Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fm0HSyS-PG1BAC2w2_5HKHh77gQ.roa
File: fm0HSyS-PG1BAC2w2_5HKHh77gQ.roa (raw, json)
Hash identifier: 25p7g7gC86l/dle4gnR6c2h3HOo1xKRZYIiF70pm8E8=
Subject key identifier: 7E:6D:07:4B:24:BE:3C:6D:41:00:2D:B0:DB:FE:47:28:78:7B:EE:04
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01943BEE4810EAD6C9E7FF53D3CC3BC6E1A2
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fm0HSyS-PG1BAC2w2_5HKHh77gQ.roa
Signing time: Mon 06 Jan 2025 14:04:19 +0000
ROA not before: Mon 06 Jan 2025 14:04:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 193.124.224.0/23 maxlen: 23
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.192.214.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:3b:ee:48:10:ea:d6:c9:e7:ff:53:d3:cc:3b:c6:e1:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 6 14:04:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7e6d074b24be3c6d41002db0dbfe4728787bee04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:08:91:b5:4a:74:88:db:4c:04:4a:99:c7:17:
64:b3:60:f3:45:24:83:52:e8:05:e7:fa:31:a1:2c:
9c:de:a5:bd:f8:b3:ed:f0:a3:5b:88:dc:32:f6:ba:
11:db:76:2e:8d:9d:14:4f:90:f2:31:e2:25:ee:84:
44:36:33:c1:92:8a:3f:8d:56:47:d3:b5:9f:69:5c:
c7:d0:e0:fd:40:39:dc:ba:bb:7b:9d:ea:32:62:4c:
1a:bd:f9:1f:bb:e5:ce:d1:0d:e0:94:83:56:76:7e:
53:22:69:64:60:50:d5:3e:c4:19:99:d3:1a:de:9e:
7d:e8:40:20:18:4a:a5:2f:66:80:93:d3:4c:ea:47:
6b:73:c3:44:2b:f3:1f:7a:bc:c6:93:45:48:ad:ff:
4d:8f:ff:0f:09:6e:40:d3:16:59:43:4b:fd:89:10:
89:6b:cd:c4:e1:b1:57:3a:f7:69:a9:4a:ac:ae:bd:
4c:ee:c0:c7:78:2d:68:05:f8:13:7f:22:ec:b8:09:
c0:ae:01:c9:fd:5a:eb:3c:d5:5a:7f:3c:84:a5:c4:
c0:a2:4a:24:83:aa:5d:b3:ce:a9:6c:50:f9:a8:a3:
c7:33:dd:fd:7c:21:2e:65:71:e5:c7:96:5e:df:ea:
34:aa:a5:2a:78:2f:50:e1:8a:3f:39:3b:0a:f9:1c:
fc:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:6D:07:4B:24:BE:3C:6D:41:00:2D:B0:DB:FE:47:28:78:7B:EE:04
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fm0HSyS-PG1BAC2w2_5HKHh77gQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.224.0/23
194.58.155.0/24
194.85.251.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
194.135.46.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.192.214.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
67:5b:93:2e:1d:4b:56:54:b0:a6:6e:2e:84:f3:c9:66:7d:71:
5d:8f:9f:79:12:8d:3a:c6:2f:ce:6b:96:07:f7:6a:59:4d:9a:
66:d4:fa:cd:e3:a1:b8:3d:5b:6d:ee:04:9e:68:48:84:99:1a:
a2:87:83:23:3b:ac:94:52:af:5f:e9:cf:e7:98:ba:95:55:3f:
5c:5c:1f:f7:07:e0:ef:4a:ed:2b:16:d2:d6:2f:7e:a4:82:73:
da:71:77:73:7b:bf:5c:5f:2b:74:7e:cb:a9:ec:a2:5c:16:1e:
22:80:0c:ca:cd:c6:d5:09:64:13:a5:4c:89:71:1b:7a:63:e9:
a0:6e:b6:11:8a:2a:58:c3:b3:75:45:66:e8:c6:23:19:93:a5:
7a:24:e1:4d:bf:1f:46:21:58:67:7a:84:30:43:85:be:41:8e:
1a:33:18:ea:f0:c1:9f:2d:39:83:65:19:7e:9b:5d:61:0a:8e:
e9:ba:72:46:d6:88:ec:5f:a9:9a:a7:ac:30:f7:25:27:4d:06:
7d:dc:9b:58:b3:73:5d:bd:87:ea:92:ef:d1:83:2e:06:1f:0f:
d8:04:9a:13:75:fe:b4:52:8c:5b:b6:32:05:a6:3f:6a:79:5f:
95:90:9d:93:99:0c:a6:5b:92:f7:c3:cd:95:1f:33:9c:9d:6b:
7f:7c:14:e7
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAZQ77kgQ6tbJ5/9T08w7xuGiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTA2MTQwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTZkMDc0YjI0YmUzYzZkNDEwMDJkYjBkYmZlNDcyODc4N2JlZTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAiRtUp0iNtMBEqZxxdks2DzRSSD
UugF5/oxoSyc3qW9+LPt8KNbiNwy9roR23YujZ0UT5DyMeIl7oRENjPBkoo/jVZH
07WfaVzH0OD9QDncurt7neoyYkwavfkfu+XO0Q3glINWdn5TImlkYFDVPsQZmdMa
3p596EAgGEqlL2aAk9NM6kdrc8NEK/MferzGk0VIrf9Nj/8PCW5A0xZZQ0v9iRCJ
a83E4bFXOvdpqUqsrr1M7sDHeC1oBfgTfyLsuAnArgHJ/VrrPNVafzyEpcTAokok
g6pds86pbFD5qKPHM939fCEuZXHlx5Ze3+o0qqUqeC9Q4Yo/OTsK+Rz8zwIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFH5tB0skvjxtQQAtsNv+Ryh4e+4EMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZm0wSFN5Uy1QRzFCQUMydzJfNUhLSGg3N2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwWgQCAAEwVAMEAcF84AME
AMI6mwMEAMJV+wMEAMJXqQMEAMJX4AMEAMKHIQMEAMKHLgMEAcOFGAMEAcOFKAME
AcOFMgMEAMOFOwMEAcOFXAMEANTA1gMEAdTBGjAUBAIAAjAOAwUDKgFXwAMFAyoM
/0AwDQYJKoZIhvcNAQELBQADggEBAGdbky4dS1ZUsKZuLoTzyWZ9cV2Pn3kSjTrG
L85rlgf3allNmmbU+s3jobg9W23uBJ5oSISZGqKHgyM7rJRSr1/pz+eYupVVP1xc
H/cH4O9K7SsW0tYvfqSCc9pxd3N7v1xfK3R+y6nsolwWHiKADMrNxtUJZBOlTIlx
G3pj6aButhGKKljDs3VFZujGIxmTpXok4U2/H0YhWGd6hDBDhb5BjhozGOrwwZ8t
OYNlGX6bXWEKjum6ckbWiOxfqZqnrDD3JSdNBn3cm1izc129h+qS79GDLgYfD9gE
mhN1/rRSjFu2MgWmP2p5X5WQnZOZDKZbkvfDzZUfM5yda398FOc=
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:32:27 2025 by rpki-client