Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lJYsfWJ_uDej91vrfjQ6_W-BISk.roa
File: lJYsfWJ_uDej91vrfjQ6_W-BISk.roa (raw, json)
Hash identifier: YqK7N4l80ZEQw/SxGLWQrirglzkOvm6vXKIWCnTl1nc=
Subject key identifier: 94:96:2C:7D:62:7F:B8:37:A3:F7:5B:EB:7E:34:3A:FD:6F:81:21:29
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193880DDEF0144A2864F1DB1848431C1541
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lJYsfWJ_uDej91vrfjQ6_W-BISk.roa
Signing time: Mon 02 Dec 2024 15:47:10 +0000
ROA not before: Mon 02 Dec 2024 15:47:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215224
IP address blocks: 193.124.227.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:88:0d:de:f0:14:4a:28:64:f1:db:18:48:43:1c:15:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 2 15:47:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=94962c7d627fb837a3f75beb7e343afd6f812129
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:ad:b3:76:80:67:ef:86:d9:e9:66:58:96:9b:
c9:65:06:36:89:d7:c5:5c:cc:dc:ce:1a:e8:4b:f0:
36:b5:9e:9f:7d:dc:50:33:eb:ef:16:61:68:e7:f6:
a7:df:4e:69:8d:d6:ae:6f:e2:dc:9f:79:9f:c3:30:
04:23:c1:91:15:3e:b7:8d:d3:a7:2f:d0:db:25:83:
08:5c:44:ca:cc:19:a6:c2:34:38:1b:ad:a3:bb:40:
70:48:d2:7a:59:d3:55:fc:2c:ec:81:9a:bf:56:25:
d4:af:b8:81:cf:96:1f:b5:e2:c9:96:84:dd:9b:13:
04:53:ac:19:cf:dd:5d:46:c1:20:66:c8:fd:1f:02:
65:b2:2c:e8:2a:c5:77:f9:67:9c:82:90:8f:15:4c:
27:a7:38:bc:d6:8f:7e:6d:fd:00:8f:f0:76:41:77:
46:76:40:25:f8:b6:53:c9:a2:c7:d1:51:c8:65:25:
bc:26:7f:9b:31:1a:8a:b6:37:bf:35:c1:b1:5c:72:
10:e5:4f:79:8a:99:5d:37:61:8d:7c:74:fd:0f:65:
d1:f3:95:a3:ad:d7:1b:e4:95:aa:d3:1a:00:12:b0:
e1:3d:38:a8:26:52:bc:ba:6d:aa:3e:cf:0e:2a:22:
b5:e9:9b:18:14:29:da:90:eb:11:04:ae:85:32:33:
35:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:96:2C:7D:62:7F:B8:37:A3:F7:5B:EB:7E:34:3A:FD:6F:81:21:29
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lJYsfWJ_uDej91vrfjQ6_W-BISk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
195.133.59.0/24
212.192.214.0/24
Signature Algorithm: sha256WithRSAEncryption
79:b5:03:f0:b6:bf:9c:e0:89:a1:2f:54:eb:f6:90:b8:fb:08:
68:f7:f3:28:f8:6d:a3:49:9e:80:0e:c6:c3:af:ee:8c:7a:19:
81:dd:c7:ed:2c:68:ad:e2:1a:b4:84:e5:fa:4b:1b:9f:93:7e:
7e:40:d5:50:e0:a9:c8:90:b9:4a:3e:f2:fa:2d:d8:4e:67:af:
c5:bf:95:28:fe:de:e0:fa:c0:f8:46:7f:0f:f4:ca:79:39:11:
84:d5:61:ab:b2:f7:0a:45:a5:a3:a2:ac:b9:84:ad:13:7f:1d:
3d:d5:9a:79:9b:92:b7:ee:36:4f:4a:18:8b:e3:2c:22:64:bc:
0b:f5:68:f9:cb:49:2f:6f:d5:4a:31:0e:39:fb:07:32:b0:92:
17:70:02:c1:9e:58:d4:bf:2a:b0:4d:69:07:38:87:ca:b7:ca:
01:7d:1e:e6:bb:1d:4a:69:88:b3:6e:4a:5e:c3:91:f9:5f:09:
46:2a:61:bd:fd:85:a2:e9:7e:2b:8c:43:84:d8:9a:d5:19:88:
fb:e6:0a:5d:16:a4:67:1d:c1:5c:c3:e3:50:79:39:50:c2:d6:
cd:a1:dc:50:e5:aa:d2:97:67:5e:76:a0:6c:ec:a2:31:0e:6d:
bd:e4:85:9b:03:fc:36:ba:67:dc:c4:1f:50:51:84:1c:e8:cf:
39:55:25:c4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZOIDd7wFEooZPHbGEhDHBVBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjAyMTU0NzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk2MmM3ZDYyN2ZiODM3YTNmNzViZWI3ZTM0M2FmZDZmODEyMTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq2zdoBn74bZ6WZYlpvJZQY2idfF
XMzczhroS/A2tZ6ffdxQM+vvFmFo5/an305pjdaub+Lcn3mfwzAEI8GRFT63jdOn
L9DbJYMIXETKzBmmwjQ4G62ju0BwSNJ6WdNV/CzsgZq/ViXUr7iBz5YfteLJloTd
mxMEU6wZz91dRsEgZsj9HwJlsizoKsV3+WecgpCPFUwnpzi81o9+bf0Aj/B2QXdG
dkAl+LZTyaLH0VHIZSW8Jn+bMRqKtje/NcGxXHIQ5U95ipldN2GNfHT9D2XR85Wj
rdcb5JWq0xoAErDhPTioJlK8um2qPs8OKiK16ZsYFCnakOsRBK6FMjM15wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJSWLH1if7g3o/db6340Ov1vgSEpMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbEpZc2ZXSl91RGVqOTF2cmZqUTZfVy1CSVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwXzjAwQA
w4U7AwQA1MDWMA0GCSqGSIb3DQEBCwUAA4IBAQB5tQPwtr+c4ImhL1Tr9pC4+who
9/Mo+G2jSZ6ADsbDr+6MehmB3cftLGit4hq0hOX6Sxufk35+QNVQ4KnIkLlKPvL6
LdhOZ6/Fv5Uo/t7g+sD4Rn8P9Mp5ORGE1WGrsvcKRaWjoqy5hK0Tfx091Zp5m5K3
7jZPShiL4ywiZLwL9Wj5y0kvb9VKMQ45+wcysJIXcALBnljUvyqwTWkHOIfKt8oB
fR7mux1KaYizbkpew5H5XwlGKmG9/YWi6X4rjEOE2JrVGYj75gpdFqRnHcFcw+NQ
eTlQwtbNodxQ5arSl2dedqBs7KIxDm295IWbA/w2umfcxB9QUYQc6M85VSXE
-----END CERTIFICATE-----
Generated at Sat Apr 19 12:48:34 2025 by rpki-client