Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ja7Hk_qi8uuwcQSVDNakTSrrx3I.roa
File: Ja7Hk_qi8uuwcQSVDNakTSrrx3I.roa (raw, json)
Hash identifier: znenqZgIiHNuxLAdo/W4IkkK4/t9l9X+PCnHPnbJ99s=
Subject key identifier: 25:AE:C7:93:FA:A2:F2:EB:B0:71:04:95:0C:D6:A4:4D:2A:EB:C7:72
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0193BE2F7A954BD4DC060B9A0659CDAFC51F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ja7Hk_qi8uuwcQSVDNakTSrrx3I.roa
Signing time: Fri 13 Dec 2024 04:03:22 +0000
ROA not before: Fri 13 Dec 2024 04:03:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210974
IP address blocks: 212.192.3.0/24 maxlen: 24
212.192.11.0/24 maxlen: 24
212.193.8.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:be:2f:7a:95:4b:d4:dc:06:0b:9a:06:59:cd:af:c5:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 13 04:03:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=25aec793faa2f2ebb07104950cd6a44d2aebc772
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:f0:2f:b3:99:d9:0f:4d:cf:26:b4:f1:93:e8:
e0:19:73:47:5a:76:f4:75:71:f0:34:fd:22:0b:c8:
9d:5a:87:1a:05:d1:d1:19:24:a6:ea:c8:58:86:92:
45:59:68:33:3f:c5:45:46:a6:b5:39:5c:60:df:3b:
93:76:3e:d3:3a:a6:4a:f0:75:22:e1:81:7f:44:16:
38:6c:2f:6b:7b:eb:38:07:d2:bd:a4:39:86:08:0c:
10:b5:31:77:80:86:bd:5a:a4:94:d4:72:4e:f3:54:
39:a2:50:54:19:8b:d1:d4:64:04:13:7a:d2:62:be:
be:c2:70:97:f7:8c:0b:84:ca:39:d0:aa:a3:9a:3f:
99:fa:12:7c:63:e9:d3:fd:93:b0:df:e5:eb:37:7c:
82:4d:3b:73:3b:a1:e3:8b:13:cf:ba:67:d7:52:41:
ec:a9:e0:bf:25:c1:57:b8:44:31:96:b9:fa:8c:a9:
6b:e4:d4:a6:43:85:d7:15:7a:b6:f0:81:54:e4:d4:
19:28:6f:46:e5:c6:16:78:e8:c6:03:ff:f3:09:a4:
e5:d6:b6:96:c2:11:6a:e0:31:97:91:38:08:bd:4e:
2c:fc:53:ec:39:91:45:a3:1e:8e:01:71:76:06:da:
e9:75:9c:3d:7d:32:73:ec:1e:47:85:2c:f5:fa:51:
ce:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:AE:C7:93:FA:A2:F2:EB:B0:71:04:95:0C:D6:A4:4D:2A:EB:C7:72
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Ja7Hk_qi8uuwcQSVDNakTSrrx3I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.192.3.0/24
212.192.11.0/24
212.193.8.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:71:d7:2b:b2:61:59:f4:87:65:7b:da:78:ae:d9:e9:be:6e:
bd:f2:68:8d:d0:b2:6b:8b:55:34:93:98:3d:09:f5:fe:ec:47:
3c:e6:f0:8e:dc:40:da:f1:84:0d:5c:02:54:c0:d7:b8:c5:a6:
54:f3:d0:12:a6:03:ea:55:e2:93:f7:7a:19:d6:9e:9a:e9:9c:
35:cd:9c:cf:fb:8f:6c:91:0e:0e:49:2c:e4:a3:7c:54:83:dd:
32:af:8f:b7:98:98:ab:3b:2d:a3:9f:50:a1:6b:24:fb:14:26:
74:a0:e8:59:7d:18:f0:ce:a6:f5:7d:b7:3b:9b:93:c7:dd:b7:
00:5c:02:44:3a:f6:85:d6:04:46:5c:d5:85:b9:92:b6:25:cf:
04:e3:e9:97:2a:0b:02:1f:e0:7e:7e:b2:5d:e7:02:0e:d8:eb:
4d:6f:99:90:c0:02:1b:64:e0:e8:56:a9:89:0b:1e:8a:10:08:
a2:a6:31:3d:ce:31:b0:24:21:3d:14:b9:e2:51:e3:79:3b:ad:
a1:74:a2:4a:2b:c4:4d:58:42:22:7d:bd:98:d7:1f:d2:8d:2d:
b4:1d:8c:39:88:ad:0c:9e:f0:a0:f3:87:39:4a:87:68:4b:d8:
65:8f:d2:62:06:cd:93:5b:f4:03:7f:c9:d9:b4:7d:1e:e2:68:
b9:37:a3:73
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZO+L3qVS9TcBguaBlnNr8UfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjEzMDQwMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWFlYzc5M2ZhYTJmMmViYjA3MTA0OTUwY2Q2YTQ0ZDJhZWJjNzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvAvs5nZD03PJrTxk+jgGXNHWnb0
dXHwNP0iC8idWocaBdHRGSSm6shYhpJFWWgzP8VFRqa1OVxg3zuTdj7TOqZK8HUi
4YF/RBY4bC9re+s4B9K9pDmGCAwQtTF3gIa9WqSU1HJO81Q5olBUGYvR1GQEE3rS
Yr6+wnCX94wLhMo50Kqjmj+Z+hJ8Y+nT/ZOw3+XrN3yCTTtzO6HjixPPumfXUkHs
qeC/JcFXuEQxlrn6jKlr5NSmQ4XXFXq28IFU5NQZKG9G5cYWeOjGA//zCaTl1raW
whFq4DGXkTgIvU4s/FPsOZFFox6OAXF2BtrpdZw9fTJz7B5HhSz1+lHOdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCWux5P6ovLrsHEElQzWpE0q68dyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSmE3SGtfcWk4dXV3Y1FTVkROYWtUU3JyeDNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1MADAwQA
1MALAwQA1MEIMA0GCSqGSIb3DQEBCwUAA4IBAQAqcdcrsmFZ9Idle9p4rtnpvm69
8miN0LJri1U0k5g9CfX+7Ec85vCO3EDa8YQNXAJUwNe4xaZU89ASpgPqVeKT93oZ
1p6a6Zw1zZzP+49skQ4OSSzko3xUg90yr4+3mJirOy2jn1ChayT7FCZ0oOhZfRjw
zqb1fbc7m5PH3bcAXAJEOvaF1gRGXNWFuZK2Jc8E4+mXKgsCH+B+frJd5wIO2OtN
b5mQwAIbZODoVqmJCx6KEAiipjE9zjGwJCE9FLniUeN5O62hdKJKK8RNWEIifb2Y
1x/SjS20HYw5iK0MnvCg84c5SodoS9hlj9JiBs2TW/QDf8nZtH0e4mi5N6Nz
-----END CERTIFICATE-----
Generated at Mon Jun 16 22:17:04 2025 by rpki-client