Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mMFBBt9rXUZXwZnLxi_JQu_-nHE.roa
File: mMFBBt9rXUZXwZnLxi_JQu_-nHE.roa (raw, json)
Hash identifier: sVYDn9Xnt4YP2y7Gvgd/zMr9f+GoEhchdC3Tlt0aK4g=
Subject key identifier: 98:C1:41:06:DF:6B:5D:46:57:C1:99:CB:C6:2F:C9:42:EF:FE:9C:71
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018A2C2D475C960C3766A12DD033C3D9646D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mMFBBt9rXUZXwZnLxi_JQu_-nHE.roa
Signing time: Fri 25 Aug 2023 10:11:19 +0000
ROA not before: Fri 25 Aug 2023 10:11:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200385
IP address blocks: 194.87.205.0/24 maxlen: 24
193.124.227.0/24 maxlen: 24
193.124.18.0/24 maxlen: 24
62.76.235.0/24 maxlen: 24
194.87.23.0/24 maxlen: 24
193.124.49.0/24 maxlen: 24
195.133.37.0/24 maxlen: 24
194.58.60.0/24 maxlen: 24
193.124.91.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:2c:2d:47:5c:96:0c:37:66:a1:2d:d0:33:c3:d9:64:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Aug 25 10:11:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=98c14106df6b5d4657c199cbc62fc942effe9c71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:04:9c:e3:d6:52:84:25:dc:a5:6e:04:eb:84:
03:9f:9f:2e:3a:d5:7c:13:03:34:59:f0:26:3a:49:
63:3f:d1:fb:9c:ce:5b:34:d2:3e:69:1f:9e:f4:e1:
a8:fa:e5:88:6e:c2:92:47:67:b0:b7:3d:53:2b:08:
31:91:2d:15:0b:39:3f:e0:41:65:60:97:08:71:d4:
31:ef:f4:24:a3:bc:b2:d6:05:dc:9e:c6:86:ec:99:
2a:37:bb:e3:ef:f4:24:01:6a:2e:7d:41:c3:1f:3f:
73:2e:d9:d5:7a:d0:dd:6c:2b:77:c7:66:0b:74:fd:
48:6d:84:bc:8f:e3:73:35:35:02:51:da:dc:9b:f6:
94:50:14:ac:f1:f9:4f:34:0a:4d:98:0e:1b:f4:e3:
c0:ca:bf:e0:3f:6b:0b:f6:69:0b:33:71:c6:97:66:
95:b4:3e:26:28:f6:88:e8:a5:4b:5e:73:69:d7:6f:
e8:c5:d0:dc:cb:53:df:60:6f:a7:43:bc:3b:ca:fa:
3c:23:bd:6c:6a:32:07:cd:ea:66:67:02:9c:24:e3:
85:91:df:9d:5a:3c:bb:24:12:0c:87:40:78:50:06:
1b:eb:ad:c4:1b:f8:2d:4f:d2:ac:13:5b:9a:c7:36:
75:78:37:39:a4:6c:2f:d2:d3:f1:4b:01:6c:09:62:
60:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:C1:41:06:DF:6B:5D:46:57:C1:99:CB:C6:2F:C9:42:EF:FE:9C:71
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/mMFBBt9rXUZXwZnLxi_JQu_-nHE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.235.0/24
193.124.18.0/24
193.124.49.0/24
193.124.91.0/24
193.124.227.0/24
194.58.60.0/24
194.87.23.0/24
194.87.205.0/24
195.133.37.0/24
Signature Algorithm: sha256WithRSAEncryption
2c:43:6c:10:df:88:26:85:49:ff:a3:6f:d9:76:41:40:94:19:
4d:00:bf:53:4a:90:eb:67:05:53:cf:ba:54:45:ed:07:af:d0:
6f:bc:30:ad:d1:f7:a3:b4:4c:56:40:c3:87:40:fa:3a:c5:38:
bb:dc:ec:a7:a7:1f:d7:74:a5:fe:ac:33:8a:b7:c9:74:e7:27:
3a:46:6e:62:96:41:92:48:2b:34:b6:72:11:48:d6:45:d0:83:
20:c9:fc:0b:bf:7c:5c:4b:9b:76:a5:2b:9f:c7:ba:cd:97:a2:
bb:36:00:8a:8d:bb:43:00:17:02:31:e5:f7:2d:17:55:c4:7a:
32:68:be:9d:eb:b9:b7:76:23:f5:32:64:f7:15:a8:09:19:d6:
b0:ff:98:e8:e2:b0:4f:e1:98:f6:8b:34:4f:e6:c5:0c:45:14:
e3:fc:a4:45:bf:54:80:db:42:d0:27:88:b3:40:09:8f:f2:ca:
cd:dd:51:d8:8f:77:fa:1d:ed:41:f8:99:80:78:1d:38:5e:8d:
17:da:14:00:3f:54:84:56:f0:21:bf:5b:3f:41:2b:c2:32:9d:
bb:b0:9f:b0:fe:c0:69:40:70:fb:7c:1d:5f:30:ac:a8:85:77:
32:4b:59:ec:25:fd:8a:43:43:22:42:3e:ff:fe:7a:6f:20:3c:
3b:d0:0c:01
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYosLUdclgw3ZqEt0DPD2WRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwODI1MTAxMTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGMxNDEwNmRmNmI1ZDQ2NTdjMTk5Y2JjNjJmYzk0MmVmZmU5YzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQSc49ZShCXcpW4E64QDn58uOtV8
EwM0WfAmOkljP9H7nM5bNNI+aR+e9OGo+uWIbsKSR2ewtz1TKwgxkS0VCzk/4EFl
YJcIcdQx7/Qko7yy1gXcnsaG7JkqN7vj7/QkAWoufUHDHz9zLtnVetDdbCt3x2YL
dP1IbYS8j+NzNTUCUdrcm/aUUBSs8flPNApNmA4b9OPAyr/gP2sL9mkLM3HGl2aV
tD4mKPaI6KVLXnNp12/oxdDcy1PfYG+nQ7w7yvo8I71sajIHzepmZwKcJOOFkd+d
Wjy7JBIMh0B4UAYb663EG/gtT9KsE1uaxzZ1eDc5pGwv0tPxSwFsCWJgxwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJjBQQbfa11GV8GZy8YvyULv/pxxMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbU1GQkJ0OXJYVVpYd1puTHhpX0pRdV8tbkhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAPkzrAwQA
wXwSAwQAwXwxAwQAwXxbAwQAwXzjAwQAwjo8AwQAwlcXAwQAwlfNAwQAw4UlMA0G
CSqGSIb3DQEBCwUAA4IBAQAsQ2wQ34gmhUn/o2/ZdkFAlBlNAL9TSpDrZwVTz7pU
Re0Hr9BvvDCt0fejtExWQMOHQPo6xTi73Oynpx/XdKX+rDOKt8l05yc6Rm5ilkGS
SCs0tnIRSNZF0IMgyfwLv3xcS5t2pSufx7rNl6K7NgCKjbtDABcCMeX3LRdVxHoy
aL6d67m3diP1MmT3FagJGdaw/5jo4rBP4Zj2izRP5sUMRRTj/KRFv1SA20LQJ4iz
QAmP8srN3VHYj3f6He1B+JmAeB04Xo0X2hQAP1SEVvAhv1s/QSvCMp27sJ+w/sBp
QHD7fB1fMKyohXcyS1nsJf2KQ0MiQj7//npvIDw70AwB
-----END CERTIFICATE-----
Generated at Sun Jun 8 13:29:56 2025 by rpki-client