Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tVRdqImQV-cx5xr2D8zNsP211v8.roa
File: tVRdqImQV-cx5xr2D8zNsP211v8.roa (raw, json)
Hash identifier: B4XGqVqrTAXJluQINtqwW9+vaA6X0PjEzWWwbVyItUg=
Subject key identifier: B5:54:5D:A8:89:90:57:E7:31:E7:1A:F6:0F:CC:CD:B0:FD:B5:D6:FF
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193C0B4B2E019B8A302432AEBD58E8A3D48
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tVRdqImQV-cx5xr2D8zNsP211v8.roa
Signing time: Fri 13 Dec 2024 15:48:07 +0000
ROA not before: Fri 13 Dec 2024 15:48:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201021
IP address blocks: 62.76.224.0/24 maxlen: 24
193.124.95.0/24 maxlen: 24
193.124.200.0/24 maxlen: 24
193.124.202.0/24 maxlen: 24
194.87.66.0/24 maxlen: 24
194.87.67.0/24 maxlen: 24
194.87.81.0/24 maxlen: 24
194.87.149.0/24 maxlen: 24
194.87.170.0/24 maxlen: 24
194.87.172.0/24 maxlen: 24
194.135.18.0/24 maxlen: 24
194.135.32.0/24 maxlen: 24
195.58.60.0/24 maxlen: 24
212.192.244.0/24 maxlen: 24
212.193.12.0/24 maxlen: 24
212.193.13.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:c0:b4:b2:e0:19:b8:a3:02:43:2a:eb:d5:8e:8a:3d:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 13 15:48:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b5545da8899057e731e71af60fcccdb0fdb5d6ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:bf:c8:fa:7a:3d:6d:d2:4f:83:c6:a1:a1:82:
d5:cb:52:29:1b:5f:c0:83:9f:7a:74:a6:49:65:3b:
04:95:fb:c4:11:68:a7:07:d1:d9:b1:4c:bb:c1:46:
75:28:2f:0f:2e:e0:ed:14:b1:08:9b:64:a8:b4:24:
d5:cb:a8:8f:4d:f9:a0:34:be:21:01:b9:38:76:a3:
51:bb:87:43:ef:cf:8c:93:ee:2b:c2:ca:8b:6d:aa:
08:21:6e:63:08:68:0e:c2:4d:46:70:4c:ca:5e:23:
08:52:c9:75:e7:4b:5b:fe:51:d9:f2:07:37:fe:3d:
c0:52:88:68:0e:fb:7b:56:f2:3b:b2:23:58:df:6f:
a7:74:56:8c:f9:46:9a:07:11:47:7a:e8:19:64:25:
0b:a1:0f:41:5c:c0:2d:a5:85:63:02:8c:36:b4:48:
65:4c:2a:b4:f7:9c:5e:30:d5:b1:ba:d6:eb:1a:9c:
93:7c:88:24:d1:81:ab:3c:4d:d2:cb:09:4a:4d:ee:
37:a3:8c:a9:cb:44:c9:3a:99:1c:fa:95:f8:36:d8:
39:5a:d8:06:14:38:ec:4e:f2:64:c6:2f:9f:91:1f:
10:50:58:ea:9c:da:d0:50:62:a9:99:a8:80:22:cf:
ca:0e:5d:13:da:be:8e:e5:d1:96:54:64:f4:fb:28:
eb:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:54:5D:A8:89:90:57:E7:31:E7:1A:F6:0F:CC:CD:B0:FD:B5:D6:FF
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tVRdqImQV-cx5xr2D8zNsP211v8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.224.0/24
193.124.95.0/24
193.124.200.0/24
193.124.202.0/24
