Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/543b15-fb1b-445f-8aa4-db4d714859b5/1/_sIbtKpVLPG3NkfEq2lFugl-Pgk.roa
File: _sIbtKpVLPG3NkfEq2lFugl-Pgk.roa (raw, json)
Hash identifier: t1F03oOX5EuX4PiAFfcWBgoCAV4DM0MIzGaYaB0mnpg=
Subject key identifier: FE:C2:1B:B4:AA:55:2C:F1:B7:36:47:C4:AB:69:45:BA:09:7E:3E:09
Certificate issuer: /CN=3e482fb3c9f9af470e4e48b6df382d3d50154661
Certificate serial: 0196331BC3AA6E46BF5792B26708544A74A9
Authority key identifier: 3E:48:2F:B3:C9:F9:AF:47:0E:4E:48:B6:DF:38:2D:3D:50:15:46:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Pkgvs8n5r0cOTki23zgtPVAVRmE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/543b15-fb1b-445f-8aa4-db4d714859b5/1/_sIbtKpVLPG3NkfEq2lFugl-Pgk.roa
Signing time: Mon 14 Apr 2025 07:02:59 +0000
ROA not before: Mon 14 Apr 2025 07:02:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56655
IP address blocks: 193.200.229.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:33:1b:c3:aa:6e:46:bf:57:92:b2:67:08:54:4a:74:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e482fb3c9f9af470e4e48b6df382d3d50154661
Validity
Not Before: Apr 14 07:02:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fec21bb4aa552cf1b73647c4ab6945ba097e3e09
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:19:4a:f8:e3:c3:c3:e5:4b:c8:63:df:25:ee:
24:5d:d3:69:8e:94:e9:e0:bf:4b:46:93:be:22:d4:
22:07:97:46:51:64:e6:8a:e1:9f:65:cc:4f:34:ca:
62:ef:e6:cc:db:1d:06:4c:11:bf:c9:38:9b:a5:99:
17:83:0e:2b:d0:e1:2d:73:34:7e:fc:19:2b:49:03:
cb:c5:b3:8d:ed:40:b2:c5:c2:56:0b:9c:73:5f:16:
48:46:92:28:99:19:42:1d:8c:3c:8e:c0:99:18:d5:
00:d7:3b:88:b1:5e:49:bf:f8:21:07:da:93:bf:9c:
cd:00:a4:ec:87:48:c5:17:4c:34:83:60:2f:2d:29:
c5:d8:52:1b:64:ef:25:33:89:44:68:96:e8:a3:be:
d7:38:2a:be:66:fe:65:6c:64:15:6d:da:93:d6:1c:
03:7b:71:fb:1d:b9:64:a6:bf:23:8c:f8:bf:b4:30:
f8:7e:06:ae:48:bf:c6:d9:c1:52:31:90:48:73:13:
2f:85:50:f7:6f:d6:2f:0d:32:9b:66:a9:36:cf:4b:
d7:a0:01:6f:ab:74:3c:e9:af:2e:38:04:89:42:11:
97:05:02:14:c1:b0:23:82:64:da:6c:59:a9:2e:ad:
7d:3a:f6:0e:93:dc:06:eb:31:ce:69:fb:c2:a3:c3:
5a:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:C2:1B:B4:AA:55:2C:F1:B7:36:47:C4:AB:69:45:BA:09:7E:3E:09
X509v3 Authority Key Identifier:
keyid:3E:48:2F:B3:C9:F9:AF:47:0E:4E:48:B6:DF:38:2D:3D:50:15:46:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pkgvs8n5r0cOTki23zgtPVAVRmE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/543b15-fb1b-445f-8aa4-db4d714859b5/1/_sIbtKpVLPG3NkfEq2lFugl-Pgk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/543b15-fb1b-445f-8aa4-db4d714859b5/1/Pkgvs8n5r0cOTki23zgtPVAVRmE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.200.229.0/24
