Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SHNdBiomd3fD461YUXSCgf0OwMw.roa
File: SHNdBiomd3fD461YUXSCgf0OwMw.roa (raw, json)
Hash identifier: Ji9a9t1bluzFsl3Zfrio3wL16W+BOyRRUVOzHcxe7tc=
Subject key identifier: 48:73:5D:06:2A:26:77:77:C3:E3:AD:58:51:74:82:81:FD:0E:C0:CC
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019266855C757DBBF525F7BD5F03318E6EF7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SHNdBiomd3fD461YUXSCgf0OwMw.roa
Signing time: Mon 07 Oct 2024 10:27:48 +0000
ROA not before: Mon 07 Oct 2024 10:27:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 194.58.155.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
194.87.17.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
195.133.24.0/23 maxlen: 23
195.133.39.0/24 maxlen: 24
195.133.40.0/23 maxlen: 23
195.133.50.0/23 maxlen: 23
195.133.92.0/23 maxlen: 23
212.192.1.0/24 maxlen: 24
212.193.26.0/23 maxlen: 23
2a01:57c0::/29 maxlen: 29
2a0c:ff40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:66:85:5c:75:7d:bb:f5:25:f7:bd:5f:03:31:8e:6e:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Oct 7 10:27:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=48735d062a267777c3e3ad5851748281fd0ec0cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:07:44:de:47:56:4b:0f:ce:f1:81:3c:89:9c:
a0:f6:02:73:e3:66:cc:25:8f:24:e7:99:11:62:fa:
12:25:f5:ca:db:81:e0:cd:87:16:6f:12:dd:de:d4:
3a:6f:6c:9b:cc:73:3b:5a:d0:ce:2f:08:96:8c:64:
35:79:d1:1b:cb:e8:54:ed:1f:18:03:a7:49:ea:10:
81:37:49:12:24:97:f3:87:8c:87:01:1f:76:bc:b8:
9d:4d:02:05:c8:2f:d3:9c:7c:cd:b6:81:96:2e:ba:
03:21:ba:4f:e1:48:bf:58:5e:e7:66:06:1d:62:fc:
f0:a1:39:41:d6:af:e0:f8:91:20:7f:0c:0f:8c:6c:
97:eb:50:b8:fc:a2:58:7a:71:f1:c2:e3:c6:a6:fa:
9e:e4:70:63:78:59:77:d1:c9:ab:99:71:ab:84:36:
eb:01:1a:98:81:82:40:6f:f5:af:23:d3:54:cb:63:
6d:17:eb:df:dd:5e:38:32:19:c4:ec:12:5b:6b:7a:
aa:03:78:75:3c:a5:a3:15:9f:6e:23:57:b4:7d:00:
1b:45:a8:c3:c1:60:f6:6d:55:bf:ca:4a:b6:c7:1e:
87:a6:f1:d3:48:36:81:0d:be:88:97:95:79:00:9d:
05:5a:2d:ff:0b:d1:d7:ea:ad:35:ff:c7:88:25:b7:
3c:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:73:5D:06:2A:26:77:77:C3:E3:AD:58:51:74:82:81:FD:0E:C0:CC
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SHNdBiomd3fD461YUXSCgf0OwMw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.58.155.0/24
194.85.251.0/24
194.87.17.0/24
194.87.169.0/24
195.133.24.0/23
195.133.39.0-195.133.41.255
