Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rGD_czX1jB9LCp58qTsQUwqINwc.roa
File: rGD_czX1jB9LCp58qTsQUwqINwc.roa (raw, json)
Hash identifier: gx6l0tzMLgqqYxJKm3WtExyhWyjx8bW9I7Aemoi6Di8=
Subject key identifier: AC:60:FF:73:35:F5:8C:1F:4B:0A:9E:7C:A9:3B:10:53:0A:88:37:07
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018920BB46E214DD1E01BB9126742E2C0BDF
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rGD_czX1jB9LCp58qTsQUwqINwc.roa
Signing time: Tue 04 Jul 2023 11:48:11 +0000
ROA not before: Tue 04 Jul 2023 11:48:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51722
IP address blocks: 194.87.119.0/24 maxlen: 24
194.135.30.0/24 maxlen: 24
192.124.182.0/24 maxlen: 24
194.87.181.0/24 maxlen: 24
193.124.201.0/24 maxlen: 24
193.124.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:20:bb:46:e2:14:dd:1e:01:bb:91:26:74:2e:2c:0b:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 4 11:48:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac60ff7335f58c1f4b0a9e7ca93b10530a883707
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:86:75:b6:2e:67:d3:fc:13:16:86:f4:59:64:
be:5d:30:06:d6:1f:a9:b1:98:22:a6:87:5e:e4:f2:
98:10:87:58:40:b1:47:04:68:dd:2c:38:82:1d:7a:
a1:b9:5d:c6:e7:f1:f6:00:01:38:78:b0:c2:8c:44:
65:f4:44:4d:9a:0e:c4:d1:1f:24:f7:ff:ba:bb:67:
03:2c:27:05:fe:0b:d7:fe:f8:8a:91:3f:4e:63:d9:
f6:dc:66:2b:f5:5e:6d:68:f1:77:72:84:8d:31:a6:
c6:8c:b5:40:eb:cc:65:26:bc:84:36:a5:94:a5:9f:
a6:d3:e7:ac:b9:35:74:16:f0:15:ca:70:97:b1:f2:
c2:f6:64:b5:0b:ed:91:0b:b4:a2:cf:b4:51:28:1c:
6f:56:d3:0e:4d:73:4f:be:e9:a8:10:6c:3e:49:de:
95:7e:68:c6:98:06:7c:37:a4:f2:cc:22:30:e2:40:
a4:c4:9a:7e:03:be:62:4f:31:1a:41:db:3c:70:ae:
d6:64:9d:50:6e:99:17:b7:9e:a0:d0:f6:0b:92:01:
e0:bc:7a:28:54:38:22:00:09:d7:31:2d:07:99:28:
b7:a2:7a:6b:a2:c6:be:24:ca:11:33:20:c4:e7:6d:
8c:9a:c3:29:74:eb:e8:13:34:12:21:af:23:b3:36:
3b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:60:FF:73:35:F5:8C:1F:4B:0A:9E:7C:A9:3B:10:53:0A:88:37:07
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/rGD_czX1jB9LCp58qTsQUwqINwc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.182.0/24
193.124.94.0/24
193.124.201.0/24
194.87.119.0/24
194.87.181.0/24
194.135.30.0/24
Signature Algorithm: sha256WithRSAEncryption
49:78:61:6e:0a:ea:7a:b5:13:70:25:d9:ec:64:09:6e:a2:0e:
df:e4:1a:2f:8b:96:bc:1c:3b:1d:1a:2b:8f:0a:e4:54:48:f5:
35:e3:6c:32:48:ae:2e:1a:7b:e1:74:67:b1:69:b0:6d:37:48:
9b:ad:a1:3b:1b:9f:c0:3f:5c:ff:07:37:ae:3c:2d:21:40:33:
01:4e:85:c0:c6:4c:21:3d:63:a3:f5:9e:26:2c:91:fa:48:be:
62:c5:2e:c3:a5:c6:62:89:3e:45:f5:2e:b3:21:b2:5b:32:34:
ed:46:cd:87:e8:b2:e4:8a:2d:6d:92:95:f1:7e:35:58:51:ca:
02:a3:37:14:99:dd:e8:1f:3c:0f:e9:ae:32:c8:27:ff:78:ab:
9a:61:67:39:8f:27:8b:e2:db:16:74:72:e2:8c:a7:87:e8:be:
0e:73:8e:c2:75:fb:56:f6:50:32:ff:00:59:c1:9c:a2:c9:d6:
4c:b1:25:02:09:c8:a0:6a:fc:33:39:1f:a8:db:9c:bf:2a:79:
82:16:17:d6:50:13:00:db:9c:e0:1e:d9:20:2d:4c:80:a9:b1:
72:dd:02:eb:e9:0e:90:56:d7:eb:9d:d7:3c:6c:75:7a:d4:65:
5b:81:6e:bb:97:21:fd:cc:22:ff:ea:ba:e2:57:77:a5:3b:4e:
6d:61:89:ae
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYkgu0biFN0eAbuRJnQuLAvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNzA0MTE0ODExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzYwZmY3MzM1ZjU4YzFmNGIwYTllN2NhOTNiMTA1MzBhODgzNzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioZ1ti5n0/wTFob0WWS+XTAG1h+p
sZgipode5PKYEIdYQLFHBGjdLDiCHXqhuV3G5/H2AAE4eLDCjERl9ERNmg7E0R8k
9/+6u2cDLCcF/gvX/viKkT9OY9n23GYr9V5taPF3coSNMabGjLVA68xlJryENqWU
pZ+m0+esuTV0FvAVynCXsfLC9mS1C+2RC7Siz7RRKBxvVtMOTXNPvumoEGw+Sd6V
fmjGmAZ8N6TyzCIw4kCkxJp+A75iTzEaQds8cK7WZJ1QbpkXt56g0PYLkgHgvHoo
VDgiAAnXMS0HmSi3onprosa+JMoRMyDE522MmsMpdOvoEzQSIa8jszY7dwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKxg/3M19YwfSwqefKk7EFMKiDcHMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvckdEX2N6WDFqQjlMQ3A1OHFUc1FVd3FJTndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwHy2AwQA
wXxeAwQAwXzJAwQAwld3AwQAwle1AwQAwoceMA0GCSqGSIb3DQEBCwUAA4IBAQBJ
eGFuCup6tRNwJdnsZAluog7f5Bovi5a8HDsdGiuPCuRUSPU142wySK4uGnvhdGex
abBtN0ibraE7G5/AP1z/BzeuPC0hQDMBToXAxkwhPWOj9Z4mLJH6SL5ixS7DpcZi
iT5F9S6zIbJbMjTtRs2H6LLkii1tkpXxfjVYUcoCozcUmd3oHzwP6a4yyCf/eKua
YWc5jyeL4tsWdHLijKeH6L4Oc47CdftW9lAy/wBZwZyiydZMsSUCCcigavwzOR+o
25y/KnmCFhfWUBMA25zgHtkgLUyAqbFy3QLr6Q6QVtfrndc8bHV61GVbgW67lyH9
zCL/6rriV3elO05tYYmu
-----END CERTIFICATE-----
Generated at Mon Jun 9 04:09:24 2025 by rpki-client