Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/oIGZtjHQY2qPQRmuEsRe8x8v89s.roa
File: oIGZtjHQY2qPQRmuEsRe8x8v89s.roa (raw, json)
Hash identifier: Y6G1jjBO5GexGph8/t2uxcsY0g/14bUseWTKgoCo20I=
Subject key identifier: A0:81:99:B6:31:D0:63:6A:8F:41:19:AE:12:C4:5E:F3:1F:2F:F3:DB
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019403F1B3AE85FCD99D59AB0403A046FA33
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/oIGZtjHQY2qPQRmuEsRe8x8v89s.roa
Signing time: Thu 26 Dec 2024 17:09:19 +0000
ROA not before: Thu 26 Dec 2024 17:09:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215224
IP address blocks: 193.124.227.0/24 maxlen: 24
194.87.53.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
212.192.247.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:03:f1:b3:ae:85:fc:d9:9d:59:ab:04:03:a0:46:fa:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 26 17:09:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a08199b631d0636a8f4119ae12c45ef31f2ff3db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:52:b6:df:93:98:18:68:d5:92:fd:ed:d8:7e:
10:e2:0c:ca:4f:cf:46:4c:18:01:b1:7e:7b:fe:4f:
46:8b:d0:85:5a:df:8b:df:8b:f1:97:8b:4d:04:3f:
fc:fc:fe:de:f1:39:bd:cc:3d:1b:08:1c:17:c6:25:
b3:15:39:ca:d1:15:ef:7f:a4:1b:d3:24:de:9f:4c:
1e:00:48:3b:62:a8:f0:8c:94:e0:8a:9f:b1:30:6d:
83:3e:36:a4:42:6c:4d:67:9c:3b:4e:06:eb:ed:61:
b0:0a:44:d5:52:35:a1:27:8d:ac:cc:47:f3:e9:be:
a0:b5:21:68:ae:f7:bb:f3:30:e2:7b:75:a0:d2:98:
65:76:36:6e:3f:91:72:3a:41:85:0c:1e:75:d2:66:
85:22:49:80:40:03:27:79:e3:5d:59:6f:46:dd:95:
ae:17:f6:76:cd:5d:f1:e2:51:1c:c8:e4:2d:16:a0:
87:10:84:41:e0:a1:d5:ea:06:72:b5:24:72:4f:df:
83:92:f7:6b:96:f5:86:4d:5d:27:94:f8:e9:2e:26:
6b:de:88:8a:65:fa:34:83:f3:fd:30:1d:16:e5:60:
76:5e:72:27:8c:74:96:cc:05:11:da:fb:fe:4d:f6:
14:b7:92:21:c0:a8:0f:15:1e:c7:91:aa:7e:81:a7:
47:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:81:99:B6:31:D0:63:6A:8F:41:19:AE:12:C4:5E:F3:1F:2F:F3:DB
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/oIGZtjHQY2qPQRmuEsRe8x8v89s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.87.53.0/24
194.135.46.0/24
195.133.55.0/24
195.133.59.0/24
212.192.247.0/24
Signature Algorithm: sha256WithRSAEncryption
65:1d:cf:27:f6:fe:bf:ce:c9:a1:41:a7:78:95:7c:9a:d4:4d:
09:1a:0f:b9:69:e6:80:82:33:73:72:b7:8a:9c:09:9c:34:20:
c3:d3:7b:32:ec:2f:29:98:20:95:ac:e6:a2:66:f0:12:4c:f6:
9b:ac:ca:96:c7:99:10:2d:a1:c8:66:36:b3:3f:ab:53:d2:b0:
7f:b8:71:67:bd:67:9b:05:0e:8e:67:0a:8b:91:fb:02:26:1f:
6b:13:67:1f:91:ae:1a:c7:5b:29:6d:f2:cc:4b:6a:91:43:11:
e0:e5:d9:64:8e:b9:f4:cd:f2:50:81:96:ad:e9:d4:60:02:5d:
ce:b5:ee:28:3b:90:80:de:2a:fa:98:9a:2f:c9:7b:f6:f9:04:
8b:b2:8c:2f:53:f9:24:fc:ce:0e:c9:65:25:11:64:86:46:c9:
26:c7:a1:e6:0f:72:49:33:a2:82:ba:0d:29:ac:f1:bc:18:ec:
b5:dc:64:d3:23:48:ed:07:ab:e1:ad:9a:7e:4b:b7:e1:6d:f1:
1b:29:9a:df:5b:d9:22:8e:9c:bc:59:40:ef:80:88:c0:21:c6:
20:18:2f:f8:3e:95:1c:30:3b:f2:c3:78:37:fc:86:0f:0e:84:
0f:56:fc:6f:d3:df:08:98:b4:cb:23:5a:c3:14:51:bd:b8:db:
3a:db:58:be
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQD8bOuhfzZnVmrBAOgRvozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjI2MTcwOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDgxOTliNjMxZDA2MzZhOGY0MTE5YWUxMmM0NWVmMzFmMmZmM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21K235OYGGjVkv3t2H4Q4gzKT89G
TBgBsX57/k9Gi9CFWt+L34vxl4tNBD/8/P7e8Tm9zD0bCBwXxiWzFTnK0RXvf6Qb
0yTen0weAEg7YqjwjJTgip+xMG2DPjakQmxNZ5w7Tgbr7WGwCkTVUjWhJ42szEfz
6b6gtSForve78zDie3Wg0phldjZuP5FyOkGFDB510maFIkmAQAMneeNdWW9G3ZWu
F/Z2zV3x4lEcyOQtFqCHEIRB4KHV6gZytSRyT9+DkvdrlvWGTV0nlPjpLiZr3oiK
Zfo0g/P9MB0W5WB2XnInjHSWzAUR2vv+TfYUt5IhwKgPFR7Hkap+gadHpQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKCBmbYx0GNqj0EZrhLEXvMfL/PbMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvb0lHWnRqSFFZMnFQUVJtdUVzUmU4eDh2ODlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwXzjAwQA
wlc1AwQAwocuAwQAw4U3AwQAw4U7AwQA1MD3MA0GCSqGSIb3DQEBCwUAA4IBAQBl
Hc8n9v6/zsmhQad4lXya1E0JGg+5aeaAgjNzcreKnAmcNCDD03sy7C8pmCCVrOai
ZvASTPabrMqWx5kQLaHIZjazP6tT0rB/uHFnvWebBQ6OZwqLkfsCJh9rE2cfka4a
x1spbfLMS2qRQxHg5dlkjrn0zfJQgZat6dRgAl3Ote4oO5CA3ir6mJovyXv2+QSL
sowvU/kk/M4OyWUlEWSGRskmx6HmD3JJM6KCug0prPG8GOy13GTTI0jtB6vhrZp+
S7fhbfEbKZrfW9kijpy8WUDvgIjAIcYgGC/4PpUcMDvyw3g3/IYPDoQPVvxv098I
mLTLI1rDFFG9uNs621i+
-----END CERTIFICATE-----
Generated at Mon Apr 21 02:44:02 2025 by rpki-client