Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sY9f4r82BbsfPa59KlJojP61TjQ.roa
File: sY9f4r82BbsfPa59KlJojP61TjQ.roa (raw, json)
Hash identifier: 7RKLKwqeDo13+8S/HSfb4I0NJjZ+OQzKOvcJFafvC4g=
Subject key identifier: B1:8F:5F:E2:BF:36:05:BB:1F:3D:AE:7D:2A:52:68:8C:FE:B5:4E:34
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193D143D12B2FF70562B8AF9E6ACFE46EFE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sY9f4r82BbsfPa59KlJojP61TjQ.roa
Signing time: Mon 16 Dec 2024 20:58:22 +0000
ROA not before: Mon 16 Dec 2024 20:58:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8100
IP address blocks: 193.124.227.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:d1:43:d1:2b:2f:f7:05:62:b8:af:9e:6a:cf:e4:6e:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 16 20:58:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b18f5fe2bf3605bb1f3dae7d2a52688cfeb54e34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:11:dc:42:6a:9d:de:e3:0b:07:87:af:ad:53:
8d:58:fe:c6:37:bb:58:e6:1d:0f:13:4d:04:bf:6c:
9b:5f:d2:e0:f4:27:6b:a8:64:1f:a1:e7:52:ec:e8:
e8:a4:91:e3:aa:4f:82:b3:7a:9f:c2:63:07:25:a8:
a8:c1:fd:c1:cb:57:50:61:bf:d3:53:60:a3:6c:bf:
b4:c6:c4:a6:e6:34:34:a8:47:34:38:e2:f7:4e:75:
1f:53:8d:66:5a:77:c8:be:00:df:9e:2b:6a:93:38:
49:e0:69:e8:fc:87:d0:4f:eb:ae:c8:9b:3f:4c:72:
7a:72:94:32:f0:87:33:b9:12:05:7e:79:e8:f0:68:
b0:29:eb:73:7e:a8:a2:8f:ac:84:0a:79:9f:e3:80:
02:e3:3e:1d:e9:9f:a5:ee:2c:ac:35:7b:e3:8c:f2:
5b:f9:95:7a:ca:d4:57:bf:0e:15:b0:12:f7:be:30:
27:01:1d:77:33:c2:e3:84:dc:50:89:da:1a:17:ef:
78:f3:cb:1c:2e:d3:68:be:36:41:6d:6f:74:73:7b:
74:76:d5:14:ab:cf:18:e9:58:ba:57:e9:c3:a1:48:
dc:61:f3:bd:88:cd:8b:53:a3:83:80:4e:21:2d:49:
18:aa:dd:8a:0d:1c:e8:9e:48:6a:0d:e0:ce:b0:65:
99:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:8F:5F:E2:BF:36:05:BB:1F:3D:AE:7D:2A:52:68:8C:FE:B5:4E:34
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sY9f4r82BbsfPa59KlJojP61TjQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.135.46.0/24
195.133.55.0/24
195.133.59.0/24
Signature Algorithm: sha256WithRSAEncryption
85:30:22:3b:4d:24:93:7e:5d:e4:f5:44:50:59:8d:6a:a7:50:
ba:10:92:7b:41:15:e9:21:99:2d:7c:96:34:2d:ac:83:10:3d:
62:7e:21:f3:25:fd:2f:6f:2b:40:9c:53:d3:be:82:7a:8a:91:
d4:ff:f8:2b:43:80:4d:2b:dc:e2:cc:c5:a0:fb:22:e7:7a:ae:
f8:22:3b:73:47:24:93:96:a7:91:9b:2b:86:66:8f:89:ee:20:
8e:3f:dc:ff:2a:3f:15:3e:6e:11:0b:c8:9b:82:87:03:4a:30:
a8:84:86:78:b3:86:88:8f:6b:38:a6:00:3f:57:63:c5:ee:54:
41:b4:b1:39:44:78:bd:fd:5f:57:1c:5c:25:60:81:7d:2a:de:
75:b1:46:49:8d:41:82:d9:51:7e:40:4f:47:8c:17:10:2b:ed:
21:0c:86:48:ba:cf:45:65:e5:44:3b:d2:7f:dd:e7:ab:2b:a0:
d4:9b:03:8a:26:91:26:41:08:f8:45:bc:a9:63:ec:86:dd:6d:
aa:64:29:4e:37:bc:0a:49:45:99:e9:a1:b9:58:0d:7b:a6:1a:
95:5e:fd:d3:69:01:6b:08:53:af:d7:64:5b:30:59:b1:fd:c5:
cd:cb:da:08:f4:01:79:24:bb:89:c1:9b:50:3f:70:2a:be:30:
a6:6a:41:50
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZPRQ9ErL/cFYrivnmrP5G7+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjE2MjA1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThmNWZlMmJmMzYwNWJiMWYzZGFlN2QyYTUyNjg4Y2ZlYjU0ZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBHcQmqd3uMLB4evrVONWP7GN7tY
5h0PE00Ev2ybX9Lg9CdrqGQfoedS7OjopJHjqk+Cs3qfwmMHJaiowf3By1dQYb/T
U2CjbL+0xsSm5jQ0qEc0OOL3TnUfU41mWnfIvgDfnitqkzhJ4Gno/IfQT+uuyJs/
THJ6cpQy8IczuRIFfnno8GiwKetzfqiij6yECnmf44AC4z4d6Z+l7iysNXvjjPJb
+ZV6ytRXvw4VsBL3vjAnAR13M8LjhNxQidoaF+9488scLtNovjZBbW90c3t0dtUU
q88Y6Vi6V+nDoUjcYfO9iM2LU6ODgE4hLUkYqt2KDRzonkhqDeDOsGWZLwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLGPX+K/NgW7Hz2ufSpSaIz+tU40MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvc1k5ZjRyODJCYnNmUGE1OUtsSm9qUDYxVGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwXzjAwQA
wocuAwQAw4U3AwQAw4U7MA0GCSqGSIb3DQEBCwUAA4IBAQCFMCI7TSSTfl3k9URQ
WY1qp1C6EJJ7QRXpIZktfJY0LayDED1ifiHzJf0vbytAnFPTvoJ6ipHU//grQ4BN
K9zizMWg+yLneq74IjtzRySTlqeRmyuGZo+J7iCOP9z/Kj8VPm4RC8ibgocDSjCo
hIZ4s4aIj2s4pgA/V2PF7lRBtLE5RHi9/V9XHFwlYIF9Kt51sUZJjUGC2VF+QE9H
jBcQK+0hDIZIus9FZeVEO9J/3eerK6DUmwOKJpEmQQj4RbypY+yG3W2qZClON7wK
SUWZ6aG5WA17phqVXv3TaQFrCFOv12RbMFmx/cXNy9oI9AF5JLuJwZtQP3AqvjCm
akFQ
-----END CERTIFICATE-----
Generated at Mon Apr 21 11:01:11 2025 by rpki-client