Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fG6BYcTwrNyZ-8W2yNCDug7YS28.roa
File: fG6BYcTwrNyZ-8W2yNCDug7YS28.roa (raw, json)
Hash identifier: zpiqp1H/wCfeRK/uPOnC3ksg5nAJ017yGWXBA0nMuMM=
Subject key identifier: 7C:6E:81:61:C4:F0:AC:DC:99:FB:C5:B6:C8:D0:83:BA:0E:D8:4B:6F
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018AFA440CFD136EBEFE50CDCAABDD48555E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fG6BYcTwrNyZ-8W2yNCDug7YS28.roa
Signing time: Wed 04 Oct 2023 10:37:58 +0000
ROA not before: Wed 04 Oct 2023 10:37:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211256
IP address blocks: 194.58.44.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fa:44:0c:fd:13:6e:be:fe:50:cd:ca:ab:dd:48:55:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Oct 4 10:37:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7c6e8161c4f0acdc99fbc5b6c8d083ba0ed84b6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:de:31:9d:14:67:c3:e3:92:c4:e9:c5:64:0d:
49:be:0b:9c:c1:6e:78:c5:f3:19:ff:9e:71:d1:7b:
57:57:73:ae:c6:b9:01:a3:64:a4:36:ad:d6:fb:fd:
98:82:7e:15:09:6b:4e:ce:e1:92:0e:3e:41:7c:d2:
54:ca:7b:35:84:54:5e:e5:bc:46:b3:59:fe:55:d4:
ff:b9:41:04:1c:7d:92:6d:c1:cf:fe:2c:31:d8:0e:
97:4b:90:fa:b7:8e:71:aa:13:cb:74:63:ba:a4:b0:
42:49:86:a5:93:e9:0e:9c:fb:28:9e:29:24:86:92:
97:0b:b6:1c:f0:8e:e6:25:d5:89:cb:9f:09:c5:e1:
b3:42:aa:bf:43:32:ed:4f:0a:2e:31:ac:42:e7:41:
2a:6c:da:2b:80:44:d0:16:51:80:23:1c:6b:d9:cb:
da:5a:29:b5:c1:0b:2d:6e:59:4e:cf:ca:28:16:db:
31:91:07:37:f6:7f:ba:04:ea:49:47:cf:4a:e7:2f:
0c:77:42:11:c8:21:29:6b:38:d0:49:67:5a:c2:fe:
2c:a3:7b:99:57:c0:85:0d:3a:e2:41:ce:32:2c:65:
14:88:35:0f:e9:eb:85:fd:9b:d1:e8:b5:02:fe:17:
f2:d1:91:59:19:d9:08:05:ff:ca:01:55:7b:31:3c:
b9:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:6E:81:61:C4:F0:AC:DC:99:FB:C5:B6:C8:D0:83:BA:0E:D8:4B:6F
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fG6BYcTwrNyZ-8W2yNCDug7YS28.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.58.44.0/24
Signature Algorithm: sha256WithRSAEncryption
66:9d:2a:50:51:bd:8d:7b:6a:c0:9e:b1:3c:d8:9e:56:61:b8:
e1:c5:4b:9a:ee:31:85:61:9c:29:f4:c5:e0:f7:bb:d0:68:4c:
79:23:5a:2f:1f:e5:a9:f0:6f:47:18:59:d5:42:84:1a:2b:3a:
6e:fd:1f:f8:6e:62:50:9b:07:0d:03:94:4e:bd:e8:e6:66:fc:
aa:d3:7a:e3:4a:ba:c9:ae:87:59:1f:33:ef:a7:52:ed:9f:af:
97:18:7d:b6:41:c6:b5:76:a2:7e:68:55:f3:51:ea:d5:a1:60:
ff:50:97:2f:f4:fc:2d:f2:9e:94:49:eb:99:03:bb:c6:f0:2e:
14:65:de:bf:5e:e4:5a:78:2c:3d:94:ed:f7:98:87:4d:86:b7:
a6:19:d3:a4:88:b8:31:a7:f7:80:9f:f3:c6:94:12:09:21:be:
e8:04:30:5b:e2:73:1a:ec:77:53:dc:a9:69:b4:fb:5b:f4:5d:
6d:89:fb:59:81:74:be:57:fb:ec:62:9f:4c:0d:dc:18:4a:b0:
b2:9b:15:e6:4d:8d:12:73:e8:cf:09:39:99:15:31:d0:8a:3e:
cd:1d:2f:aa:34:dd:a4:94:2d:80:4c:68:5a:3a:13:51:30:da:
0b:5f:79:5a:f6:89:32:31:68:c0:b8:99:d2:19:88:d5:55:5e:
b1:8a:1e:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYr6RAz9E26+/lDNyqvdSFVeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMDA0MTAzNzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzZlODE2MWM0ZjBhY2RjOTlmYmM1YjZjOGQwODNiYTBlZDg0YjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsN4xnRRnw+OSxOnFZA1JvgucwW54
xfMZ/55x0XtXV3OuxrkBo2SkNq3W+/2Ygn4VCWtOzuGSDj5BfNJUyns1hFRe5bxG
s1n+VdT/uUEEHH2SbcHP/iwx2A6XS5D6t45xqhPLdGO6pLBCSYalk+kOnPsonikk
hpKXC7Yc8I7mJdWJy58JxeGzQqq/QzLtTwouMaxC50EqbNorgETQFlGAIxxr2cva
Wim1wQstbllOz8ooFtsxkQc39n+6BOpJR89K5y8Md0IRyCEpazjQSWdawv4so3uZ
V8CFDTriQc4yLGUUiDUP6euF/ZvR6LUC/hfy0ZFZGdkIBf/KAVV7MTy5yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxugWHE8KzcmfvFtsjQg7oO2EtvMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZkc2QlljVHdyTnlaLThXMnlOQ0R1ZzdZUzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjosMA0G
CSqGSIb3DQEBCwUAA4IBAQBmnSpQUb2Ne2rAnrE82J5WYbjhxUua7jGFYZwp9MXg
97vQaEx5I1ovH+Wp8G9HGFnVQoQaKzpu/R/4bmJQmwcNA5ROvejmZvyq03rjSrrJ
rodZHzPvp1Ltn6+XGH22Qca1dqJ+aFXzUerVoWD/UJcv9Pwt8p6USeuZA7vG8C4U
Zd6/XuRaeCw9lO33mIdNhremGdOkiLgxp/eAn/PGlBIJIb7oBDBb4nMa7HdT3Klp
tPtb9F1tiftZgXS+V/vsYp9MDdwYSrCymxXmTY0Sc+jPCTmZFTHQij7NHS+qNN2k
lC2ATGhaOhNRMNoLX3la9okyMWjAuJnSGYjVVV6xih6Z
-----END CERTIFICATE-----
Generated at Sat Apr 19 11:23:29 2025 by rpki-client