Signature Algorithm: sha256WithRSAEncryption
66:87:95:f5:62:a6:68:65:8b:fc:67:ec:0c:ab:50:89:69:27:
00:d6:cf:0e:64:81:e8:f7:df:c3:7e:94:4b:36:82:60:ff:4c:
ee:57:95:e0:84:d6:be:81:e2:34:88:70:27:b1:ef:a1:fa:54:
a0:ac:3d:a1:11:cf:f2:a1:9c:6b:56:fe:1c:69:fd:7e:0b:45:
65:e1:3d:1f:a2:95:29:b8:08:e7:89:4c:bd:a1:6b:d1:20:14:
d6:c0:78:d5:df:21:e0:f7:8a:40:05:86:3f:f3:5d:6d:9c:4d:
b7:93:c9:da:97:8d:f9:21:1b:04:84:4d:b9:14:c9:07:71:12:
7e:bb:87:68:af:b9:f4:12:66:19:5a:07:ce:64:01:54:47:fb:
ac:e5:63:11:7a:03:26:9b:a8:cc:b0:e4:61:34:a6:e6:79:3c:
68:fb:d5:37:df:37:46:7a:51:14:d9:ab:c4:b1:d4:c0:f7:70:
5d:c1:fc:03:2d:ef:59:4a:91:3a:62:d3:f1:17:36:c5:b9:5e:
db:82:11:f5:47:d7:30:ec:9a:5f:cd:8f:b0:28:19:04:0f:22:
98:71:cf:09:0c:38:6f:a5:78:ff:9c:7c:eb:fd:27:2f:f2:c6:
4a:0b:a3:0d:5a:61:d9:39:7a:06:12:e9:41:a7:69:2f:d6:29:
e4:b1:b9:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYzG8Oqbka/V5KyZwhUSnSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNDgyZmIzYzlmOWFmNDcwZTRlNDhiNmRmMzgyZDNkNTAx
NTQ2NjEwHhcNMjUwNDE0MDcwMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWMyMWJiNGFhNTUyY2YxYjczNjQ3YzRhYjY5NDViYTA5N2UzZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxlK+OPDw+VLyGPfJe4kXdNpjpTp
4L9LRpO+ItQiB5dGUWTmiuGfZcxPNMpi7+bM2x0GTBG/yTibpZkXgw4r0OEtczR+
/BkrSQPLxbON7UCyxcJWC5xzXxZIRpIomRlCHYw8jsCZGNUA1zuIsV5Jv/ghB9qT
v5zNAKTsh0jFF0w0g2AvLSnF2FIbZO8lM4lEaJboo77XOCq+Zv5lbGQVbdqT1hwD
e3H7Hblkpr8jjPi/tDD4fgauSL/G2cFSMZBIcxMvhVD3b9YvDTKbZqk2z0vXoAFv
q3Q86a8uOASJQhGXBQIUwbAjgmTabFmpLq19OvYOk9wG6zHOafvCo8NaowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7CG7SqVSzxtzZHxKtpRboJfj4JMB8GA1UdIwQY
MBaAFD5IL7PJ+a9HDk5Itt84LT1QFUZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGtndnM4bjVyMGNPVGtpMjN6Z3RQVkFWUm1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81NDNiMTUtZmIxYi00NDVmLThhYTQt
ZGI0ZDcxNDg1OWI1LzEvX3NJYnRLcFZMUEczTmtmRXEybEZ1Z2wtUGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81NDNiMTUtZmIxYi00NDVmLThhYTQtZGI0ZDcxNDg1OWI1
LzEvUGtndnM4bjVyMGNPVGtpMjN6Z3RQVkFWUm1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjlMA0G
CSqGSIb3DQEBCwUAA4IBAQBmh5X1YqZoZYv8Z+wMq1CJaScA1s8OZIHo99/DfpRL
NoJg/0zuV5XghNa+geI0iHAnse+h+lSgrD2hEc/yoZxrVv4caf1+C0Vl4T0fopUp
uAjniUy9oWvRIBTWwHjV3yHg94pABYY/811tnE23k8nal435IRsEhE25FMkHcRJ+
u4dor7n0EmYZWgfOZAFUR/us5WMRegMmm6jMsORhNKbmeTxo+9U33zdGelEU2avE
sdTA93BdwfwDLe9ZSpE6YtPxFzbFuV7bghH1R9cw7JpfzY+wKBkEDyKYcc8JDDhv
pXj/nHzr/Scv8sZKC6MNWmHZOXoGEulBp2kv1inksbnX
-----END CERTIFICATE-----
Generated at Mon Apr 21 03:07:06 2025 by rpki-client