Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sSOS6MKhwlLDI05jO2AGmLq3kWs.roa
File: sSOS6MKhwlLDI05jO2AGmLq3kWs.roa (raw, json)
Hash identifier: 81jBEEY6nS1xEgpLqUQlWr0hTKHES2uGru8eysXDE+c=
Subject key identifier: B1:23:92:E8:C2:A1:C2:52:C3:23:4E:63:3B:60:06:98:BA:B7:91:6B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824F55E2E25CC49A33646F2515DEBA8
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sSOS6MKhwlLDI05jO2AGmLq3kWs.roa
Signing time: Thu 02 Jan 2025 17:51:38 +0000
ROA not before: Thu 02 Jan 2025 17:51:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58212
IP address blocks: 194.58.47.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:f5:5e:2e:25:cc:49:a3:36:46:f2:51:5d:eb:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b12392e8c2a1c252c3234e633b600698bab7916b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:d8:3e:de:b8:e6:22:32:f0:83:1c:61:a0:62:
dd:47:1e:fd:a9:fa:e1:8a:b9:f3:e3:29:84:cc:6e:
f5:2c:d2:fe:36:5b:96:b8:e5:cd:60:04:95:49:8a:
87:50:75:92:b8:9e:6e:68:1d:f0:a1:10:b2:d4:55:
41:1f:cc:ed:20:fc:1a:b1:30:2e:44:a2:23:10:2d:
e3:46:7f:0a:c8:86:71:b4:be:6c:27:0a:52:85:a1:
71:08:80:f1:53:73:d3:12:f9:19:dd:ff:22:90:67:
1e:2d:d9:f0:96:04:59:f0:83:9a:46:ca:14:e3:ba:
d0:d6:7c:a5:45:ec:60:9f:24:dc:3c:ea:40:93:c6:
97:98:17:bc:2b:35:5a:1c:3a:6f:c1:07:09:8f:ec:
76:a1:46:4c:15:0d:13:2f:08:8f:6a:37:ed:9c:93:
bb:02:49:73:74:92:ed:e6:73:c0:ab:19:df:34:e6:
bb:93:6f:8d:ad:58:bf:c9:41:46:8a:86:be:5f:26:
03:8c:c9:23:ce:bd:7d:32:1f:81:cc:f5:83:80:4c:
18:30:dc:34:3f:12:26:e8:ef:1d:ef:27:e3:94:16:
f3:a7:a9:b9:02:a8:28:de:75:ef:24:f0:83:24:ed:
e1:dc:67:d6:4a:a0:e2:ea:62:d3:cf:75:ff:b8:b9:
c5:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:23:92:E8:C2:A1:C2:52:C3:23:4E:63:3B:60:06:98:BA:B7:91:6B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sSOS6MKhwlLDI05jO2AGmLq3kWs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.58.47.0/24
Signature Algorithm: sha256WithRSAEncryption
32:ff:85:89:16:9d:30:fc:be:ef:92:4f:fb:f6:6c:65:ce:26:
0a:45:cc:9b:5c:35:f6:77:35:60:ac:3d:7e:55:6c:e8:6e:9c:
23:43:46:cb:8d:9d:17:4d:47:91:84:42:b6:40:6e:96:54:ed:
74:9c:23:31:2c:1b:16:a0:55:f1:17:a9:23:3c:6d:67:11:bd:
27:9f:da:cc:ce:93:77:69:7a:06:57:31:84:8e:a2:26:8d:8e:
96:63:aa:f3:c7:f9:8a:d5:4e:6b:37:9e:3c:40:af:f7:a0:9e:
d4:0a:12:60:fa:1b:2d:10:51:24:c9:81:44:8d:af:36:6e:f4:
9a:c0:31:69:12:69:7d:c7:f6:5e:db:3f:75:c6:06:92:81:3d:
1a:b1:c0:a7:bd:ad:74:c9:fb:a1:35:82:86:be:5d:0d:97:e7:
4e:5b:e5:3a:b2:12:41:83:c5:e2:80:42:b0:6d:03:74:2a:87:
e8:81:e4:68:ef:30:ae:ba:96:7d:37:1d:00:5b:c0:ac:f5:de:
e0:33:a4:c6:7e:3c:b5:0b:2e:bb:30:cd:e6:56:d9:c9:92:44:
c4:a5:98:8d:af:f1:b0:2f:f9:57:86:ab:7e:81:3b:83:e1:16:
48:ba:3d:c4:7e:60:e7:b9:a3:48:af:84:f2:13:08:55:51:c3:
0e:25:12:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJPVeLiXMSaM2RvJRXeuoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTIzOTJlOGMyYTFjMjUyYzMyMzRlNjMzYjYwMDY5OGJhYjc5MTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNg+3rjmIjLwgxxhoGLdRx79qfrh
irnz4ymEzG71LNL+NluWuOXNYASVSYqHUHWSuJ5uaB3woRCy1FVBH8ztIPwasTAu
RKIjEC3jRn8KyIZxtL5sJwpShaFxCIDxU3PTEvkZ3f8ikGceLdnwlgRZ8IOaRsoU
47rQ1nylRexgnyTcPOpAk8aXmBe8KzVaHDpvwQcJj+x2oUZMFQ0TLwiPajftnJO7
AklzdJLt5nPAqxnfNOa7k2+NrVi/yUFGioa+XyYDjMkjzr19Mh+BzPWDgEwYMNw0
PxIm6O8d7yfjlBbzp6m5Aqgo3nXvJPCDJO3h3GfWSqDi6mLTz3X/uLnFkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEjkujCocJSwyNOYztgBpi6t5FrMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvc1NPUzZNS2h3bExESTA1ak8yQUdtTHEza1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjovMA0G
CSqGSIb3DQEBCwUAA4IBAQAy/4WJFp0w/L7vkk/79mxlziYKRcybXDX2dzVgrD1+
VWzobpwjQ0bLjZ0XTUeRhEK2QG6WVO10nCMxLBsWoFXxF6kjPG1nEb0nn9rMzpN3
aXoGVzGEjqImjY6WY6rzx/mK1U5rN548QK/3oJ7UChJg+hstEFEkyYFEja82bvSa
wDFpEml9x/Ze2z91xgaSgT0ascCnva10yfuhNYKGvl0Nl+dOW+U6shJBg8XigEKw
bQN0KofogeRo7zCuupZ9Nx0AW8Cs9d7gM6TGfjy1Cy67MM3mVtnJkkTEpZiNr/Gw
L/lXhqt+gTuD4RZIuj3EfmDnuaNIr4TyEwhVUcMOJRI+
-----END CERTIFICATE-----
Generated at Sun Jun 8 20:19:51 2025 by rpki-client