Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/APRGGs7v1XmJEdcF-IuqBfK3jQs.roa
File: APRGGs7v1XmJEdcF-IuqBfK3jQs.roa (raw, json)
Hash identifier: Ua9WZq7TybdVBZifotjj63cm3XDb22YO/cbCGqePEfM=
Subject key identifier: 00:F4:46:1A:CE:EF:D5:79:89:11:D7:05:F8:8B:AA:05:F2:B7:8D:0B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193C9CE067EEDF4C2FE039E640CE2E55614
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/APRGGs7v1XmJEdcF-IuqBfK3jQs.roa
Signing time: Sun 15 Dec 2024 10:12:22 +0000
ROA not before: Sun 15 Dec 2024 10:12:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.15.0/24 maxlen: 24
193.124.224.0/23 maxlen: 23
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.37.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:c9:ce:06:7e:ed:f4:c2:fe:03:9e:64:0c:e2:e5:56:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 15 10:12:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=00f4461aceefd5798911d705f88baa05f2b78d0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:9d:fd:b4:4a:ce:6b:9d:95:b0:39:8a:da:7b:
72:d1:7c:09:0a:d0:0d:31:c1:db:6b:79:5f:60:ce:
c9:bb:f9:6b:24:31:b8:7d:5d:3d:b0:b0:ed:e6:ab:
50:7a:77:07:81:d0:fa:2d:4e:cb:6c:b1:9d:05:e4:
50:3c:01:21:c7:9f:a6:42:3f:c7:be:7f:55:5f:a3:
16:7c:ed:e2:af:16:5f:1c:7e:1c:f5:e6:0b:02:8a:
9f:79:b0:20:06:a5:e9:17:0a:61:55:8c:6a:fd:c1:
eb:a3:26:ce:68:68:4d:1b:19:20:4a:71:b2:72:24:
5b:3d:db:5b:02:75:bf:65:28:2c:80:f9:4d:26:01:
a4:67:57:ae:e0:e8:14:a0:15:b4:1c:23:58:85:d6:
c6:32:c7:f5:cd:a6:55:7d:64:05:77:b9:e9:6d:94:
9f:1a:32:69:ac:83:e8:5e:10:fa:38:da:f6:e3:3a:
00:d1:a9:7e:66:5c:d2:8d:81:3d:12:34:55:40:16:
06:9f:ab:6e:6d:51:df:4d:ee:7c:9b:10:43:6e:1d:
a0:07:4e:10:45:da:ae:c9:2d:27:99:50:09:e8:ad:
d4:e7:06:38:0e:1a:04:e3:e3:f0:c0:c5:cd:ed:b5:
e5:34:8e:7d:5a:55:a1:ea:d1:12:b0:a1:95:ea:8f:
78:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:F4:46:1A:CE:EF:D5:79:89:11:D7:05:F8:8B:AA:05:F2:B7:8D:0B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/APRGGs7v1XmJEdcF-IuqBfK3jQs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.15.0/24
193.124.224.0/23
194.58.155.0/24
194.85.251.0/24
194.87.108.0/24
194.87.169.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.37.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
4d:c4:a0:24:62:a7:db:2f:24:3e:45:de:74:ca:54:22:ce:e2:
92:a9:e3:6b:d1:3e:1c:d9:67:1f:8f:f2:9b:93:bc:7f:8c:c9:
5c:ff:8c:f0:40:ab:04:a1:e4:45:29:1e:18:90:aa:48:0b:a3:
95:3d:3d:6f:d5:d5:06:05:16:12:5c:b8:d3:ef:bb:57:f7:20:
47:7f:84:f9:68:f0:ba:3e:ba:61:d7:a0:00:da:5e:44:b5:eb:
0b:a0:9b:c7:75:82:57:54:f7:f4:4e:60:cf:cb:d2:ab:4d:a4:
79:98:ed:13:33:54:ef:94:b7:ca:ad:17:77:0c:4b:9b:38:58:
6f:66:66:32:eb:35:32:45:19:8e:fa:a2:da:1a:77:8e:62:11:
ea:48:0b:90:e9:51:21:1e:aa:e7:91:07:ed:e6:f5:69:9d:d6:
73:2b:cd:df:97:05:a6:e6:cd:0a:7d:e8:2b:09:30:fc:13:48:
a0:99:43:f6:e9:ea:0f:c3:40:b5:00:8c:9c:5b:c5:98:54:b8:
8d:68:1a:e0:a3:4a:cf:83:02:94:9a:e6:82:ac:20:f1:a3:e7:
47:bc:69:5c:ff:10:03:ee:31:e0:17:12:75:99:b9:4c:7f:bd:
16:af:1a:f0:86:43:51:38:5a:62:34:77:29:2b:2d:17:26:5f:
32:f6:b2:c9
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAZPJzgZ+7fTC/gOeZAzi5VYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjE1MTAxMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY0NDYxYWNlZWZkNTc5ODkxMWQ3MDVmODhiYWEwNWYyYjc4ZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ39tErOa52VsDmK2nty0XwJCtAN
McHba3lfYM7Ju/lrJDG4fV09sLDt5qtQencHgdD6LU7LbLGdBeRQPAEhx5+mQj/H
vn9VX6MWfO3irxZfHH4c9eYLAoqfebAgBqXpFwphVYxq/cHroybOaGhNGxkgSnGy
ciRbPdtbAnW/ZSgsgPlNJgGkZ1eu4OgUoBW0HCNYhdbGMsf1zaZVfWQFd7npbZSf
GjJprIPoXhD6ONr24zoA0al+ZlzSjYE9EjRVQBYGn6tubVHfTe58mxBDbh2gB04Q
RdquyS0nmVAJ6K3U5wY4DhoE4+PwwMXN7bXlNI59WlWh6tESsKGV6o94uQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFAD0RhrO79V5iRHXBfiLqgXyt40LMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQVBSR0dzN3YxWG1KRWRjRi1JdXFCZkszalFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwWgQCAAEwVAMEAMF8DwME
AcF84AMEAMI6mwMEAMJV+wMEAMJXbAMEAMJXqQMEAMJX4AMEAMKHIQMEAcOFGAME
AMOFJQMEAcOFKAMEAcOFMgMEAcOFXAMEAdTBGjAUBAIAAjAOAwUDKgFXwAMFAyoM
/0AwDQYJKoZIhvcNAQELBQADggEBAE3EoCRip9svJD5F3nTKVCLO4pKp42vRPhzZ
Zx+P8puTvH+MyVz/jPBAqwSh5EUpHhiQqkgLo5U9PW/V1QYFFhJcuNPvu1f3IEd/
hPlo8Lo+umHXoADaXkS16wugm8d1gldU9/ROYM/L0qtNpHmY7RMzVO+Ut8qtF3cM
S5s4WG9mZjLrNTJFGY76otoad45iEepIC5DpUSEequeRB+3m9Wmd1nMrzd+XBabm
zQp96CsJMPwTSKCZQ/bp6g/DQLUAjJxbxZhUuI1oGuCjSs+DApSa5oKsIPGj50e8
aVz/EAPuMeAXEnWZuUx/vRavGvCGQ1E4WmI0dykrLRcmXzL2ssk=
-----END CERTIFICATE-----
Generated at Mon Jun 16 18:56:00 2025 by rpki-client