ-rA.roa
File: cXnAniT-YHpiF4LT4CbiFKWJ-rA.roa (raw, json)
Hash identifier: gpySMyytX7BTyzs9g2LjcnIN40J0NoSmYhtB8Sv5xUI=
Subject key identifier: 71:79:C0:9E:24:FE:60:7A:62:17:82:D3:E0:26:E2:14:A5:89:FA:B0
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019488E6FCA0E2199A9D58B6DE758024CED1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cXnAniT-YHpiF4LT4CbiFKWJ-rA.roa
Signing time: Tue 21 Jan 2025 12:47:06 +0000
ROA not before: Tue 21 Jan 2025 12:47:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.89.0/24 maxlen: 24
193.124.207.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:88:e6:fc:a0:e2:19:9a:9d:58:b6:de:75:80:24:ce:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 21 12:47:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7179c09e24fe607a621782d3e026e214a589fab0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:b1:78:50:84:13:f4:df:f9:aa:dc:ba:be:d0:
cc:a1:62:5c:4a:fa:4a:1b:47:01:36:19:51:e0:d8:
1c:93:97:14:54:80:62:e8:70:96:be:19:0a:c4:6f:
29:42:6e:da:2a:5b:92:62:08:ed:8d:02:38:1f:d6:
f5:34:e2:c9:ee:d6:c0:20:43:75:8e:1d:61:85:00:
07:14:60:c3:4e:45:d3:8e:f0:7c:c2:9e:36:f2:4e:
4a:a2:d4:48:5e:67:e5:0f:c8:d1:ac:6a:22:cf:15:
04:22:e7:1b:ea:46:9a:f3:23:fc:2f:71:7a:e3:28:
24:4e:90:60:0a:d2:43:dc:a6:0f:9f:5c:a7:8f:f7:
f3:97:e7:29:dc:bd:85:4e:86:23:3d:f8:84:87:87:
25:aa:29:8c:9f:12:6a:58:66:c4:0a:6d:5d:6f:f0:
66:bb:72:eb:f1:ee:7f:10:bf:5a:90:a8:27:e1:9d:
f9:b0:91:13:72:ba:d7:4f:1f:f1:de:a1:86:f1:f0:
dd:a2:91:29:29:c6:bd:2b:25:e9:88:93:a6:0a:6b:
e2:68:b7:44:1c:e2:d3:3e:b0:10:be:6e:87:52:07:
bb:42:cd:d3:f2:69:56:b5:43:37:d1:e7:04:3a:4a:
63:1e:7c:82:56:87:2d:44:12:83:c8:d9:98:3d:bc:
be:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:79:C0:9E:24:FE:60:7A:62:17:82:D3:E0:26:E2:14:A5:89:FA:B0
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cXnAniT-YHpiF4LT4CbiFKWJ-rA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.89.0/24
193.124.207.0/24
194.58.155.0/24
194.85.251.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
82:8a:62:e3:66:f3:1d:ea:d8:05:d3:e4:4a:ee:40:04:4a:ff:
ac:44:9d:3a:2a:ac:ad:41:ec:73:5c:60:61:9b:f6:3c:bf:0e:
29:ea:6f:67:36:2e:95:ed:4b:89:ef:6e:f5:45:32:2b:f5:69:
f6:01:51:0e:92:0e:c1:cf:02:3e:06:48:31:0a:19:3c:ac:c8:
6e:0a:34:ad:2a:6a:51:96:0c:63:9f:d9:3d:6a:66:a5:79:76:
6c:6e:1f:73:01:2b:53:18:78:e6:38:32:7b:43:70:32:72:af:
a7:e5:fb:5c:44:ed:96:47:d8:07:46:a4:13:df:eb:21:7d:82:
59:25:f0:6b:0c:ee:89:7d:d0:ef:ca:1b:53:64:f4:94:c1:cf:
64:3e:5d:7f:73:25:f4:1d:dd:a1:04:a9:e4:c2:51:0a:1d:47:
98:9e:c2:22:81:3b:ca:f0:3c:e0:c5:ee:df:0d:c6:2c:e2:6b:
a1:8b:46:ff:ff:71:b7:aa:6d:0d:61:36:0b:e7:5e:d3:f9:71:
33:1a:b3:11:07:86:ca:e9:3f:56:9b:4a:ef:5b:1b:c0:ab:00:
97:8e:52:f1:fd:11:28:be:31:6d:73:ed:19:6d:f9:bf:f3:65:
a6:51:0e:e0:59:5c:f4:be:33:8f:90:a3:a9:a4:5d:d8:53:ef:
5e:35:41:b6
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZSI5vyg4hmanVi23nWAJM7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTIxMTI0NzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTc5YzA5ZTI0ZmU2MDdhNjIxNzgyZDNlMDI2ZTIxNGE1ODlmYWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7F4UIQT9N/5qty6vtDMoWJcSvpK
G0cBNhlR4Ngck5cUVIBi6HCWvhkKxG8pQm7aKluSYgjtjQI4H9b1NOLJ7tbAIEN1
jh1hhQAHFGDDTkXTjvB8wp428k5KotRIXmflD8jRrGoizxUEIucb6kaa8yP8L3F6
4ygkTpBgCtJD3KYPn1ynj/fzl+cp3L2FToYjPfiEh4clqimMnxJqWGbECm1db/Bm
u3Lr8e5/EL9akKgn4Z35sJETcrrXTx/x3qGG8fDdopEpKca9KyXpiJOmCmviaLdE
HOLTPrAQvm6HUge7Qs3T8mlWtUM30ecEOkpjHnyCVoctRBKDyNmYPby+XwIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFHF5wJ4k/mB6YheC0+Am4hSlifqwMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvY1huQW5pVC1ZSHBpRjRMVDRDYmlGS1dKLXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQAwXxZAwQA
wXzPAwQAwjqbAwQAwlX7AwQAwlepAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQB
w4UyAwQAw4U7AwQBw4VcAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkq
hkiG9w0BAQsFAAOCAQEAgopi42bzHerYBdPkSu5ABEr/rESdOiqsrUHsc1xgYZv2
PL8OKepvZzYule1Lie9u9UUyK/Vp9gFRDpIOwc8CPgZIMQoZPKzIbgo0rSpqUZYM
Y5/ZPWpmpXl2bG4fcwErUxh45jgye0NwMnKvp+X7XETtlkfYB0akE9/rIX2CWSXw
awzuiX3Q78obU2T0lMHPZD5df3Ml9B3doQSp5MJRCh1HmJ7CIoE7yvA84MXu3w3G
LOJroYtG//9xt6ptDWE2C+de0/lxMxqzEQeGyuk/VptK71sbwKsAl45S8f0RKL4x
bXPtGW35v/NlplEO4Flc9L4zj5CjqaRd2FPvXjVBtg==
-----END CERTIFICATE-----
Generated at Sun Jun 8 12:41:59 2025 by rpki-client