Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/s8YmkiSO_cNX7ObAiS9pw8ttOGc.roa
File: s8YmkiSO_cNX7ObAiS9pw8ttOGc.roa (raw, json)
Hash identifier: R/SqZ2uf68DNzfhDgso/E6Yskt93LgCApojI+qO719A=
Subject key identifier: B3:C6:26:92:24:8E:FD:C3:57:EC:E6:C0:89:2F:69:C3:CB:6D:38:67
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193AF3455F44B83E3D2F9F982068534796A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/s8YmkiSO_cNX7ObAiS9pw8ttOGc.roa
Signing time: Tue 10 Dec 2024 06:14:22 +0000
ROA not before: Tue 10 Dec 2024 06:14:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.89.0/24 maxlen: 24
193.124.224.0/23 maxlen: 23
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.17.0/24 maxlen: 24
194.87.23.0/24 maxlen: 24
194.87.105.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.192.0/22 maxlen: 22
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.37.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.1.0/24 maxlen: 24
212.192.2.0/24 maxlen: 24
212.192.16.0/21 maxlen: 21
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:af:34:55:f4:4b:83:e3:d2:f9:f9:82:06:85:34:79:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 10 06:14:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b3c62692248efdc357ece6c0892f69c3cb6d3867
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:e2:c4:03:87:91:5e:c9:14:39:10:48:e6:aa:
b9:49:36:2d:e9:05:54:bc:24:51:09:b7:0f:9a:c1:
f8:02:42:a8:cb:40:02:35:80:27:61:2c:ff:1b:67:
83:6a:69:5f:2d:26:a1:b3:5a:bc:ba:90:43:14:7e:
a2:8f:bd:6b:85:7d:ec:34:95:0b:97:66:a7:9f:95:
2a:70:9c:6f:75:cf:57:a0:84:00:81:13:f1:21:9f:
ea:9b:2a:f6:1f:37:1b:c6:d1:b2:3c:2b:b7:67:67:
ce:ec:ed:20:7e:fb:a9:eb:4c:1b:67:bb:bc:c1:f8:
c7:3f:7e:ef:ae:ec:fd:f0:78:95:ab:9d:fa:63:d6:
d9:0b:6a:4c:fc:f1:91:db:5b:cf:c9:04:20:55:3e:
58:af:02:57:2d:db:17:ea:a3:60:78:a8:8d:64:43:
89:20:a5:5b:6c:5d:bf:cd:86:3c:0a:22:cb:73:d9:
a0:4e:7b:6a:11:69:83:eb:e1:21:09:79:a6:a0:52:
ef:11:3e:7e:98:dd:8c:36:cd:df:2b:eb:9f:2f:95:
0d:05:46:d5:18:74:7c:e0:83:a7:ba:f7:f1:7e:4c:
58:7a:76:86:ed:6b:8c:3c:32:6a:db:d0:9e:b4:0e:
23:b6:d3:51:51:37:4d:f4:9a:7e:34:b7:27:ff:3c:
b2:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:C6:26:92:24:8E:FD:C3:57:EC:E6:C0:89:2F:69:C3:CB:6D:38:67
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/s8YmkiSO_cNX7ObAiS9pw8ttOGc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.89.0/24
193.124.224.0/23
194.58.155.0/24
194.85.251.0/24
194.87.17.0/24
194.87.23.0/24
194.87.105.0/24
194.87.108.0/24
194.87.169.0/24
194.87.192.0/22
