Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hx8Yv_U5nXGxlFi04GVt0NIo3YE.roa
File: hx8Yv_U5nXGxlFi04GVt0NIo3YE.roa (raw, json)
Hash identifier: vCb17fxA9GpH5eFKhom7yH+/0pTBVIPnUS5kNQMqv+k=
Subject key identifier: 87:1F:18:BF:F5:39:9D:71:B1:94:58:B4:E0:65:6D:D0:D2:28:DD:81
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01941C3CE0474166095E6888F961F6E60415
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hx8Yv_U5nXGxlFi04GVt0NIo3YE.roa
Signing time: Tue 31 Dec 2024 10:22:19 +0000
ROA not before: Tue 31 Dec 2024 10:22:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.224.0/23 maxlen: 23
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
195.133.92.0/23 maxlen: 23
212.192.214.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1c:3c:e0:47:41:66:09:5e:68:88:f9:61:f6:e6:04:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 31 10:22:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=871f18bff5399d71b19458b4e0656dd0d228dd81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:fa:4c:07:63:84:0e:ba:e7:4c:d8:d3:96:3b:
01:64:29:b5:1b:71:f7:6c:2d:34:9b:e3:06:43:5e:
68:d4:3b:95:82:94:83:13:80:e3:ce:eb:ba:81:c3:
2f:37:1e:64:65:10:8c:d5:df:b6:e4:fa:58:04:89:
07:2e:3b:eb:bc:7c:c0:c5:84:22:56:0c:be:2e:2b:
66:b5:14:96:04:34:2e:0a:86:66:ff:b3:21:9b:9b:
a8:6a:b3:1d:03:fd:3b:a3:55:81:b1:db:a0:ce:31:
db:b8:f0:60:da:0b:f8:a1:fe:ab:a0:d1:49:98:e3:
92:2c:44:6c:9c:ba:da:5a:f8:e3:b4:f5:72:cc:bc:
39:66:69:f3:39:e4:4f:59:aa:e7:c0:d9:4a:d6:24:
ce:1c:4f:98:c6:0b:70:8d:7f:61:db:7c:69:06:a7:
df:db:e2:0f:1b:3b:63:2f:07:4f:ed:65:b5:27:f8:
34:c1:86:64:06:81:d2:21:cf:5f:7f:1b:03:32:11:
c7:51:b8:b0:98:4d:7a:14:03:15:6a:e6:e6:b7:16:
f4:2d:7e:4b:d9:91:4c:3a:c7:aa:a3:59:99:3b:e3:
73:d1:e3:2c:08:da:bd:69:46:d9:8d:7f:61:cc:28:
07:5e:a8:16:4e:fb:71:f0:84:01:54:17:2d:d4:cf:
59:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:1F:18:BF:F5:39:9D:71:B1:94:58:B4:E0:65:6D:D0:D2:28:DD:81
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hx8Yv_U5nXGxlFi04GVt0NIo3YE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.224.0/23
194.58.155.0/24
194.85.251.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.40.0/23
195.133.50.0/23
195.133.59.0/24
195.133.92.0/23
212.192.214.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
23:86:4a:e1:09:6a:50:48:29:c2:e9:e1:d6:84:71:bc:d3:dc:
5b:d3:65:07:8e:82:0d:81:41:fc:2c:e4:57:26:a3:ab:05:5d:
30:6e:bc:a8:bf:57:09:44:5d:72:b2:f0:c3:0d:3e:6c:7c:4d:
02:af:28:bd:5e:bb:f7:7c:18:58:81:54:64:a4:cf:49:7d:7c:
9d:d2:53:84:aa:1a:0c:4b:82:d2:42:17:ab:e5:71:74:c1:6f:
b0:c6:1a:ae:8a:51:f7:98:91:6b:e8:d1:d0:34:bb:ba:ad:66:
cc:41:dd:17:a6:c6:1a:0c:e5:fa:36:2d:2a:6e:91:7e:77:00:
5b:17:93:76:d2:0c:47:51:d2:87:7f:c3:9a:c2:9e:25:e3:c1:
17:bb:02:aa:a4:38:77:77:69:cb:17:da:fe:47:d6:fe:28:5e:
df:c5:4e:2b:9e:43:fb:86:4e:5c:e6:ad:b0:79:81:19:d0:44:
b9:47:e0:9a:a8:0d:93:12:2f:74:7d:6a:5a:3a:01:b8:2e:72:
44:89:44:68:a4:53:8e:30:2f:bd:d8:2b:a6:a6:41:b9:fe:ff:
02:d0:58:57:df:ad:a8:e3:46:8a:9a:99:33:ac:f9:ee:dd:d0:
04:3a:c8:84:d4:a8:41:fc:a0:66:94:b5:4e:af:81:90:38:8e:
7e:29:13:c0
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAZQcPOBHQWYJXmiI+WH25gQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjMxMTAyMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzFmMThiZmY1Mzk5ZDcxYjE5NDU4YjRlMDY1NmRkMGQyMjhkZDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfpMB2OEDrrnTNjTljsBZCm1G3H3
bC00m+MGQ15o1DuVgpSDE4Djzuu6gcMvNx5kZRCM1d+25PpYBIkHLjvrvHzAxYQi
Vgy+LitmtRSWBDQuCoZm/7Mhm5uoarMdA/07o1WBsdugzjHbuPBg2gv4of6roNFJ
mOOSLERsnLraWvjjtPVyzLw5ZmnzOeRPWarnwNlK1iTOHE+YxgtwjX9h23xpBqff
2+IPGztjLwdP7WW1J/g0wYZkBoHSIc9ffxsDMhHHUbiwmE16FAMVaubmtxb0LX5L
2ZFMOseqo1mZO+Nz0eMsCNq9aUbZjX9hzCgHXqgWTvtx8IQBVBct1M9ZJQIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFIcfGL/1OZ1xsZRYtOBlbdDSKN2BMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaHg4WXZfVTVuWEd4bEZpMDRHVnQwTklvM1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQBwXzgAwQA
wjqbAwQAwlX7AwQAwlepAwQAwlfgAwQAwochAwQBw4UYAwQBw4UoAwQBw4UyAwQA
w4U7AwQBw4VcAwQA1MDWAwQB1MEaMBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkq
hkiG9w0BAQsFAAOCAQEAI4ZK4QlqUEgpwunh1oRxvNPcW9NlB46CDYFB/CzkVyaj
qwVdMG68qL9XCURdcrLwww0+bHxNAq8ovV6793wYWIFUZKTPSX18ndJThKoaDEuC
0kIXq+VxdMFvsMYaropR95iRa+jR0DS7uq1mzEHdF6bGGgzl+jYtKm6RfncAWxeT
dtIMR1HSh3/DmsKeJePBF7sCqqQ4d3dpyxfa/kfW/ihe38VOK55D+4ZOXOatsHmB
GdBEuUfgmqgNkxIvdH1qWjoBuC5yRIlEaKRTjjAvvdgrpqZBuf7/AtBYV9+tqONG
ipqZM6z57t3QBDrIhNSoQfygZpS1Tq+BkDiOfikTwA==
-----END CERTIFICATE-----
Generated at Mon Apr 21 05:40:48 2025 by rpki-client