Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tRRaXpoov-Ee44ayrmNNyYCeS8E.roa
File: tRRaXpoov-Ee44ayrmNNyYCeS8E.roa (raw, json)
Hash identifier: XfBTtSomNCxKrUTvu2BmyafOiFR/P7q1mmnFofb1+GE=
Subject key identifier: B5:14:5A:5E:9A:28:BF:E1:1E:E3:86:B2:AE:63:4D:C9:80:9E:4B:C1
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019428250EA45AE589E277039E9AD9205254
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tRRaXpoov-Ee44ayrmNNyYCeS8E.roa
Signing time: Thu 02 Jan 2025 17:51:44 +0000
ROA not before: Thu 02 Jan 2025 17:51:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213028
IP address blocks: 194.135.124.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:0e:a4:5a:e5:89:e2:77:03:9e:9a:d9:20:52:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b5145a5e9a28bfe11ee386b2ae634dc9809e4bc1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:e7:20:d1:c3:d4:2c:99:2b:d2:c5:92:56:a3:
e1:1a:a4:35:01:49:ec:b5:e0:ac:e5:63:5b:26:1d:
8f:b5:76:a4:47:0b:bb:3e:92:f6:53:60:be:77:16:
f8:9d:33:bf:c7:55:4a:f0:66:cd:31:94:61:af:57:
a6:ab:51:37:3c:92:ef:26:6f:3e:9b:ca:93:90:48:
bd:c0:76:00:95:c7:b0:30:9b:98:37:b9:8a:da:eb:
3f:75:c1:40:28:78:fd:58:3a:12:de:4c:92:3c:34:
eb:1c:81:49:5a:e0:06:a4:ee:d1:e0:b9:2e:1c:45:
32:7b:f9:81:be:bb:99:fe:af:fd:28:12:ca:96:d1:
8e:f5:18:82:33:44:63:c5:69:bb:b6:68:a5:a3:36:
79:d8:33:03:03:6f:79:60:09:e9:f8:ec:39:21:74:
3d:4c:b7:55:2b:28:4e:ed:4b:63:71:05:17:f6:ff:
41:3b:9d:92:59:7f:d9:91:27:95:8c:7b:db:ed:e8:
67:04:74:ee:f4:71:79:be:5b:32:62:57:67:29:a5:
cb:85:09:cf:a2:05:98:06:5e:14:f6:33:8a:50:13:
64:d9:ec:61:11:b3:00:90:a8:cc:6b:65:33:6a:bb:
b1:c7:10:82:3a:72:ad:7c:74:15:bb:9c:53:49:d3:
93:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:14:5A:5E:9A:28:BF:E1:1E:E3:86:B2:AE:63:4D:C9:80:9E:4B:C1
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tRRaXpoov-Ee44ayrmNNyYCeS8E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.135.124.0/24
Signature Algorithm: sha256WithRSAEncryption
3e:35:bd:23:f5:a9:30:49:69:88:93:4c:f9:af:94:ed:d3:ac:
44:66:f9:d2:20:cf:c4:7c:6f:e6:df:a9:a8:58:cc:4f:89:df:
87:10:1f:42:0b:fb:72:95:49:0b:38:86:d3:6a:56:93:73:54:
0b:d0:e8:c8:f8:30:32:60:a6:75:70:9b:ad:26:c6:68:68:32:
db:2c:5a:22:71:dd:22:47:11:45:1a:55:a7:05:9e:77:c6:79:
80:02:90:27:f6:72:6f:6d:06:cf:c6:99:0d:61:0a:ef:5e:9b:
08:ab:f4:8b:e6:78:40:4b:3c:36:3b:ea:73:d4:77:03:4c:bd:
19:16:2a:b0:e8:22:86:42:81:a7:63:44:f4:0d:da:e0:ff:22:
32:68:cd:1b:33:76:f9:6a:9a:6d:b8:d6:ed:3f:46:85:ec:8a:
06:e9:3f:b6:1a:f0:44:aa:ed:b0:a9:5e:6c:73:6e:33:a4:ea:
9a:35:97:66:15:39:a2:01:c7:59:24:9e:a3:4c:be:b4:50:4d:
01:2c:e0:af:13:ba:fc:ab:06:61:71:51:89:4c:45:dd:bf:bb:
61:ed:b9:bb:43:23:c0:18:e1:38:7c:31:cd:39:43:ab:07:19:
e7:1a:0e:1c:fc:0e:d4:3e:ca:da:6f:4c:84:db:c6:6e:2a:34:
48:a5:c6:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQ6kWuWJ4ncDnprZIFJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE0NWE1ZTlhMjhiZmUxMWVlMzg2YjJhZTYzNGRjOTgwOWU0YmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Ocg0cPULJkr0sWSVqPhGqQ1AUns
teCs5WNbJh2PtXakRwu7PpL2U2C+dxb4nTO/x1VK8GbNMZRhr1emq1E3PJLvJm8+
m8qTkEi9wHYAlcewMJuYN7mK2us/dcFAKHj9WDoS3kySPDTrHIFJWuAGpO7R4Lku
HEUye/mBvruZ/q/9KBLKltGO9RiCM0RjxWm7tmilozZ52DMDA295YAnp+Ow5IXQ9
TLdVKyhO7UtjcQUX9v9BO52SWX/ZkSeVjHvb7ehnBHTu9HF5vlsyYldnKaXLhQnP
ogWYBl4U9jOKUBNk2exhEbMAkKjMa2UzaruxxxCCOnKtfHQVu5xTSdOT0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUUWl6aKL/hHuOGsq5jTcmAnkvBMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdFJSYVhwb292LUVlNDRheXJtTk55WUNlUzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwod8MA0G
CSqGSIb3DQEBCwUAA4IBAQA+Nb0j9akwSWmIk0z5r5Tt06xEZvnSIM/EfG/m36mo
WMxPid+HEB9CC/tylUkLOIbTalaTc1QL0OjI+DAyYKZ1cJutJsZoaDLbLFoicd0i
RxFFGlWnBZ53xnmAApAn9nJvbQbPxpkNYQrvXpsIq/SL5nhASzw2O+pz1HcDTL0Z
Fiqw6CKGQoGnY0T0Ddrg/yIyaM0bM3b5apptuNbtP0aF7IoG6T+2GvBEqu2wqV5s
c24zpOqaNZdmFTmiAcdZJJ6jTL60UE0BLOCvE7r8qwZhcVGJTEXdv7th7bm7QyPA
GOE4fDHNOUOrBxnnGg4c/A7UPsrab0yE28ZuKjRIpcav
-----END CERTIFICATE-----
Generated at Fri Apr 18 20:21:18 2025 by rpki-client