194.87.66.0/23
194.87.81.0/24
194.87.149.0/24
194.87.170.0/24
194.87.172.0/24
194.135.18.0/24
194.135.32.0/24
195.58.60.0/24
212.192.244.0/24
212.193.12.0/23
Signature Algorithm: sha256WithRSAEncryption
59:07:b6:b7:a8:63:cb:72:d2:92:d2:b3:fd:04:be:ff:c6:19:
52:2c:cf:0c:b5:ab:0a:c4:ab:37:19:e5:fa:02:4a:4d:e0:7f:
b8:7e:2b:33:d7:cd:29:fb:6c:3d:32:55:47:69:e8:15:f8:cd:
50:98:12:04:c2:a4:07:2f:d1:a0:6c:d6:47:ec:4a:0d:7c:5e:
9f:1d:25:dc:14:35:ed:3e:40:bf:ed:7c:bb:4b:7b:55:ed:57:
4d:e8:55:a1:8e:33:a5:ed:d6:56:af:ca:30:9a:70:7b:03:2f:
b1:04:e2:77:56:a8:42:c4:7e:0e:94:77:bf:1e:dc:ab:67:e7:
ad:c4:60:c9:a2:71:c5:58:86:1e:60:8c:fe:8b:ab:ff:11:c1:
a0:d0:cf:d8:8a:03:51:36:84:21:33:4e:20:ba:bf:e2:33:73:
3c:a6:94:45:4c:f8:ac:82:0b:0f:ab:bd:71:8f:3e:6d:59:33:
52:e4:d2:f9:93:e0:d8:13:9d:44:1b:67:46:c3:bd:2d:08:70:
c5:0d:cc:ff:cd:d8:49:45:b3:60:f5:23:24:6a:8b:d1:ce:fe:
23:bf:e2:d1:b2:11:ff:87:de:ec:1c:fd:5d:40:6b:ca:0a:af:
13:43:26:6c:a2:a0:44:9d:79:8b:7c:f8:77:81:ec:04:5f:77:
3e:3b:db:93
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAZPAtLLgGbijAkMq69WOij1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjEzMTU0ODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTU0NWRhODg5OTA1N2U3MzFlNzFhZjYwZmNjY2RiMGZkYjVkNmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArr/I+no9bdJPg8ahoYLVy1IpG1/A
g596dKZJZTsElfvEEWinB9HZsUy7wUZ1KC8PLuDtFLEIm2SotCTVy6iPTfmgNL4h
Abk4dqNRu4dD78+Mk+4rwsqLbaoIIW5jCGgOwk1GcEzKXiMIUsl150tb/lHZ8gc3
/j3AUohoDvt7VvI7siNY32+ndFaM+UaaBxFHeugZZCULoQ9BXMAtpYVjAow2tEhl
TCq095xeMNWxutbrGpyTfIgk0YGrPE3SywlKTe43o4ypy0TJOpkc+pX4Ntg5WtgG
FDjsTvJkxi+fkR8QUFjqnNrQUGKpmaiAIs/KDl0T2r6O5dGWVGT0+yjrQwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFLVUXaiJkFfnMeca9g/MzbD9tdb/MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdFZSZHFJbVFWLWN4NXhyMkQ4ek5zUDIxMXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAPkzgAwQA
wXxfAwQAwXzIAwQAwXzKAwQBwldCAwQAwldRAwQAwleVAwQAwleqAwQAwlesAwQA
wocSAwQAwocgAwQAwzo8AwQA1MD0AwQB1MEMMA0GCSqGSIb3DQEBCwUAA4IBAQBZ
B7a3qGPLctKS0rP9BL7/xhlSLM8MtasKxKs3GeX6AkpN4H+4fisz180p+2w9MlVH
aegV+M1QmBIEwqQHL9GgbNZH7EoNfF6fHSXcFDXtPkC/7Xy7S3tV7VdN6FWhjjOl
7dZWr8owmnB7Ay+xBOJ3VqhCxH4OlHe/HtyrZ+etxGDJonHFWIYeYIz+i6v/EcGg
0M/YigNRNoQhM04gur/iM3M8ppRFTPisggsPq71xjz5tWTNS5NL5k+DYE51EG2dG
w70tCHDFDcz/zdhJRbNg9SMkaovRzv4jv+LRshH/h97sHP1dQGvKCq8TQyZsoqBE
nXmLfPh3gewEX3c+O9uT
-----END CERTIFICATE-----
Generated at Sat Apr 19 16:03:26 2025 by rpki-client