Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wNXzRf3L7J62DBNaLKnRe-slOiE.roa
File: wNXzRf3L7J62DBNaLKnRe-slOiE.roa (raw, json)
Hash identifier: DiCy5t6KHjcflEkZOQ9oupqkDHcDKQu8LKGIpqdVEcc=
Subject key identifier: C0:D5:F3:45:FD:CB:EC:9E:B6:0C:13:5A:2C:A9:D1:7B:EB:25:3A:21
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0190BF5B5F36A91F2B2D706461D25E552FD6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wNXzRf3L7J62DBNaLKnRe-slOiE.roa
Signing time: Wed 17 Jul 2024 06:22:34 +0000
ROA not before: Wed 17 Jul 2024 06:22:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 24875
IP address blocks: 192.124.209.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:bf:5b:5f:36:a9:1f:2b:2d:70:64:61:d2:5e:55:2f:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jul 17 06:22:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c0d5f345fdcbec9eb60c135a2ca9d17beb253a21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:05:af:a6:99:aa:29:85:05:2f:30:98:e7:03:
7d:40:17:2d:6f:af:5d:9d:e3:22:6d:73:4f:40:7e:
af:e4:24:79:ef:53:d2:9f:6c:18:25:4f:ca:f4:e1:
0e:fc:c2:3a:85:f2:16:07:65:92:08:7a:02:3e:35:
9b:f6:90:cf:e3:89:54:ac:66:5c:1e:39:30:9b:e3:
74:bb:97:d2:68:66:6e:a8:6c:40:22:32:0e:7b:ce:
e3:c3:76:7c:d5:25:04:62:03:c8:78:a5:d5:cb:0b:
79:2c:1c:f4:d5:b4:db:e2:88:1d:47:5a:e3:6b:f0:
d4:d1:21:af:db:89:5b:f3:e8:2b:51:be:02:a5:2c:
82:1b:2f:fd:d6:28:5a:31:02:95:ae:a0:3c:13:2a:
4b:74:6e:ca:f6:da:92:ba:24:48:5f:cb:6a:55:9f:
72:9c:90:f6:2c:41:64:56:40:fe:be:b0:25:98:ed:
8b:da:96:d3:6b:79:c7:7c:e1:91:b4:ac:19:13:8c:
05:16:1f:49:dc:a3:f7:c9:ed:a6:7d:eb:14:d7:e9:
78:aa:59:9c:29:0d:17:a6:83:2d:f9:fe:a9:98:f5:
53:2a:4e:da:5a:3d:d8:8f:d8:fc:4b:44:33:be:0f:
a5:5a:aa:85:56:12:97:0d:42:54:21:19:81:41:55:
7a:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:D5:F3:45:FD:CB:EC:9E:B6:0C:13:5A:2C:A9:D1:7B:EB:25:3A:21
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wNXzRf3L7J62DBNaLKnRe-slOiE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.209.0/24
212.192.214.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:ad:0d:9e:38:c5:a3:00:0f:99:df:66:7b:38:3c:a2:40:7d:
51:79:31:78:d8:a4:60:9f:53:fc:6d:80:ec:70:9a:b3:18:3e:
d3:7f:aa:9a:5d:0b:14:ea:9a:45:ab:5d:fd:98:8c:ad:db:65:
a6:4d:c2:75:56:9e:4e:aa:5e:bb:84:f3:46:51:dc:9d:2c:2b:
c9:6e:49:bb:89:6f:a1:4d:ab:4d:bf:d1:00:66:58:47:c6:49:
6a:98:c9:5c:a9:6a:16:d3:3b:7d:83:68:1b:47:b9:44:4a:9f:
97:bc:92:68:81:9f:ed:62:c4:f1:21:34:37:d7:64:3f:94:b9:
a1:07:bf:dc:37:52:01:74:f9:01:47:3a:43:e7:28:61:6f:d2:
f2:0b:d4:2d:34:17:00:16:4d:92:c0:86:72:34:1f:b3:24:27:
de:cf:e1:e7:c9:36:08:fc:80:db:65:25:d3:68:92:f7:12:d1:
fd:54:c4:c9:a0:56:3e:b8:41:9e:24:bf:58:3f:44:bd:4d:94:
8c:f4:2f:93:2b:59:6b:bf:f7:dd:5c:7b:77:8b:86:20:48:de:
45:fa:da:b9:e7:d4:22:fa:fd:6f:71:c9:16:54:ee:61:e4:24:
72:7d:bb:bf:5a:51:cf:e3:c8:d0:df:07:2f:a0:7b:7e:fd:68:
29:58:5d:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZC/W182qR8rLXBkYdJeVS/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzE3MDYyMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGQ1ZjM0NWZkY2JlYzllYjYwYzEzNWEyY2E5ZDE3YmViMjUzYTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQWvppmqKYUFLzCY5wN9QBctb69d
neMibXNPQH6v5CR571PSn2wYJU/K9OEO/MI6hfIWB2WSCHoCPjWb9pDP44lUrGZc
Hjkwm+N0u5fSaGZuqGxAIjIOe87jw3Z81SUEYgPIeKXVywt5LBz01bTb4ogdR1rj
a/DU0SGv24lb8+grUb4CpSyCGy/91ihaMQKVrqA8EypLdG7K9tqSuiRIX8tqVZ9y
nJD2LEFkVkD+vrAlmO2L2pbTa3nHfOGRtKwZE4wFFh9J3KP3ye2mfesU1+l4qlmc
KQ0XpoMt+f6pmPVTKk7aWj3Yj9j8S0Qzvg+lWqqFVhKXDUJUIRmBQVV6cwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMDV80X9y+yetgwTWiyp0XvrJTohMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvd05YelJmM0w3SjYyREJOYUxLblJlLXNsT2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwHzRAwQA
1MDWMA0GCSqGSIb3DQEBCwUAA4IBAQArrQ2eOMWjAA+Z32Z7ODyiQH1ReTF42KRg
n1P8bYDscJqzGD7Tf6qaXQsU6ppFq139mIyt22WmTcJ1Vp5Oql67hPNGUdydLCvJ
bkm7iW+hTatNv9EAZlhHxklqmMlcqWoW0zt9g2gbR7lESp+XvJJogZ/tYsTxITQ3
12Q/lLmhB7/cN1IBdPkBRzpD5yhhb9LyC9QtNBcAFk2SwIZyNB+zJCfez+HnyTYI
/IDbZSXTaJL3EtH9VMTJoFY+uEGeJL9YP0S9TZSM9C+TK1lrv/fdXHt3i4YgSN5F
+tq559Qi+v1vcckWVO5h5CRyfbu/WlHP48jQ3wcvoHt+/WgpWF2s
-----END CERTIFICATE-----
Generated at Sat Apr 19 11:29:08 2025 by rpki-client