Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xqns5-y67GJ_APiEsm9gCP594YY.roa
File: xqns5-y67GJ_APiEsm9gCP594YY.roa (raw, json)
Hash identifier: Tazub9ViWrornGyib6hIQy3X7sXOO1T0jeh/g6aDleA=
Subject key identifier: C6:A9:EC:E7:EC:BA:EC:62:7F:00:F8:84:B2:6F:60:08:FE:7D:E1:86
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01939C4A6A9EF90A31CB2467077DC79E4CF5
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xqns5-y67GJ_APiEsm9gCP594YY.roa
Signing time: Fri 06 Dec 2024 14:05:42 +0000
ROA not before: Fri 06 Dec 2024 14:05:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215224
IP address blocks: 193.124.227.0/24 maxlen: 24
194.135.46.0/24 maxlen: 24
195.133.59.0/24 maxlen: 24
212.192.214.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:9c:4a:6a:9e:f9:0a:31:cb:24:67:07:7d:c7:9e:4c:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 6 14:05:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c6a9ece7ecbaec627f00f884b26f6008fe7de186
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:0a:21:83:af:09:1f:a5:50:2b:a2:e5:1f:eb:
8d:c9:16:a4:20:79:59:87:e8:54:c7:25:d6:3c:0f:
84:ea:1c:5d:11:27:20:61:be:21:83:5f:27:f6:f9:
07:d0:51:9d:6f:91:24:6d:84:8e:7d:b1:e6:9f:0c:
d3:b4:1a:75:fd:72:23:95:4f:5f:6c:fb:b8:00:3a:
a2:52:55:58:08:dd:ca:a4:02:12:c9:bd:90:84:e7:
9b:04:7c:32:b4:1b:44:b1:98:d3:27:ec:1f:2f:cf:
a1:38:cd:d4:e0:e5:eb:df:b0:4f:a5:cb:1d:40:13:
b7:98:4e:36:f5:98:f2:66:73:a1:97:3a:c6:f4:13:
33:ea:cf:fc:68:1f:2d:ff:00:50:5a:f3:a1:81:43:
ce:47:b8:a6:22:3b:5c:28:ca:f9:e4:ef:62:b7:c7:
6f:be:1c:ab:e3:68:91:8e:e2:fb:62:85:5a:f1:f2:
bd:2c:87:dd:26:7c:31:64:b6:08:bc:dc:54:31:02:
65:ac:47:e0:89:af:ce:b9:19:2a:1a:99:f5:87:1a:
08:05:f1:94:2d:ee:b7:99:a0:69:f9:d9:83:16:46:
da:2a:11:95:a8:a8:a6:4f:43:a2:00:29:90:25:45:
d7:f9:17:e7:90:5b:bb:a4:d4:f2:3b:68:26:80:c2:
dd:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:A9:EC:E7:EC:BA:EC:62:7F:00:F8:84:B2:6F:60:08:FE:7D:E1:86
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xqns5-y67GJ_APiEsm9gCP594YY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.227.0/24
194.135.46.0/24
195.133.59.0/24
212.192.214.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:5e:17:5c:99:ba:59:25:fb:4e:41:c5:e8:0a:84:79:52:0c:
08:01:27:f2:b7:bd:fb:ce:5d:33:3f:62:1f:37:e4:22:5c:e7:
6f:d5:3f:d9:f2:99:c3:14:4b:c9:50:a5:a3:67:d0:87:59:da:
8b:08:21:7c:de:68:03:5d:d8:48:e5:d2:02:1e:f3:27:ff:2e:
81:24:0f:91:18:42:8e:bb:fc:87:ae:96:85:6b:f9:2b:fd:58:
39:d7:3e:5f:2a:92:2b:c4:43:77:ed:e9:5e:22:31:8d:6a:0d:
f3:b6:00:a9:6a:8d:38:f8:77:c3:73:f0:51:7a:04:e5:44:04:
59:79:52:79:09:e3:e2:6d:68:3f:ea:f6:fa:5e:b1:9e:45:a1:
bc:3c:91:4f:48:17:65:be:d7:94:f2:22:98:2c:8c:d0:7e:8c:
d9:a7:79:7e:9a:8e:0f:17:28:14:bb:54:e4:e0:19:55:dd:a3:
15:c4:c4:af:cb:10:d8:48:23:f2:f4:f2:98:63:a9:2e:13:8c:
48:e8:41:a2:17:0d:4f:59:5d:a6:ed:4e:11:59:ce:dd:22:ed:
2e:50:10:51:b6:7e:a4:14:a2:ad:b2:43:85:57:da:e3:48:19:
68:7d:7f:13:c8:f1:92:ba:74:9a:4c:35:bc:f5:e9:a4:98:1e:
0c:1a:d3:ea
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZOcSmqe+QoxyyRnB33Hnkz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjA2MTQwNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmE5ZWNlN2VjYmFlYzYyN2YwMGY4ODRiMjZmNjAwOGZlN2RlMTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gohg68JH6VQK6LlH+uNyRakIHlZ
h+hUxyXWPA+E6hxdEScgYb4hg18n9vkH0FGdb5EkbYSOfbHmnwzTtBp1/XIjlU9f
bPu4ADqiUlVYCN3KpAISyb2QhOebBHwytBtEsZjTJ+wfL8+hOM3U4OXr37BPpcsd
QBO3mE429ZjyZnOhlzrG9BMz6s/8aB8t/wBQWvOhgUPOR7imIjtcKMr55O9it8dv
vhyr42iRjuL7YoVa8fK9LIfdJnwxZLYIvNxUMQJlrEfgia/OuRkqGpn1hxoIBfGU
Le63maBp+dmDFkbaKhGVqKimT0OiACmQJUXX+RfnkFu7pNTyO2gmgMLdCQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMap7OfsuuxifwD4hLJvYAj+feGGMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveHFuczUteTY3R0pfQVBpRXNtOWdDUDU5NFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwXzjAwQA
wocuAwQAw4U7AwQA1MDWMA0GCSqGSIb3DQEBCwUAA4IBAQCMXhdcmbpZJftOQcXo
CoR5UgwIASfyt737zl0zP2IfN+QiXOdv1T/Z8pnDFEvJUKWjZ9CHWdqLCCF83mgD
XdhI5dICHvMn/y6BJA+RGEKOu/yHrpaFa/kr/Vg51z5fKpIrxEN37eleIjGNag3z
tgCpao04+HfDc/BRegTlRARZeVJ5CePibWg/6vb6XrGeRaG8PJFPSBdlvteU8iKY
LIzQfozZp3l+mo4PFygUu1Tk4BlV3aMVxMSvyxDYSCPy9PKYY6kuE4xI6EGiFw1P
WV2m7U4RWc7dIu0uUBBRtn6kFKKtskOFV9rjSBlofX8TyPGSunSaTDW89emkmB4M
GtPq
-----END CERTIFICATE-----
Generated at Sat Apr 19 18:37:15 2025 by rpki-client