Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/PnkpwqTCd3Qt4ULv9KEl981mn0w.roa
File: PnkpwqTCd3Qt4ULv9KEl981mn0w.roa (raw, json)
Hash identifier: xXU/qDWjlN+jBILU8GB24+1jflO1mJ4sSy03F02DQuE=
Subject key identifier: 3E:79:29:C2:A4:C2:77:74:2D:E1:42:EF:F4:A1:25:F7:CD:66:9F:4C
Certificate issuer: /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial: 0193890A8B67264DF9594A85544BE568207C
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/PnkpwqTCd3Qt4ULv9KEl981mn0w.roa
Signing time: Mon 02 Dec 2024 20:23:09 +0000
ROA not before: Mon 02 Dec 2024 20:23:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9009
IP address blocks: 193.106.96.0/23 maxlen: 23
193.106.96.0/24 maxlen: 24
193.106.97.0/24 maxlen: 24
194.242.26.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:89:0a:8b:67:26:4d:f9:59:4a:85:54:4b:e5:68:20:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Validity
Not Before: Dec 2 20:23:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3e7929c2a4c277742de142eff4a125f7cd669f4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:d0:53:4b:68:92:d4:fb:1c:a4:1a:ef:d3:ad:
72:36:29:f8:a0:25:9b:6e:d2:7f:d9:db:f2:f8:46:
1b:e5:93:1e:ca:b0:d6:38:de:8e:81:af:c4:78:3a:
5e:f6:2f:d6:ec:dc:04:72:63:21:5c:d0:6a:21:3b:
31:8a:1c:c3:44:a7:c4:41:72:b9:27:a8:8e:a2:53:
52:21:ed:b4:68:d7:3e:95:3e:d1:d8:e7:9b:58:4f:
19:4c:f7:c4:65:57:74:1d:49:4a:32:92:69:3b:5a:
77:ca:48:aa:d4:96:09:e0:7d:ff:00:51:1b:c0:9c:
eb:18:94:09:70:d3:8f:a3:9b:07:6b:a3:a7:dc:46:
b8:45:9b:cc:8e:a2:02:18:a1:f4:c7:39:fa:e6:45:
be:a5:48:d1:95:44:8e:82:52:85:9c:38:a3:4d:8f:
50:26:32:f1:e1:6d:97:ac:a0:4c:15:c4:17:1c:ec:
e9:82:65:bf:ff:09:60:ce:06:82:d0:6d:4c:d3:35:
ab:9b:3e:ed:60:7b:60:1d:44:33:97:8a:9b:f7:1f:
eb:33:25:f7:ee:03:cb:09:aa:a5:00:c9:e2:7b:78:
f8:2a:a0:a9:de:1a:25:44:db:c7:f1:db:78:2d:95:
64:08:19:c5:ed:b4:fd:88:b5:cd:88:ca:95:6a:6b:
58:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:79:29:C2:A4:C2:77:74:2D:E1:42:EF:F4:A1:25:F7:CD:66:9F:4C
X509v3 Authority Key Identifier:
keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/PnkpwqTCd3Qt4ULv9KEl981mn0w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.106.96.0/23
194.242.26.0/23
Signature Algorithm: sha256WithRSAEncryption
68:29:e2:da:e7:40:3f:15:39:c7:05:57:55:85:b1:89:cc:ff:
d8:b0:84:5d:fa:c3:58:ee:95:69:86:80:95:41:d2:3f:68:b8:
f8:c0:82:2f:62:55:fd:fd:70:35:c9:34:d7:04:05:3e:41:52:
72:c1:ad:3b:40:70:6d:fd:ed:9f:da:1b:c4:ff:19:50:40:17:
b4:f3:41:eb:f6:48:e7:1f:40:39:36:73:b2:ff:fb:5f:3b:ca:
7a:cb:5b:6b:ed:db:25:0d:b3:0e:8e:a7:6a:e4:b5:a9:cd:3a:
ac:36:04:29:f2:56:22:1c:82:e9:91:f0:e5:68:65:0d:c5:67:
63:11:6d:8c:78:49:f9:84:1f:42:c6:04:3f:65:be:63:2a:ac:
13:20:60:d4:a7:70:de:b3:c9:67:ed:18:20:af:9c:96:9a:8b:
ba:fc:40:b8:fc:a0:8d:dd:28:77:a6:62:d1:e3:74:e0:b0:7d:
09:6f:eb:0b:a4:aa:85:9e:50:cd:84:a6:df:3b:5a:30:61:16:
c9:d6:b2:9f:ca:d4:81:3a:77:55:1f:c4:86:33:7d:f9:53:02:
83:3a:e7:6f:74:c7:5f:b7:ea:07:dc:14:31:ed:3d:84:12:1d:
a7:12:84:8b:64:1a:cb:1e:36:c6:d2:1f:f0:fa:35:ea:47:07:
7b:5c:19:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZOJCotnJk35WUqFVEvlaCB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQxMjAyMjAyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc5MjljMmE0YzI3Nzc0MmRlMTQyZWZmNGExMjVmN2NkNjY5ZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dBTS2iS1PscpBrv061yNin4oCWb
btJ/2dvy+EYb5ZMeyrDWON6Oga/EeDpe9i/W7NwEcmMhXNBqITsxihzDRKfEQXK5
J6iOolNSIe20aNc+lT7R2OebWE8ZTPfEZVd0HUlKMpJpO1p3ykiq1JYJ4H3/AFEb
wJzrGJQJcNOPo5sHa6On3Ea4RZvMjqICGKH0xzn65kW+pUjRlUSOglKFnDijTY9Q
JjLx4W2XrKBMFcQXHOzpgmW//wlgzgaC0G1M0zWrmz7tYHtgHUQzl4qb9x/rMyX3
7gPLCaqlAMnie3j4KqCp3holRNvH8dt4LZVkCBnF7bT9iLXNiMqVamtYGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD55KcKkwnd0LeFC7/ShJffNZp9MMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvUG5rcHdxVENkM1F0NFVMdjlLRWw5ODFtbjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwWpgAwQB
wvIaMA0GCSqGSIb3DQEBCwUAA4IBAQBoKeLa50A/FTnHBVdVhbGJzP/YsIRd+sNY
7pVphoCVQdI/aLj4wIIvYlX9/XA1yTTXBAU+QVJywa07QHBt/e2f2hvE/xlQQBe0
80Hr9kjnH0A5NnOy//tfO8p6y1tr7dslDbMOjqdq5LWpzTqsNgQp8lYiHILpkfDl
aGUNxWdjEW2MeEn5hB9CxgQ/Zb5jKqwTIGDUp3Des8ln7Rggr5yWmou6/EC4/KCN
3Sh3pmLR43TgsH0Jb+sLpKqFnlDNhKbfO1owYRbJ1rKfytSBOndVH8SGM335UwKD
OudvdMdft+oH3BQx7T2EEh2nEoSLZBrLHjbG0h/w+jXqRwd7XBnV
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:59:16 2025 by rpki-client