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.37.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.1.0-212.192.2.255
212.192.16.0/21
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
61:6c:2b:fd:02:d3:19:66:f3:fa:16:eb:fb:d6:34:1b:93:5a:
65:1e:80:95:45:56:84:a5:b3:7b:a0:79:c1:e2:d8:ba:71:23:
82:75:47:2f:23:eb:e7:91:24:20:46:28:ae:d4:a4:a9:f4:0f:
d0:44:11:4d:9e:27:57:43:fc:e1:82:c8:0d:a5:19:47:e3:53:
ca:e3:a3:93:f4:f7:9b:16:93:c9:87:ce:ff:c5:81:c9:1a:5a:
09:5d:6a:73:66:8a:fc:a3:21:c7:4e:21:30:99:f2:51:69:38:
b2:31:bb:9f:2a:ee:d9:92:23:d0:86:3c:6a:b1:8b:25:5c:10:
8c:19:8e:dd:5f:43:a6:d0:f3:1b:75:53:66:53:ff:40:2e:01:
50:af:70:4d:19:1a:13:a0:cf:13:dc:d8:20:52:44:e9:f4:e9:
1a:0a:94:e5:4f:0d:bc:e9:e3:5b:3d:18:b4:12:7f:fb:24:df:
51:5f:3a:23:ea:d1:dd:8f:6b:d5:47:31:7e:a4:96:cb:eb:48:
22:6e:7d:e1:7a:18:69:34:6c:35:43:50:fb:d4:1a:42:7d:eb:
c0:2f:29:84:1b:50:da:44:cf:5a:8a:69:3f:0f:60:6e:07:e9:
cb:63:e4:52:4c:11:05:49:f2:f6:12:f2:94:1b:db:dd:a7:6f:
bf:3c:4b:dd
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgISAZOvNFX0S4Pj0vn5ggaFNHlqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjEwMDYxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2M2MjY5MjI0OGVmZGMzNTdlY2U2YzA4OTJmNjljM2NiNmQzODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uLEA4eRXskUORBI5qq5STYt6QVU
vCRRCbcPmsH4AkKoy0ACNYAnYSz/G2eDamlfLSahs1q8upBDFH6ij71rhX3sNJUL
l2ann5UqcJxvdc9XoIQAgRPxIZ/qmyr2HzcbxtGyPCu3Z2fO7O0gfvup60wbZ7u8
wfjHP37vruz98HiVq536Y9bZC2pM/PGR21vPyQQgVT5YrwJXLdsX6qNgeKiNZEOJ
IKVbbF2/zYY8CiLLc9mgTntqEWmD6+EhCXmmoFLvET5+mN2MNs3fK+ufL5UNBUbV
GHR84IOnuvfxfkxYenaG7WuMPDJq29CetA4jttNRUTdN9Jp+NLcn/zyyXQIDAQAB
o4ICnjCCApowHQYDVR0OBBYEFLPGJpIkjv3DV+zmwIkvacPLbThnMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvczhZbWtpU09fY05YN09iQWlTOXB3OHR0T0djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGzBggrBgEFBQcBBwEB/wSBozCBoDCBhwQCAAEwgYADBADB
fFkDBAHBfOADBADCOpsDBADCVfsDBADCVxEDBADCVxcDBADCV2kDBADCV2wDBADC
V6kDBALCV8ADBADCV+ADBADChyEDBAHDhRgDBADDhSUDBAHDhSgDBAHDhTIDBAHD
hVwwDAMEANTAAQMEANTAAgMEA9TAEAMEAdTBGjAUBAIAAjAOAwUDKgFXwAMFAyoM
/0AwDQYJKoZIhvcNAQELBQADggEBAGFsK/0C0xlm8/oW6/vWNBuTWmUegJVFVoSl
s3ugecHi2LpxI4J1Ry8j6+eRJCBGKK7UpKn0D9BEEU2eJ1dD/OGCyA2lGUfjU8rj
o5P095sWk8mHzv/FgckaWgldanNmivyjIcdOITCZ8lFpOLIxu58q7tmSI9CGPGqx
iyVcEIwZjt1fQ6bQ8xt1U2ZT/0AuAVCvcE0ZGhOgzxPc2CBSROn06RoKlOVPDbzp
41s9GLQSf/sk31FfOiPq0d2Pa9VHMX6klsvrSCJufeF6GGk0bDVDUPvUGkJ968Av
KYQbUNpEz1qKaT8PYG4H6ctj5FJMEQVJ8vYS8pQb292nb788S90=
-----END CERTIFICATE-----
Generated at Sat Apr 19 17:15:28 2025 by rpki-client