Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Q7LwAws8__sRXpUx41CDOmYfxzk.roa
File: Q7LwAws8__sRXpUx41CDOmYfxzk.roa (raw, json)
Hash identifier: SyzObVu1BUBOxu9ZvDBeHfEwib+gOE8XRV/W7Ue4uOw=
Subject key identifier: 43:B2:F0:03:0B:3C:FF:FB:11:5E:95:31:E3:50:83:3A:66:1F:C7:39
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01936F95D363F82EB757254BE20E1F41676C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Q7LwAws8__sRXpUx41CDOmYfxzk.roa
Signing time: Wed 27 Nov 2024 21:45:10 +0000
ROA not before: Wed 27 Nov 2024 21:45:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.89.0/24 maxlen: 24
194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.17.0/24 maxlen: 24
194.87.108.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
194.87.224.0/24 maxlen: 24
194.135.33.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.37.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.1.0/24 maxlen: 24
212.192.253.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:6f:95:d3:63:f8:2e:b7:57:25:4b:e2:0e:1f:41:67:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Nov 27 21:45:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=43b2f0030b3cfffb115e9531e350833a661fc739
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:57:34:d2:e9:18:d2:91:5a:65:38:34:17:33:
ef:8d:e5:fd:5a:e2:2f:3b:49:6a:4c:76:23:45:bc:
8f:d8:d3:da:8b:22:ca:da:39:18:e9:3d:38:24:08:
2e:80:de:83:18:f4:e6:40:ea:0a:02:12:66:09:57:
05:57:85:50:f7:14:f6:f1:d8:fc:7e:66:fb:21:ce:
31:25:89:db:6f:d7:ee:bb:e5:f4:c4:57:d3:c6:b5:
c9:1b:c8:64:d0:96:63:d4:1f:cf:c2:f1:41:7c:92:
d1:75:94:ea:6b:cc:15:6a:50:94:14:64:fd:fa:80:
31:32:5a:fc:d4:74:a0:58:7d:e5:51:6e:67:2b:97:
a4:8c:99:11:d5:22:9e:7d:c7:de:a1:33:b1:fc:ae:
fc:c2:93:72:38:e0:ea:7e:cc:81:de:66:17:3f:16:
bd:c9:46:dd:02:91:a7:06:c1:30:f3:00:11:46:70:
b1:aa:3b:fa:e1:5f:aa:12:e9:9e:18:8f:27:2f:bd:
06:0d:77:bc:51:0c:d6:c2:f0:03:d6:68:71:1f:90:
68:85:4a:ca:47:86:7c:82:0d:0e:8b:0c:14:5a:ac:
f5:e0:98:b8:5b:7f:6d:a2:34:df:52:05:de:ab:e7:
fb:51:17:20:c3:e8:27:17:fd:c3:05:ed:9a:7d:d1:
2b:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:B2:F0:03:0B:3C:FF:FB:11:5E:95:31:E3:50:83:3A:66:1F:C7:39
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Q7LwAws8__sRXpUx41CDOmYfxzk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.89.0/24
194.58.155.0/24
194.85.251.0/24
194.87.17.0/24
194.87.108.0/24
194.87.169.0/24
194.87.178.0/24
194.87.224.0/24
194.135.33.0/24
195.133.24.0/23