195.133.50.0/23
195.133.92.0/23
212.192.1.0/24
212.193.26.0/23
IPv6:
2a01:57c0::/29
2a0c:ff40::/29
Signature Algorithm: sha256WithRSAEncryption
26:73:3f:57:86:f5:85:3e:7a:30:66:bc:48:4c:7b:b0:58:78:
e5:5e:3b:8b:e9:9a:b4:a6:41:32:7d:34:5f:08:19:86:29:4d:
64:e5:76:d5:75:97:f6:d1:3e:4e:f7:04:cc:02:51:f8:9a:5b:
0f:cd:ac:8a:fd:58:44:e8:bc:df:f7:02:c5:2b:45:3d:49:c4:
19:52:c9:ad:94:bb:1e:93:dd:a6:12:b3:75:ce:24:da:89:2a:
b9:f5:9c:65:bb:96:d6:1c:46:df:48:b8:3b:ac:8a:c8:0f:3e:
85:5e:b1:de:6f:81:3d:36:02:b7:8f:5c:60:17:a5:02:3e:5e:
5f:b8:05:55:6b:0c:16:ac:04:e0:08:2c:e8:80:2a:f8:d3:54:
81:4a:d7:52:36:12:e5:fc:bf:0a:0c:6c:76:94:fe:f2:ee:54:
fb:a8:28:40:fd:34:19:79:29:29:4a:3f:0a:b1:1a:ee:bf:1c:
e2:71:69:81:57:82:36:73:1f:d3:9b:62:be:53:1f:02:57:7c:
50:ae:c5:03:68:d0:00:c2:93:f5:6d:4f:59:f4:17:cf:d0:06:
8f:28:c6:0e:28:94:15:20:4e:0b:c6:d7:34:84:a9:7d:63:50:
84:69:1f:b7:b4:21:72:bc:14:5e:1a:36:fd:e0:64:b9:e5:c5:
ac:38:5b:f8
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAZJmhVx1fbv1Jfe9XwMxjm73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMDA3MTAyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODczNWQwNjJhMjY3Nzc3YzNlM2FkNTg1MTc0ODI4MWZkMGVjMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwdE3kdWSw/O8YE8iZyg9gJz42bM
JY8k55kRYvoSJfXK24HgzYcWbxLd3tQ6b2ybzHM7WtDOLwiWjGQ1edEby+hU7R8Y
A6dJ6hCBN0kSJJfzh4yHAR92vLidTQIFyC/TnHzNtoGWLroDIbpP4Ui/WF7nZgYd
YvzwoTlB1q/g+JEgfwwPjGyX61C4/KJYenHxwuPGpvqe5HBjeFl30cmrmXGrhDbr
ARqYgYJAb/WvI9NUy2NtF+vf3V44MhnE7BJba3qqA3h1PKWjFZ9uI1e0fQAbRajD
wWD2bVW/ykq2xx6HpvHTSDaBDb6Il5V5AJ0FWi3/C9HX6q01/8eIJbc8GwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFEhzXQYqJnd3w+OtWFF0goH9DsDMMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvU0hOZEJpb21kM2ZENDYxWVVYU0NnZjBPd013LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBKBAIAATBEAwQAwjqbAwQA
wlX7AwQAwlcRAwQAwlepAwQBw4UYMAwDBADDhScDBAHDhSgDBAHDhTIDBAHDhVwD
BADUwAEDBAHUwRowFAQCAAIwDgMFAyoBV8ADBQMqDP9AMA0GCSqGSIb3DQEBCwUA
A4IBAQAmcz9XhvWFPnowZrxITHuwWHjlXjuL6Zq0pkEyfTRfCBmGKU1k5XbVdZf2
0T5O9wTMAlH4mlsPzayK/VhE6Lzf9wLFK0U9ScQZUsmtlLsek92mErN1ziTaiSq5
9Zxlu5bWHEbfSLg7rIrIDz6FXrHeb4E9NgK3j1xgF6UCPl5fuAVVawwWrATgCCzo
gCr401SBStdSNhLl/L8KDGx2lP7y7lT7qChA/TQZeSkpSj8KsRruvxzicWmBV4I2
cx/Tm2K+Ux8CV3xQrsUDaNAAwpP1bU9Z9BfP0AaPKMYOKJQVIE4Lxtc0hKl9Y1CE
aR+3tCFyvBReGjb94GS55cWsOFv4
-----END CERTIFICATE-----
Generated at Mon Jun 16 11:17:15 2025 by rpki-client