Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hWCp_PvyFUIuBlGK_fCPrx865FQ.roa
File: hWCp_PvyFUIuBlGK_fCPrx865FQ.roa (raw, json)
Hash identifier: 2b0NHcsSwHP3J2GaEaV8I5xkKRyvnDfUrfSk6abpBss=
Subject key identifier: 85:60:A9:FC:FB:F2:15:42:2E:06:51:8A:FD:F0:8F:AF:1F:3A:E4:54
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01941C3CE121EDD9B8B9C47C12330692B10A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hWCp_PvyFUIuBlGK_fCPrx865FQ.roa
Signing time: Tue 31 Dec 2024 10:22:19 +0000
ROA not before: Tue 31 Dec 2024 10:22:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215224
IP address blocks: 193.124.227.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
212.192.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1c:3c:e1:21:ed:d9:b8:b9:c4:7c:12:33:06:92:b1:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 31 10:22:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8560a9fcfbf215422e06518afdf08faf1f3ae454
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:ee:c9:30:2d:58:d2:2c:b5:88:87:67:69:89:
48:6a:ac:29:32:b9:34:67:8a:e1:99:33:0b:c7:0a:
78:8b:c0:1f:f7:41:97:9b:80:8a:c7:45:fc:40:6b:
83:71:1e:ee:1c:7c:f5:41:0b:70:25:c5:eb:c9:d6:
f7:ee:1f:2b:4e:04:c1:2c:5b:51:0c:81:85:91:31:
0c:5c:dd:c1:c4:4d:04:74:2e:14:b1:5d:63:d9:69:
55:d8:de:d1:99:b6:6b:04:84:ae:13:71:6e:2a:b0:
c5:3d:20:90:80:5b:fe:5a:e4:3f:e0:95:58:35:20:
be:4c:17:90:09:3d:21:6c:d4:e7:69:56:24:c2:29:
bf:cd:e1:56:38:b9:27:70:32:3a:43:b3:f6:10:96:
0e:83:49:98:6e:97:9e:53:e6:6b:3f:df:b7:ef:18:
ae:49:a6:35:81:b5:03:31:db:23:13:44:61:cf:5c:
fb:fd:49:18:e6:1d:48:8d:df:5f:e1:a7:fa:67:c1:
31:4c:ae:3c:63:b8:b2:31:90:9e:e2:0c:3c:60:3c:
fb:e5:7e:a4:98:12:93:f9:ad:59:38:f6:8e:60:c0:
ab:5b:de:ec:b4:bd:86:e9:c5:04:16:dc:04:45:f3:
fb:37:0e:39:8e:20:db:96:51:6f:c3:fe:b3:9d:29:
6a:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:60:A9:FC:FB:F2:15:42:2E:06:51:8A:FD:F0:8F:AF:1F:3A:E4:54
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hWCp_PvyFUIuBlGK_fCPrx865FQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.87.53.0/24
194.135.46.0/24
195.133.55.0/24
212.192.247.0/24
Signature Algorithm: sha256WithRSAEncryption
59:7d:ea:ce:7d:8e:9f:b5:c7:49:e9:5a:07:de:5c:a5:76:0d:
f9:b1:9f:04:6a:4d:9e:b1:5f:b9:55:25:84:92:8b:9e:f7:b1:
da:53:89:df:4b:b4:2f:da:0a:2e:4d:e9:5f:d7:47:39:27:f8:
7b:e3:63:2d:88:ec:43:18:a3:cb:1a:fe:37:06:8f:23:ea:17:
6e:27:67:28:9c:4c:cb:8e:49:41:af:cf:4a:60:1a:2d:66:4e:
36:d3:4e:9d:a8:02:08:31:60:3e:fd:0f:61:4f:0f:fb:60:19:
0e:7d:04:3b:38:21:0a:7e:50:d5:35:67:44:04:17:49:02:d8:
7f:bd:10:a8:51:88:3f:f3:88:37:a4:9c:62:61:e5:76:49:4c:
28:f3:50:4a:5a:4d:8a:7a:ab:61:f8:c4:c9:a1:14:a4:5f:e0:
fc:c6:d4:5a:52:b2:95:96:58:8b:cc:1e:d6:8d:5d:a8:24:54:
85:f3:98:80:e9:ca:fd:df:7a:10:99:3f:ff:a7:4a:95:0b:a9:
f7:7d:a6:08:ea:4c:7a:3f:37:73:f1:3f:4f:87:23:84:4a:74:
5c:81:03:a3:4f:89:4a:f4:91:86:04:e7:e9:43:98:8e:f2:b8:
5f:e4:a3:8f:79:63:0b:69:64:24:d0:52:f4:78:77:a4:89:03:
3d:de:ff:78
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQcPOEh7dm4ucR8EjMGkrEKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjMxMTAyMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTYwYTlmY2ZiZjIxNTQyMmUwNjUxOGFmZGYwOGZhZjFmM2FlNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+7JMC1Y0iy1iIdnaYlIaqwpMrk0
Z4rhmTMLxwp4i8Af90GXm4CKx0X8QGuDcR7uHHz1QQtwJcXrydb37h8rTgTBLFtR
DIGFkTEMXN3BxE0EdC4UsV1j2WlV2N7RmbZrBISuE3FuKrDFPSCQgFv+WuQ/4JVY
NSC+TBeQCT0hbNTnaVYkwim/zeFWOLkncDI6Q7P2EJYOg0mYbpeeU+ZrP9+37xiu
SaY1gbUDMdsjE0Rhz1z7/UkY5h1Ijd9f4af6Z8ExTK48Y7iyMZCe4gw8YDz75X6k
mBKT+a1ZOPaOYMCrW97stL2G6cUEFtwERfP7Nw45jiDbllFvw/6znSlqbQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIVgqfz78hVCLgZRiv3wj68fOuRUMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaFdDcF9QdnlGVUl1QmxHS19mQ1ByeDg2NUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwXzjAwQA
wlc1AwQAwocuAwQAw4U3AwQA1MD3MA0GCSqGSIb3DQEBCwUAA4IBAQBZferOfY6f
tcdJ6VoH3lyldg35sZ8Eak2esV+5VSWEkoue97HaU4nfS7Qv2gouTelf10c5J/h7
42MtiOxDGKPLGv43Bo8j6hduJ2conEzLjklBr89KYBotZk42006dqAIIMWA+/Q9h
Tw/7YBkOfQQ7OCEKflDVNWdEBBdJAth/vRCoUYg/84g3pJxiYeV2SUwo81BKWk2K
eqth+MTJoRSkX+D8xtRaUrKVlliLzB7WjV2oJFSF85iA6cr933oQmT//p0qVC6n3
faYI6kx6Pzdz8T9PhyOESnRcgQOjT4lK9JGGBOfpQ5iO8rhf5KOPeWMLaWQk0FL0
eHekiQM93v94
-----END CERTIFICATE-----
Generated at Mon Jun 9 00:02:16 2025 by rpki-client