Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/zlE--j491HrJiiLqBZuRci5_jSM.roa
File: zlE--j491HrJiiLqBZuRci5_jSM.roa (raw, json)
Hash identifier: Y/ijAsv/ZuYLnUXwgaTnIsRptuNUQPXQagK7EiGKPyU=
Subject key identifier: CE:51:3E:FA:3E:3D:D4:7A:C9:8A:22:EA:05:9B:91:72:2E:7F:8D:23
Certificate issuer: /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial: 0194266A55E9ECCFFEB8050DDB077458172D
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/zlE--j491HrJiiLqBZuRci5_jSM.roa
Signing time: Thu 02 Jan 2025 09:48:10 +0000
ROA not before: Thu 02 Jan 2025 09:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 65632
IP address blocks: 188.125.163.0/24 maxlen: 24
188.125.164.0/24 maxlen: 24
188.125.165.0/24 maxlen: 24
188.125.166.0/24 maxlen: 24
188.125.170.0/24 maxlen: 24
188.125.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6a:55:e9:ec:cf:fe:b8:05:0d:db:07:74:58:17:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Validity
Not Before: Jan 2 09:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ce513efa3e3dd47ac98a22ea059b91722e7f8d23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:ad:c9:b2:d3:d4:e5:f2:ef:ac:95:50:69:e5:
a7:cf:27:bf:dd:21:e9:96:0a:9d:66:b9:36:d8:6c:
da:e0:52:f9:e6:9e:35:e0:1c:66:fb:73:73:70:0c:
b0:eb:68:09:23:49:89:11:ea:04:8e:0c:9c:f0:f9:
20:06:75:28:4c:31:0e:a6:f9:ae:81:b4:d7:2a:76:
b9:3d:19:f5:34:28:b3:95:43:5f:22:7c:cc:93:30:
38:ec:3e:b3:cf:af:ec:76:04:b5:d9:af:5c:aa:0b:
0a:c0:9d:0c:7b:e7:5b:99:4f:7d:7e:b0:36:96:f4:
93:ca:bb:bc:93:46:80:dd:20:67:b5:a6:f5:0f:84:
05:46:5b:a1:ae:51:8f:23:6b:10:69:10:0e:fd:16:
b5:6d:af:d1:ee:e8:2b:0b:56:28:1b:a6:bf:e7:bf:
c4:7a:17:48:9f:67:3e:8c:92:11:63:e5:b9:60:3a:
82:f1:f2:d8:d2:01:ab:78:7d:54:49:7b:2a:be:0c:
08:6c:ac:5c:cc:bd:c9:1a:cd:7d:e8:ae:e5:f2:47:
59:51:ae:b0:17:17:97:f1:48:f0:aa:a4:16:66:10:
ab:ac:55:94:81:5a:75:96:e4:3e:e8:79:4e:51:68:
0a:41:22:d7:97:0d:f1:ea:30:97:24:6d:2a:6e:ef:
0e:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:51:3E:FA:3E:3D:D4:7A:C9:8A:22:EA:05:9B:91:72:2E:7F:8D:23
X509v3 Authority Key Identifier:
keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/zlE--j491HrJiiLqBZuRci5_jSM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.125.163.0-188.125.166.255
188.125.170.0/24
188.125.174.0/24
Signature Algorithm: sha256WithRSAEncryption
30:6b:19:64:32:b2:bf:0a:bb:b7:1b:77:3c:4b:69:32:2c:2e:
e5:75:5d:20:ed:df:e9:e4:84:c6:06:ea:f6:d2:d8:24:85:7b:
bb:3a:85:6f:e6:8c:47:51:1c:b3:dc:30:f4:b7:63:34:49:25:
f0:c4:5e:1b:5c:66:d3:86:f9:9c:68:55:b3:93:bb:70:de:6d:
b3:a0:6b:b2:e8:d6:2f:59:9b:f8:6a:b1:65:98:0f:2f:6c:d9:
14:1e:5f:a1:e6:f5:df:9e:75:96:63:10:9a:c0:b4:d4:1d:e2:
e1:18:af:6e:06:35:a5:fa:93:e7:44:8d:2f:fe:57:3d:1b:b4:
0f:6b:7a:3d:d6:52:fc:ce:86:46:75:3d:d0:86:dc:72:fc:08:
60:8f:5f:b6:df:2b:64:63:91:ae:56:b3:a9:25:06:89:33:b4:
c6:af:42:8f:88:dd:99:ca:40:da:49:f6:a8:01:68:84:36:cb:
34:b0:d4:b7:61:d3:fb:9b:75:18:cb:76:79:87:a0:5d:8a:59:
ba:11:22:79:8a:99:2b:b6:7e:e5:2c:24:36:49:59:df:74:e9:
1d:c9:bf:b2:96:c7:78:a3:b4:31:9b:91:f9:e8:8e:0e:2a:be:
c2:26:e5:02:97:fe:c7:8e:20:97:cf:18:90:32:11:98:5b:71:
25:6e:ac:73
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQmalXp7M/+uAUN2wd0WBctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjUwMTAyMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTUxM2VmYTNlM2RkNDdhYzk4YTIyZWEwNTliOTE3MjJlN2Y4ZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAra3JstPU5fLvrJVQaeWnzye/3SHp
lgqdZrk22Gza4FL55p414Bxm+3NzcAyw62gJI0mJEeoEjgyc8PkgBnUoTDEOpvmu
gbTXKna5PRn1NCizlUNfInzMkzA47D6zz6/sdgS12a9cqgsKwJ0Me+dbmU99frA2
lvSTyru8k0aA3SBntab1D4QFRluhrlGPI2sQaRAO/Ra1ba/R7ugrC1YoG6a/57/E
ehdIn2c+jJIRY+W5YDqC8fLY0gGreH1USXsqvgwIbKxczL3JGs196K7l8kdZUa6w
FxeX8UjwqqQWZhCrrFWUgVp1luQ+6HlOUWgKQSLXlw3x6jCXJG0qbu8OawIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFM5RPvo+PdR6yYoi6gWbkXIuf40jMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvemxFLS1qNDkxSHJKaWlMcUJadVJjaTVfalNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAC8faMD
BAC8faYDBAC8faoDBAC8fa4wDQYJKoZIhvcNAQELBQADggEBADBrGWQysr8Ku7cb
dzxLaTIsLuV1XSDt3+nkhMYG6vbS2CSFe7s6hW/mjEdRHLPcMPS3YzRJJfDEXhtc
ZtOG+ZxoVbOTu3DebbOga7Lo1i9Zm/hqsWWYDy9s2RQeX6Hm9d+edZZjEJrAtNQd
4uEYr24GNaX6k+dEjS/+Vz0btA9rej3WUvzOhkZ1PdCG3HL8CGCPX7bfK2Rjka5W
s6klBokztMavQo+I3ZnKQNpJ9qgBaIQ2yzSw1Ldh0/ubdRjLdnmHoF2KWboRInmK
mSu2fuUsJDZJWd906R3Jv7KWx3ijtDGbkfnojg4qvsIm5QKX/seOIJfPGJAyEZhb
cSVurHM=
-----END CERTIFICATE-----
Generated at Mon Apr 21 06:46:25 2025 by rpki-client