Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lKT7lPmhnNyZZBlUR4W_y8VfHUM.roa
File: lKT7lPmhnNyZZBlUR4W_y8VfHUM.roa (raw, json)
Hash identifier: R9aesvgvPzGB3ihTFuPOkRlAe9cNMQtlZhabodOHOH0=
Subject key identifier: 94:A4:FB:94:F9:A1:9C:DC:99:64:19:54:47:85:BF:CB:C5:5F:1D:43
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01944C0BA69B62B650B68B2032AB933D2CD1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lKT7lPmhnNyZZBlUR4W_y8VfHUM.roa
Signing time: Thu 09 Jan 2025 17:10:19 +0000
ROA not before: Thu 09 Jan 2025 17:10:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209242
IP address blocks: 193.124.18.0/24 maxlen: 24
193.124.36.0/24 maxlen: 24
193.124.224.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:4c:0b:a6:9b:62:b6:50:b6:8b:20:32:ab:93:3d:2c:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 9 17:10:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=94a4fb94f9a19cdc996419544785bfcbc55f1d43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:a1:cb:e8:8c:4f:99:1b:36:a7:48:ee:b7:df:
cc:08:57:1d:ed:46:4e:80:d7:b8:7c:3d:ac:b5:4d:
70:7d:16:af:97:be:69:83:56:3e:8b:81:96:a5:d0:
66:0f:77:e4:f9:8e:28:be:e5:c3:86:4a:ec:63:d8:
20:c5:20:21:32:f7:78:9b:8d:0b:ec:d4:a7:1a:b8:
1a:41:df:46:27:a4:ed:f8:3d:ec:3c:d0:45:2f:c2:
dd:db:df:4f:d3:89:a3:ae:69:e7:f3:fe:c6:ea:d7:
be:ef:84:a8:df:f0:57:ee:01:0e:dd:8d:c5:37:b8:
84:66:eb:f6:ff:b8:43:c1:f6:bf:35:2a:ef:f3:dd:
47:78:33:a2:c2:65:60:7a:5f:d9:1f:c5:ed:c9:29:
2a:45:35:08:ed:03:b2:d5:df:b3:46:0d:54:2f:1a:
c6:09:78:24:7a:2c:1c:b1:a9:5f:13:fd:8e:2a:79:
cb:bb:64:fb:77:e9:89:c0:4a:1e:87:be:1a:1a:cc:
bc:28:c4:8a:be:7d:22:2a:39:4b:cf:41:1e:ee:8c:
1c:8f:4a:fa:80:ca:63:2a:bb:5b:bf:c4:b6:44:33:
fe:9c:71:f7:73:83:04:a2:73:dc:8d:5e:47:1b:6b:
71:4d:9c:d4:76:ef:39:7a:f7:84:2e:79:04:fe:05:
43:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:A4:FB:94:F9:A1:9C:DC:99:64:19:54:47:85:BF:CB:C5:5F:1D:43
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lKT7lPmhnNyZZBlUR4W_y8VfHUM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.18.0/24
193.124.36.0/24
193.124.224.0/23
Signature Algorithm: sha256WithRSAEncryption
27:da:ca:44:8b:c7:b4:54:21:91:b6:7c:07:dd:4f:97:d2:f4:
cb:06:57:8a:97:d0:73:81:8f:03:d8:58:85:22:3a:84:48:8b:
e5:d6:61:9b:a5:b3:95:61:cd:b9:e8:77:3e:59:48:56:46:37:
dc:cf:5c:5e:60:7c:5f:7e:f7:9e:4a:ee:82:d4:da:43:09:25:
f7:a0:15:2a:67:06:38:3a:fb:6a:7f:dc:83:af:d8:31:d7:0a:
b8:a8:f1:d6:96:d4:1e:c7:54:eb:ea:ac:7e:09:d4:f0:14:39:
c4:7b:88:b5:f7:d2:13:55:7d:b2:a6:67:1c:60:d6:f8:b1:ad:
19:4b:25:6f:85:ac:03:7e:96:ef:e3:ef:e7:83:7f:73:4e:be:
fb:0a:55:5a:3d:cc:72:9e:80:11:fc:e5:08:54:d8:4f:4a:07:
5c:8e:2b:3e:e3:40:ba:40:26:bb:57:21:98:07:76:84:c1:51:
cc:77:42:37:b2:7f:d4:9c:68:e1:a2:01:bd:e0:fb:a2:80:71:
2e:20:51:ab:7e:21:23:5b:f7:7f:7e:ba:fc:31:bc:5b:71:81:
63:25:12:c3:8e:e2:a4:a4:84:06:e0:06:04:d0:bd:8c:4d:3d:
4c:6e:c5:7e:82:65:51:89:c1:52:5c:76:6e:af:07:f1:da:2c:
bd:57:68:f0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRMC6abYrZQtosgMquTPSzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTA5MTcxMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGE0ZmI5NGY5YTE5Y2RjOTk2NDE5NTQ0Nzg1YmZjYmM1NWYxZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aHL6IxPmRs2p0jut9/MCFcd7UZO
gNe4fD2stU1wfRavl75pg1Y+i4GWpdBmD3fk+Y4ovuXDhkrsY9ggxSAhMvd4m40L
7NSnGrgaQd9GJ6Tt+D3sPNBFL8Ld299P04mjrmnn8/7G6te+74So3/BX7gEO3Y3F
N7iEZuv2/7hDwfa/NSrv891HeDOiwmVgel/ZH8XtySkqRTUI7QOy1d+zRg1ULxrG
CXgkeiwcsalfE/2OKnnLu2T7d+mJwEoeh74aGsy8KMSKvn0iKjlLz0Ee7owcj0r6
gMpjKrtbv8S2RDP+nHH3c4MEonPcjV5HG2txTZzUdu85eveELnkE/gVDjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJSk+5T5oZzcmWQZVEeFv8vFXx1DMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbEtUN2xQbWhuTnlaWkJsVVI0V195OFZmSFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwXwSAwQA
wXwkAwQBwXzgMA0GCSqGSIb3DQEBCwUAA4IBAQAn2spEi8e0VCGRtnwH3U+X0vTL
BleKl9BzgY8D2FiFIjqESIvl1mGbpbOVYc256Hc+WUhWRjfcz1xeYHxffveeSu6C
1NpDCSX3oBUqZwY4Ovtqf9yDr9gx1wq4qPHWltQex1Tr6qx+CdTwFDnEe4i199IT
VX2ypmccYNb4sa0ZSyVvhawDfpbv4+/ng39zTr77ClVaPcxynoAR/OUIVNhPSgdc
jis+40C6QCa7VyGYB3aEwVHMd0I3sn/UnGjhogG94PuigHEuIFGrfiEjW/d/frr8
MbxbcYFjJRLDjuKkpIQG4AYE0L2MTT1MbsV+gmVRicFSXHZurwfx2iy9V2jw
-----END CERTIFICATE-----
Generated at Sun Apr 20 22:10:11 2025 by rpki-client