Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dO0laUcHftdfOxUM78T-nptU-3s.roa
File: dO0laUcHftdfOxUM78T-nptU-3s.roa (raw, json)
Hash identifier: ZhXqKHct3NT5Im3Ave8l1bXXCJp2TZDc++x3I/VbsnM=
Subject key identifier: 74:ED:25:69:47:07:7E:D7:5F:3B:15:0C:EF:C4:FE:9E:9B:54:FB:7B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01944C0BA6033C0C43FEE615EA55088DA2C2
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dO0laUcHftdfOxUM78T-nptU-3s.roa
Signing time: Thu 09 Jan 2025 17:10:19 +0000
ROA not before: Thu 09 Jan 2025 17:10:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.73.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:4c:0b:a6:03:3c:0c:43:fe:e6:15:ea:55:08:8d:a2:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 9 17:10:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=74ed256947077ed75f3b150cefc4fe9e9b54fb7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:d5:fe:43:38:0c:91:93:92:18:1b:c1:72:1f:
0a:38:ee:73:dd:8e:8e:0c:1a:ba:d6:72:9a:c3:40:
77:bc:91:ed:af:7d:f3:15:94:00:e7:f2:1c:c8:5e:
43:79:4b:48:a7:43:d9:ca:28:5c:44:0f:22:dd:50:
9d:1e:26:90:85:0d:51:c1:85:e4:5e:b4:33:e5:9b:
3b:25:48:c1:ce:09:9b:52:84:5d:77:c3:5e:83:8a:
76:a6:d6:3a:c7:29:90:11:da:8a:66:47:78:41:7c:
31:4a:62:25:64:ae:04:d6:6e:5d:92:29:6d:9a:07:
53:28:c5:53:40:db:9b:24:d1:25:1c:9c:01:54:8a:
76:fb:0f:0d:d4:8b:ff:80:ef:92:2a:b9:af:4b:fa:
6e:f2:83:5f:4f:37:4f:64:86:2f:48:cf:53:db:18:
33:d2:7d:86:d7:ea:97:5f:e3:06:4d:9b:f6:19:16:
ea:48:8c:f5:3b:f0:2b:84:ad:29:94:a5:9e:08:ca:
40:a5:85:55:4d:54:56:c6:66:ba:95:bd:1c:fb:03:
9e:b2:e8:82:8b:42:6b:06:47:b9:70:25:f7:63:ff:
bb:14:c2:72:6a:ed:06:09:56:f0:27:8a:53:1a:8d:
42:45:af:10:a7:87:f6:e7:13:ec:d2:e1:8d:ac:d6:
03:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:ED:25:69:47:07:7E:D7:5F:3B:15:0C:EF:C4:FE:9E:9B:54:FB:7B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dO0laUcHftdfOxUM78T-nptU-3s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.58.155.0/24
194.85.251.0/24
194.87.73.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
74:44:23:a1:22:bf:a3:51:9a:1b:a3:75:88:a4:56:13:b6:94:
c4:51:e9:fb:25:e8:39:49:07:46:c6:f0:84:08:71:c5:d7:1a:
94:52:e5:d6:7e:90:7c:2e:a5:ed:32:2c:1e:1c:fb:37:23:0d:
98:02:4d:e4:ad:82:8f:9b:53:2a:f7:8f:9b:e4:6e:8f:90:1b:
66:48:1b:f4:c4:43:fa:6d:78:7b:fe:1a:41:08:c6:50:ac:f7:
20:0a:3d:3a:73:e6:e3:b0:75:58:ba:77:08:f6:03:af:74:df:
f5:d5:2e:33:2e:18:f7:4d:bd:70:17:77:74:0f:5c:7f:63:16:
f5:75:5a:f7:17:ad:99:62:7d:6c:c1:5e:0e:8e:72:12:a3:d3:
7c:50:d1:39:b5:e8:ba:e7:8c:5a:46:65:fa:b3:b0:45:a2:c8:
8e:a1:3f:8e:e9:d0:d2:7d:0b:92:6c:a4:c7:c5:5d:48:5b:0b:
4b:43:c8:81:d0:2f:36:d4:dc:9b:12:af:ab:0c:69:3e:37:bf:
ae:47:18:be:db:d9:3d:0f:15:ed:bc:4f:be:72:6b:c4:cb:d2:
0c:a5:21:22:23:c4:cf:f3:ea:ef:f3:04:ad:02:cd:28:ec:56:
da:4e:49:21:76:c5:00:c3:61:02:58:7b:9a:77:0b:9e:0d:2a:
2d:2b:b2:43
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAZRMC6YDPAxD/uYV6lUIjaLCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTA5MTcxMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVkMjU2OTQ3MDc3ZWQ3NWYzYjE1MGNlZmM0ZmU5ZTliNTRmYjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9X+QzgMkZOSGBvBch8KOO5z3Y6O
DBq61nKaw0B3vJHtr33zFZQA5/IcyF5DeUtIp0PZyihcRA8i3VCdHiaQhQ1RwYXk
XrQz5Zs7JUjBzgmbUoRdd8Neg4p2ptY6xymQEdqKZkd4QXwxSmIlZK4E1m5dkilt
mgdTKMVTQNubJNElHJwBVIp2+w8N1Iv/gO+SKrmvS/pu8oNfTzdPZIYvSM9T2xgz
0n2G1+qXX+MGTZv2GRbqSIz1O/ArhK0plKWeCMpApYVVTVRWxma6lb0c+wOesuiC
i0JrBke5cCX3Y/+7FMJyau0GCVbwJ4pTGo1CRa8Qp4f25xPs0uGNrNYDrQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFHTtJWlHB37XXzsVDO/E/p6bVPt7MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZE8wbGFVY0hmdGRmT3hVTTc4VC1ucHRVLTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBOBAIAATBIAwQAwjqbAwQA
wlX7AwQAwldJAwQAwlepAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQBw4UyAwQA
w4U7AwQBw4VcAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0B
AQsFAAOCAQEAdEQjoSK/o1GaG6N1iKRWE7aUxFHp+yXoOUkHRsbwhAhxxdcalFLl
1n6QfC6l7TIsHhz7NyMNmAJN5K2Cj5tTKvePm+Ruj5AbZkgb9MRD+m14e/4aQQjG
UKz3IAo9OnPm47B1WLp3CPYDr3Tf9dUuMy4Y9029cBd3dA9cf2MW9XVa9xetmWJ9
bMFeDo5yEqPTfFDRObXouueMWkZl+rOwRaLIjqE/junQ0n0Lkmykx8VdSFsLS0PI
gdAvNtTcmxKvqwxpPje/rkcYvtvZPQ8V7bxPvnJrxMvSDKUhIiPEz/Pq7/MErQLN
KOxW2k5JIXbFAMNhAlh7mncLng0qLSuyQw==
-----END CERTIFICATE-----
Generated at Sat Apr 19 17:17:16 2025 by rpki-client