Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nZGxXuNTQeTrKVKPKKu7TUzbyd8.roa
File: nZGxXuNTQeTrKVKPKKu7TUzbyd8.roa (raw, json)
Hash identifier: SXP9jlVYIqluYJumflH50wZe3FNxTlU7YIIm7TnunIw=
Subject key identifier: 9D:91:B1:5E:E3:53:41:E4:EB:29:52:8F:28:AB:BB:4D:4C:DB:C9:DF
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193D143D1BB296FF8B24AECC68FDCA4ADCD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nZGxXuNTQeTrKVKPKKu7TUzbyd8.roa
Signing time: Mon 16 Dec 2024 20:58:22 +0000
ROA not before: Mon 16 Dec 2024 20:58:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215224
IP address blocks: 193.124.227.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:d1:43:d1:bb:29:6f:f8:b2:4a:ec:c6:8f:dc:a4:ad:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 16 20:58:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9d91b15ee35341e4eb29528f28abbb4d4cdbc9df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:43:82:27:4f:ea:d7:96:26:60:56:05:dc:17:
d0:83:8c:ec:d1:74:39:84:34:4e:53:a1:4c:e5:8d:
b3:97:bd:bb:00:c2:e5:24:ea:e0:de:2e:2e:b7:52:
bc:fe:de:ee:60:c5:38:52:4b:31:6c:51:18:04:67:
84:2c:33:b4:b6:4f:8c:f2:da:37:47:03:55:9d:72:
58:01:81:c4:c8:18:21:3e:b5:52:17:9b:0c:c6:57:
63:ac:a7:7b:db:68:1c:11:35:f7:a4:0c:c4:3c:af:
4d:95:64:ba:43:e2:69:a5:d4:32:fd:b3:13:b9:a9:
37:73:37:02:d9:f0:b3:51:e9:61:0d:be:2d:43:0a:
fb:67:78:c9:9d:11:c7:ac:90:f0:59:2c:b5:de:1a:
c1:63:16:8d:e5:0d:00:20:48:a7:cb:40:48:d8:5e:
51:11:b6:58:9c:d6:9b:b5:69:c0:2b:71:11:64:a8:
40:30:e3:dd:c5:2a:fd:a6:58:2c:07:5a:77:ac:93:
3b:40:46:16:7c:68:f2:13:43:48:d4:4b:db:8e:84:
b6:00:e6:ac:49:95:dc:ae:b3:8f:ae:c3:57:49:24:
22:89:53:ae:65:47:52:e0:4f:65:05:fe:37:f8:27:
19:b8:82:8f:54:7d:42:08:43:ca:6f:de:bd:c8:5e:
cc:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:91:B1:5E:E3:53:41:E4:EB:29:52:8F:28:AB:BB:4D:4C:DB:C9:DF
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nZGxXuNTQeTrKVKPKKu7TUzbyd8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.135.46.0/24
195.133.55.0/24
195.133.59.0/24
212.192.214.0/24
Signature Algorithm: sha256WithRSAEncryption
04:fd:77:de:b5:83:43:e8:e8:5f:04:6f:f5:7e:42:6e:03:57:
fc:e7:e1:0e:6a:11:06:ed:e1:c3:be:59:31:9c:92:a7:cc:65:
dd:1f:68:18:00:1b:d8:df:43:f3:7d:c6:8b:76:87:a6:95:de:
26:b6:3b:3a:d2:53:8f:a9:f9:1b:1f:82:62:15:e5:0b:28:c6:
b5:a2:c8:cd:20:bf:ef:49:6e:d6:f1:ab:49:41:1c:2b:40:97:
c0:56:23:b5:fd:b3:a0:2a:cc:95:06:8b:c5:46:56:3c:74:92:
eb:ce:d1:7c:09:20:dc:e6:e3:93:fa:29:5e:04:24:85:50:02:
fa:9c:90:be:2e:60:ae:9f:28:98:f6:5c:c7:9f:2b:7b:f9:b9:
e4:c4:ed:53:45:de:aa:10:4b:9e:11:0e:24:9b:d4:26:af:b6:
51:e8:f0:c1:03:2c:7c:6d:df:76:bc:ae:c3:3f:29:76:28:dc:
b1:43:25:20:3c:0e:1f:bb:37:f4:9d:72:be:94:6a:a2:4b:d1:
9c:d8:51:91:5d:a0:ac:f1:70:10:e1:3e:d8:4f:a7:ea:37:9f:
e1:59:2e:58:31:01:4e:e3:eb:22:ca:44:d9:93:a2:5e:60:7a:
49:43:0a:9e:49:30:a5:9c:58:73:bd:b7:a0:bb:4a:c9:13:e5:
bb:1d:fb:e9
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZPRQ9G7KW/4skrsxo/cpK3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjE2MjA1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDkxYjE1ZWUzNTM0MWU0ZWIyOTUyOGYyOGFiYmI0ZDRjZGJjOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50OCJ0/q15YmYFYF3BfQg4zs0XQ5
hDROU6FM5Y2zl727AMLlJOrg3i4ut1K8/t7uYMU4UksxbFEYBGeELDO0tk+M8to3
RwNVnXJYAYHEyBghPrVSF5sMxldjrKd722gcETX3pAzEPK9NlWS6Q+JppdQy/bMT
uak3czcC2fCzUelhDb4tQwr7Z3jJnRHHrJDwWSy13hrBYxaN5Q0AIEiny0BI2F5R
EbZYnNabtWnAK3ERZKhAMOPdxSr9plgsB1p3rJM7QEYWfGjyE0NI1EvbjoS2AOas
SZXcrrOPrsNXSSQiiVOuZUdS4E9lBf43+CcZuIKPVH1CCEPKb969yF7MvQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJ2RsV7jU0Hk6ylSjyiru01M28nfMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvblpHeFh1TlRRZVRyS1ZLUEtLdTdUVXpieWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwXzjAwQA
wocuAwQAw4U3AwQAw4U7AwQA1MDWMA0GCSqGSIb3DQEBCwUAA4IBAQAE/XfetYND
6OhfBG/1fkJuA1f85+EOahEG7eHDvlkxnJKnzGXdH2gYABvY30PzfcaLdoemld4m
tjs60lOPqfkbH4JiFeULKMa1osjNIL/vSW7W8atJQRwrQJfAViO1/bOgKsyVBovF
RlY8dJLrztF8CSDc5uOT+ileBCSFUAL6nJC+LmCunyiY9lzHnyt7+bnkxO1TRd6q
EEueEQ4km9Qmr7ZR6PDBAyx8bd92vK7DPyl2KNyxQyUgPA4fuzf0nXK+lGqiS9Gc
2FGRXaCs8XAQ4T7YT6fqN5/hWS5YMQFO4+siykTZk6JeYHpJQwqeSTClnFhzvbeg
u0rJE+W7Hfvp
-----END CERTIFICATE-----
Generated at Fri Apr 18 20:18:24 2025 by rpki-client