Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dc33zxLcHTS4NFHfI1CxAwZNxEE.roa
File: dc33zxLcHTS4NFHfI1CxAwZNxEE.roa (raw, json)
Hash identifier: UIDdxGfS2YFr02atjPFIUwgMSmoqSl5ghUiGnfUiOhI=
Subject key identifier: 75:CD:F7:CF:12:DC:1D:34:B8:34:51:DF:23:50:B1:03:06:4D:C4:41
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01937DF63FC78636D460B7957C6F94403825
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dc33zxLcHTS4NFHfI1CxAwZNxEE.roa
Signing time: Sat 30 Nov 2024 16:45:10 +0000
ROA not before: Sat 30 Nov 2024 16:45:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 214172
IP address blocks: 212.192.4.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:7d:f6:3f:c7:86:36:d4:60:b7:95:7c:6f:94:40:38:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Nov 30 16:45:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=75cdf7cf12dc1d34b83451df2350b103064dc441
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:71:05:75:68:2d:8f:b0:11:fb:9f:43:c3:9a:
be:19:c5:55:45:f6:8b:00:c7:7e:f5:62:2f:0a:db:
d4:7e:ef:c9:8e:1b:3c:4e:08:74:99:0d:5c:67:c7:
e1:36:46:00:92:84:5b:f8:a5:32:c5:ef:5e:06:66:
da:a2:71:61:31:83:12:c4:15:e3:94:c5:46:6f:d2:
6d:ed:94:d8:63:24:65:f3:e8:db:4f:39:ef:33:ac:
71:aa:09:65:51:fa:81:03:ab:f7:06:92:12:e7:bc:
ee:8e:20:b4:ff:4e:8d:ec:3a:87:fd:bc:c3:2d:82:
06:88:53:d4:aa:5d:b9:36:3e:53:4f:89:84:ae:12:
dd:4a:7d:4a:70:e6:26:4f:1d:ff:81:48:50:ae:e1:
86:6c:15:a3:14:59:a3:4e:62:3b:82:a7:1a:4d:ca:
18:a0:e1:04:53:4a:05:91:93:fc:0b:28:9c:a4:52:
9c:b2:fa:be:18:90:de:3f:41:d2:74:0f:f1:37:d3:
e4:10:4a:05:00:6b:81:e9:0c:7b:f0:e8:0b:6d:1f:
e3:2d:3f:83:ab:a7:ef:9d:b2:c7:07:94:bf:c8:b1:
27:23:77:56:4f:0e:e6:67:61:91:94:e9:53:86:2f:
33:28:e4:aa:38:75:1e:d0:ff:6a:de:87:d7:17:97:
b9:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:CD:F7:CF:12:DC:1D:34:B8:34:51:DF:23:50:B1:03:06:4D:C4:41
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/dc33zxLcHTS4NFHfI1CxAwZNxEE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.192.4.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:86:e5:4c:ad:ef:a6:f9:25:65:07:69:87:2e:1e:ce:82:43:
37:6c:6d:f7:8b:dc:9e:d2:70:c6:00:f5:28:61:5e:65:e5:f3:
26:76:88:0e:1c:b4:1f:d7:2a:f2:07:ad:83:e3:9b:3b:ed:d0:
53:d2:27:f8:33:58:ca:c0:fb:f7:c7:e4:79:5e:f2:74:02:70:
1d:c7:7a:af:59:eb:13:02:6f:55:dc:85:45:8d:4c:28:0d:8a:
5a:c1:42:5c:95:20:b6:e3:37:ef:14:71:21:c3:26:f9:07:df:
57:48:a9:8c:eb:33:8f:1c:10:f8:40:06:75:a7:72:ba:85:37:
17:22:8b:ea:25:88:ea:26:93:ad:cc:57:4f:68:0b:10:c4:3d:
9d:4f:55:45:cf:b7:e7:60:cb:ce:2f:25:28:1c:27:39:c7:ec:
b0:c8:fb:e5:6d:3e:fe:5d:6c:ba:3e:c2:59:14:1d:33:5e:5b:
04:1f:ab:bf:cb:73:b4:37:75:11:8c:a1:a3:08:fa:f8:26:6d:
2a:89:16:c7:cd:2e:81:77:09:43:f6:6c:1d:47:3a:cc:45:fb:
c1:55:b3:79:17:01:6d:ca:f0:9e:6c:7b:a8:a6:5f:f1:4b:0a:
25:05:42:73:25:76:76:20:91:b8:49:80:1d:ff:7c:1a:78:d3:
cf:f5:c9:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZN99j/HhjbUYLeVfG+UQDglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMTMwMTY0NTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWNkZjdjZjEyZGMxZDM0YjgzNDUxZGYyMzUwYjEwMzA2NGRjNDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHEFdWgtj7AR+59Dw5q+GcVVRfaL
AMd+9WIvCtvUfu/Jjhs8Tgh0mQ1cZ8fhNkYAkoRb+KUyxe9eBmbaonFhMYMSxBXj
lMVGb9Jt7ZTYYyRl8+jbTznvM6xxqgllUfqBA6v3BpIS57zujiC0/06N7DqH/bzD
LYIGiFPUql25Nj5TT4mErhLdSn1KcOYmTx3/gUhQruGGbBWjFFmjTmI7gqcaTcoY
oOEEU0oFkZP8CyicpFKcsvq+GJDeP0HSdA/xN9PkEEoFAGuB6Qx78OgLbR/jLT+D
q6fvnbLHB5S/yLEnI3dWTw7mZ2GRlOlThi8zKOSqOHUe0P9q3ofXF5e5wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXN988S3B00uDRR3yNQsQMGTcRBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZGMzM3p4TGNIVFM0TkZIZkkxQ3hBd1pOeEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MAEMA0G
CSqGSIb3DQEBCwUAA4IBAQAahuVMre+m+SVlB2mHLh7OgkM3bG33i9ye0nDGAPUo
YV5l5fMmdogOHLQf1yryB62D45s77dBT0if4M1jKwPv3x+R5XvJ0AnAdx3qvWesT
Am9V3IVFjUwoDYpawUJclSC24zfvFHEhwyb5B99XSKmM6zOPHBD4QAZ1p3K6hTcX
IovqJYjqJpOtzFdPaAsQxD2dT1VFz7fnYMvOLyUoHCc5x+ywyPvlbT7+XWy6PsJZ
FB0zXlsEH6u/y3O0N3URjKGjCPr4Jm0qiRbHzS6BdwlD9mwdRzrMRfvBVbN5FwFt
yvCebHuopl/xSwolBUJzJXZ2IJG4SYAd/3waeNPP9cnv
-----END CERTIFICATE-----
Generated at Sat Apr 19 15:26:05 2025 by rpki-client