195.133.37.0/24
195.133.40.0/23
195.133.50.0/23
195.133.92.0/23
212.192.1.0/24
212.192.253.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
11:d8:0d:c5:5c:f5:38:cc:ea:d2:6b:ac:88:a2:2a:a2:2f:91:
e6:5b:9a:0a:43:eb:b2:29:cd:20:72:bf:c5:f3:26:d8:54:c8:
d4:47:63:63:c7:4c:db:eb:10:8c:2d:d2:08:77:b4:03:44:40:
e7:1f:8f:09:4c:7d:02:b8:6f:99:60:6a:5f:04:16:ab:16:eb:
a2:44:01:6f:6a:8b:ed:b1:b9:43:2e:89:0f:8b:ad:df:32:98:
06:ba:b6:ff:66:64:07:5f:62:d3:8c:96:10:3c:f1:48:9d:3f:
0c:b1:c3:2b:c4:fc:12:fa:c2:8f:ac:46:bd:14:ea:84:cb:e2:
98:12:45:70:87:70:f4:a6:89:4b:4d:1f:09:8e:97:c3:dd:ee:
94:cb:61:b1:b1:de:89:b0:58:bc:08:c4:88:be:90:1f:c1:98:
9e:6a:53:c6:7b:72:b4:7e:b2:99:52:d9:f6:1a:93:19:8d:e8:
24:c7:84:a2:40:c4:1f:23:a2:89:7e:f8:ee:c9:dd:9d:68:0f:
f8:5d:45:43:09:12:3f:fa:31:a7:26:ec:14:4a:6c:55:23:74:
36:74:6e:f5:ff:83:dd:4a:20:88:03:14:77:77:f9:7a:ad:e5:
2f:5f:2f:92:af:87:35:5a:b2:8e:46:e0:1a:4c:93:b4:4e:3d:
c3:3d:0a:7b
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgISAZNvldNj+C63VyVL4g4fQWdsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMTI3MjE0NTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2IyZjAwMzBiM2NmZmZiMTE1ZTk1MzFlMzUwODMzYTY2MWZjNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVc00ukY0pFaZTg0FzPvjeX9WuIv
O0lqTHYjRbyP2NPaiyLK2jkY6T04JAgugN6DGPTmQOoKAhJmCVcFV4VQ9xT28dj8
fmb7Ic4xJYnbb9fuu+X0xFfTxrXJG8hk0JZj1B/PwvFBfJLRdZTqa8wValCUFGT9
+oAxMlr81HSgWH3lUW5nK5ekjJkR1SKefcfeoTOx/K78wpNyOODqfsyB3mYXPxa9
yUbdApGnBsEw8wARRnCxqjv64V+qEumeGI8nL70GDXe8UQzWwvAD1mhxH5BohUrK
R4Z8gg0OiwwUWqz14Ji4W39tojTfUgXeq+f7URcgw+gnF/3DBe2afdEr6QIDAQAB
o4ICgjCCAn4wHQYDVR0OBBYEFEOy8AMLPP/7EV6VMeNQgzpmH8c5MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUTdMd0F3czhfX3NSWHBVeDQxQ0RPbVlmeHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGXBggrBgEFBQcBBwEB/wSBhzCBhDBsBAIAATBmAwQAwXxZ
AwQAwjqbAwQAwlX7AwQAwlcRAwQAwldsAwQAwlepAwQAwleyAwQAwlfgAwQAwoch
AwQBw4UYAwQAw4UlAwQBw4UoAwQBw4UyAwQBw4VcAwQA1MABAwQA1MD9AwQB1MEa
MBQEAgACMA4DBQMqAVfAAwUDKgz/QDANBgkqhkiG9w0BAQsFAAOCAQEAEdgNxVz1
OMzq0musiKIqoi+R5luaCkPrsinNIHK/xfMm2FTI1EdjY8dM2+sQjC3SCHe0A0RA
5x+PCUx9ArhvmWBqXwQWqxbrokQBb2qL7bG5Qy6JD4ut3zKYBrq2/2ZkB19i04yW
EDzxSJ0/DLHDK8T8EvrCj6xGvRTqhMvimBJFcIdw9KaJS00fCY6Xw93ulMthsbHe
ibBYvAjEiL6QH8GYnmpTxntytH6ymVLZ9hqTGY3oJMeEokDEHyOiiX747sndnWgP
+F1FQwkSP/oxpybsFEpsVSN0NnRu9f+D3UogiAMUd3f5eq3lL18vkq+HNVqyjkbg
GkyTtE49wz0Kew==
-----END CERTIFICATE-----
Generated at Tue Jun 17 11:10:32 2025 by rpki-client