Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/p3rbQUXYNz-xANdVrosBhHVt2BQ.roa
File: p3rbQUXYNz-xANdVrosBhHVt2BQ.roa (raw, json)
Hash identifier: Js+OwRFmO4Xl/XN0T68cTeRouTBy4LicrJ1qkIcbc+8=
Subject key identifier: A7:7A:DB:41:45:D8:37:3F:B1:00:D7:55:AE:8B:01:84:75:6D:D8:14
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193BBDD4CA426EF23B4759D0AF6AF2D2C8A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/p3rbQUXYNz-xANdVrosBhHVt2BQ.roa
Signing time: Thu 12 Dec 2024 17:14:22 +0000
ROA not before: Thu 12 Dec 2024 17:14:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210974
IP address blocks: 212.192.3.0/24 maxlen: 24
212.192.11.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:bb:dd:4c:a4:26:ef:23:b4:75:9d:0a:f6:af:2d:2c:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 12 17:14:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a77adb4145d8373fb100d755ae8b0184756dd814
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:3a:92:24:c2:6a:50:4f:31:c5:8a:a6:9d:15:
5e:ce:5f:3d:31:52:ee:bc:c6:e5:0f:59:30:74:ce:
b4:fc:0e:68:3e:52:58:fb:e0:e3:54:5e:ef:fe:ba:
f6:e7:43:9e:05:8f:1d:73:03:bf:c3:29:76:c6:1c:
e8:49:59:e9:88:15:bd:ec:d8:59:be:db:e8:5b:89:
f8:56:8d:6a:2c:5d:4a:67:56:2a:83:41:3d:a5:a0:
d3:d2:20:8e:04:7b:ff:61:4f:32:7b:d0:4a:da:16:
38:10:d2:0f:b9:c8:18:54:ab:88:55:a5:bf:ee:19:
5c:10:45:ef:bc:02:94:bb:72:31:4c:62:54:41:b4:
85:3e:c1:7d:ec:fd:c2:62:e8:41:2d:30:f9:c7:77:
e1:35:dd:a8:ec:a6:4f:20:65:14:09:8e:16:27:38:
d3:23:b3:41:05:11:76:90:85:6f:e6:2f:ea:66:3c:
90:36:25:21:b1:a8:e8:84:4b:81:d5:27:34:71:4e:
f2:40:99:8e:63:f5:2c:0e:20:b0:76:91:28:93:47:
02:ff:fc:51:16:51:5c:02:e2:4d:b0:1a:f3:32:30:
27:7a:ee:1f:d1:b3:27:72:67:62:f2:b5:4c:30:1f:
a3:48:c1:ba:26:c3:0e:73:30:b1:c3:7d:1c:65:e1:
e4:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:7A:DB:41:45:D8:37:3F:B1:00:D7:55:AE:8B:01:84:75:6D:D8:14
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/p3rbQUXYNz-xANdVrosBhHVt2BQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.192.3.0/24
212.192.11.0/24
Signature Algorithm: sha256WithRSAEncryption
85:06:9a:db:35:e4:4d:47:99:3c:47:d1:e7:06:65:6f:3d:77:
0a:8e:24:7f:a2:84:be:1f:55:5e:d8:bc:c7:2a:53:77:91:dc:
82:9e:26:42:74:44:80:43:01:26:68:9d:ae:ea:80:ce:a4:cf:
c9:fe:1f:af:d1:6f:c2:7b:f5:51:6e:85:4a:f4:d9:56:ad:b6:
8c:bf:5e:ee:95:34:a5:ad:a2:d6:a6:30:b7:3f:e4:96:0b:41:
b3:29:c4:34:b4:7f:c0:24:06:55:d3:0f:ad:0e:5f:33:1a:b7:
e9:98:d7:d0:d9:7c:d3:8e:67:84:ca:4c:1c:c8:79:d4:72:55:
8a:13:3a:ef:11:08:16:25:a4:bd:76:56:ea:06:f9:79:ea:16:
2c:57:d5:64:1e:cd:25:d9:13:82:ca:a4:20:04:4d:0a:23:59:
cf:02:98:c0:c8:77:8c:7a:0f:b1:36:f1:bb:f2:90:7d:22:2e:
52:a3:ac:db:ed:17:5a:e2:5f:d7:f1:25:c5:83:f5:80:0f:74:
d2:ab:40:df:33:5b:92:1b:0d:7c:7c:9d:f7:93:89:89:b0:de:
a1:5c:1b:eb:1a:67:8c:f9:58:5f:18:e7:8e:a9:ce:26:d6:9b:
64:c0:9b:28:3f:c2:83:18:fb:bd:f3:9d:15:e1:c5:5e:28:5f:
38:64:0f:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZO73UykJu8jtHWdCvavLSyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjEyMTcxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdhZGI0MTQ1ZDgzNzNmYjEwMGQ3NTVhZThiMDE4NDc1NmRkODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDqSJMJqUE8xxYqmnRVezl89MVLu
vMblD1kwdM60/A5oPlJY++DjVF7v/rr250OeBY8dcwO/wyl2xhzoSVnpiBW97NhZ
vtvoW4n4Vo1qLF1KZ1Yqg0E9paDT0iCOBHv/YU8ye9BK2hY4ENIPucgYVKuIVaW/
7hlcEEXvvAKUu3IxTGJUQbSFPsF97P3CYuhBLTD5x3fhNd2o7KZPIGUUCY4WJzjT
I7NBBRF2kIVv5i/qZjyQNiUhsajohEuB1Sc0cU7yQJmOY/UsDiCwdpEok0cC//xR
FlFcAuJNsBrzMjAneu4f0bMncmdi8rVMMB+jSMG6JsMOczCxw30cZeHkGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKd620FF2Dc/sQDXVa6LAYR1bdgUMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcDNyYlFVWFlOei14QU5kVnJvc0JoSFZ0MkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1MADAwQA
1MALMA0GCSqGSIb3DQEBCwUAA4IBAQCFBprbNeRNR5k8R9HnBmVvPXcKjiR/ooS+
H1Ve2LzHKlN3kdyCniZCdESAQwEmaJ2u6oDOpM/J/h+v0W/Ce/VRboVK9NlWrbaM
v17ulTSlraLWpjC3P+SWC0GzKcQ0tH/AJAZV0w+tDl8zGrfpmNfQ2XzTjmeEykwc
yHnUclWKEzrvEQgWJaS9dlbqBvl56hYsV9VkHs0l2ROCyqQgBE0KI1nPApjAyHeM
eg+xNvG78pB9Ii5So6zb7Rda4l/X8SXFg/WAD3TSq0DfM1uSGw18fJ33k4mJsN6h
XBvrGmeM+VhfGOeOqc4m1ptkwJsoP8KDGPu9850V4cVeKF84ZA9V
-----END CERTIFICATE-----
Generated at Sat Apr 19 11:33:38 2025 by rpki-client