Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/icipOR_cHmkmIDURtDz9nT-tWLw.roa
File: icipOR_cHmkmIDURtDz9nT-tWLw.roa (raw, json)
Hash identifier: zmH3a7cbF90cUawFTpAEUNBQ2Q4le8xezAl5AwaAnz8=
Subject key identifier: 89:C8:A9:39:1F:DC:1E:69:26:20:35:11:B4:3C:FD:9D:3F:AD:58:BC
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824FCF581F287707A40A61935868695
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/icipOR_cHmkmIDURtDz9nT-tWLw.roa
Signing time: Thu 02 Jan 2025 17:51:40 +0000
ROA not before: Thu 02 Jan 2025 17:51:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201671
IP address blocks: 194.58.33.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:fc:f5:81:f2:87:70:7a:40:a6:19:35:86:86:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89c8a9391fdc1e6926203511b43cfd9d3fad58bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:90:63:9a:e7:d1:79:29:9f:b0:41:51:0a:79:
c0:f7:fb:22:7b:c4:3c:76:5a:34:b8:b5:18:96:7a:
d2:bf:f2:c8:40:4c:e9:db:a7:cf:33:4c:27:dd:c0:
0c:ac:12:f3:3a:ab:15:e8:0f:04:0a:40:2b:8e:94:
72:45:10:e2:7c:8b:55:e5:c6:81:7e:d7:01:bc:26:
c5:b7:1b:d8:e5:86:dd:91:49:57:62:7d:bb:77:9f:
4b:a7:bd:d3:8c:9a:bc:82:5f:a1:ce:c7:a5:a6:dd:
9b:64:77:d9:7c:ad:da:4b:01:12:b2:ad:2b:c5:ed:
82:4f:8a:16:cc:ad:c0:c7:b7:76:e0:d5:a6:b5:7a:
29:2b:62:2d:37:f5:48:ba:9f:0b:9d:57:d3:b4:77:
be:cc:2e:5b:3a:07:f5:74:7d:18:ed:ce:32:e7:a0:
2d:d9:7a:00:ec:f3:a3:30:71:d3:ad:75:01:98:89:
80:9c:33:a3:1b:2c:8c:e4:6f:f8:a3:e5:b1:f1:7d:
4b:e4:eb:d9:31:c3:11:80:4b:2e:f8:be:28:9d:57:
5f:93:40:05:6b:61:e2:7f:24:ad:13:59:52:94:4e:
da:29:1a:83:47:b9:75:8f:57:e4:81:4d:f1:f7:7e:
8e:3c:fb:91:85:ed:e6:ab:b9:10:15:62:be:21:fa:
74:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:C8:A9:39:1F:DC:1E:69:26:20:35:11:B4:3C:FD:9D:3F:AD:58:BC
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/icipOR_cHmkmIDURtDz9nT-tWLw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.58.33.0/24
Signature Algorithm: sha256WithRSAEncryption
53:35:29:79:20:93:a8:c3:20:d6:2b:13:c7:5d:2b:0c:74:b0:
ca:23:d2:7d:60:80:37:fa:f3:b0:72:d9:fb:cd:9d:c2:27:e2:
63:23:88:88:91:3a:1f:b1:67:27:c8:8e:d4:20:ac:e2:0a:46:
aa:0c:b7:ba:a0:7e:59:29:c4:f9:88:4e:c7:70:79:5d:fe:72:
80:c0:00:c8:94:e9:93:02:94:50:cd:34:bd:16:a3:94:b0:fd:
d9:57:00:8b:a9:16:86:f7:78:e2:f4:f8:2f:3b:11:16:e2:6d:
c4:03:b7:e7:56:f0:be:fa:57:a9:7e:38:db:43:82:e5:87:0b:
e1:d7:be:00:3b:c7:26:e2:31:3e:d3:0c:d7:d3:8d:c4:b8:92:
e0:95:3d:4c:4c:93:30:61:9e:c1:b6:69:7e:c4:03:dc:56:40:
a0:6b:e9:e6:1a:c0:0b:ef:d0:6c:66:48:bb:e4:de:b1:67:2d:
2b:bd:c1:ab:bf:13:75:f4:72:b8:32:52:a2:83:50:0b:7b:6c:
67:1a:fb:52:e5:ab:45:60:69:1e:71:b4:a8:71:0c:55:4e:13:
61:35:48:c3:48:2e:2c:57:2c:ce:26:14:43:c7:1a:ac:70:70:
9f:b3:f8:62:cc:aa:ef:e3:6a:15:b5:c7:f0:ca:fd:55:65:7b:
db:c9:20:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJPz1gfKHcHpAphk1hoaVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWM4YTkzOTFmZGMxZTY5MjYyMDM1MTFiNDNjZmQ5ZDNmYWQ1OGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZBjmufReSmfsEFRCnnA9/sie8Q8
dlo0uLUYlnrSv/LIQEzp26fPM0wn3cAMrBLzOqsV6A8ECkArjpRyRRDifItV5caB
ftcBvCbFtxvY5YbdkUlXYn27d59Lp73TjJq8gl+hzselpt2bZHfZfK3aSwESsq0r
xe2CT4oWzK3Ax7d24NWmtXopK2ItN/VIup8LnVfTtHe+zC5bOgf1dH0Y7c4y56At
2XoA7POjMHHTrXUBmImAnDOjGyyM5G/4o+Wx8X1L5OvZMcMRgEsu+L4onVdfk0AF
a2HifyStE1lSlE7aKRqDR7l1j1fkgU3x936OPPuRhe3mq7kQFWK+Ifp09wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInIqTkf3B5pJiA1EbQ8/Z0/rVi8MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaWNpcE9SX2NIbWttSURVUnREejluVC10V0x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjohMA0G
CSqGSIb3DQEBCwUAA4IBAQBTNSl5IJOowyDWKxPHXSsMdLDKI9J9YIA3+vOwctn7
zZ3CJ+JjI4iIkTofsWcnyI7UIKziCkaqDLe6oH5ZKcT5iE7HcHld/nKAwADIlOmT
ApRQzTS9FqOUsP3ZVwCLqRaG93ji9PgvOxEW4m3EA7fnVvC++lepfjjbQ4Llhwvh
174AO8cm4jE+0wzX043EuJLglT1MTJMwYZ7Btml+xAPcVkCga+nmGsAL79BsZki7
5N6xZy0rvcGrvxN19HK4MlKig1ALe2xnGvtS5atFYGkecbSocQxVThNhNUjDSC4s
VyzOJhRDxxqscHCfs/hizKrv42oVtcfwyv1VZXvbySBH
-----END CERTIFICATE-----
Generated at Sun Jun 8 12:52:36 2025 by rpki-client