Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/f17XsOelnLv14D2MxcnkT_qEXO0.roa
File: f17XsOelnLv14D2MxcnkT_qEXO0.roa (raw, json)
Hash identifier: GViu1Zb9VEVrgMcf85sKZbAbkO04U7X4KyyoX11Z/nU=
Subject key identifier: 7F:5E:D7:B0:E7:A5:9C:BB:F5:E0:3D:8C:C5:C9:E4:4F:FA:84:5C:ED
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018D9D9AC3900F75DE6D7F0373455D3A5BC1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/f17XsOelnLv14D2MxcnkT_qEXO0.roa
Signing time: Mon 12 Feb 2024 13:56:21 +0000
ROA not before: Mon 12 Feb 2024 13:56:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 193.124.5.0/24 maxlen: 24
193.124.7.0/24 maxlen: 24
193.124.95.0/24 maxlen: 24
193.124.200.0/24 maxlen: 24
193.124.202.0/24 maxlen: 24
193.124.207.0/24 maxlen: 24
194.87.22.0/24 maxlen: 24
194.87.32.0/24 maxlen: 24
194.87.81.0/24 maxlen: 24
194.87.149.0/24 maxlen: 24
194.87.170.0/24 maxlen: 24
194.87.172.0/24 maxlen: 24
194.87.201.0/24 maxlen: 24
194.135.18.0/24 maxlen: 24
195.58.54.0/24 maxlen: 24
195.58.60.0/24 maxlen: 24
195.133.25.0/24 maxlen: 24
195.133.72.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
195.133.192.0/24 maxlen: 24
212.192.1.0/24 maxlen: 24
212.193.13.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:9d:9a:c3:90:0f:75:de:6d:7f:03:73:45:5d:3a:5b:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Feb 12 13:56:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7f5ed7b0e7a59cbbf5e03d8cc5c9e44ffa845ced
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:0e:3e:7e:88:28:62:bd:25:6e:56:fa:6a:ca:
2a:ff:7d:b4:1c:3c:ad:84:c0:41:a8:5c:d1:8c:78:
fa:ff:01:b9:3a:66:f2:c5:64:16:3f:0d:05:68:71:
ce:79:ec:d1:9b:d8:47:67:30:fe:fa:30:9f:aa:5e:
81:b3:8f:fd:ab:ba:55:93:e8:e6:33:e1:7f:92:49:
99:87:63:9c:a0:40:05:34:3b:06:ae:09:e0:34:15:
00:05:4d:68:1d:85:ba:d1:4f:e0:5e:48:80:13:f1:
62:21:cb:99:14:fe:0f:45:ea:ce:4a:c6:8a:6e:a9:
59:f8:89:06:7c:af:21:08:98:be:20:d3:5f:77:7a:
1c:b5:17:d8:da:3e:b5:64:2f:5e:c6:3c:87:d2:c3:
cc:6a:06:99:62:cc:2e:55:0e:39:37:a4:d7:31:f6:
14:7b:99:4a:8b:56:ae:2e:3d:93:1b:f4:67:6f:37:
78:d5:c6:95:1d:ee:d0:7a:c7:10:dd:7b:fb:e1:ab:
d9:11:07:06:c7:4c:11:23:5f:0f:bf:6c:7f:d7:0b:
18:1b:62:0f:1e:02:ac:e0:49:db:75:bf:69:04:e9:
cb:1f:88:77:d7:09:4e:7d:32:14:55:26:65:af:82:
e1:02:12:43:31:54:7a:9b:3b:ef:d0:b1:70:09:e0:
db:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:5E:D7:B0:E7:A5:9C:BB:F5:E0:3D:8C:C5:C9:E4:4F:FA:84:5C:ED
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/f17XsOelnLv14D2MxcnkT_qEXO0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.5.0/24
193.124.7.0/24
193.124.95.0/24
193.124.200.0/24
193.124.202.0/24
193.124.207.0/24
194.87.22.0/24
194.87.32.0/24
194.87.81.0/24
194.87.149.0/24
194.87.170.0/24
194.87.172.0/24
194.87.201.0/24
194.135.18.0/24
195.58.54.0/24
195.58.60.0/24
195.133.25.0/24
195.133.72.0/24
195.133.85.0/24
195.133.192.0/24
212.192.1.0/24
212.193.13.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:81:5e:67:e3:1b:7b:09:c9:6c:8b:56:47:b9:a1:e8:57:5d:
a4:b2:76:61:bb:d7:09:e6:7a:8d:87:2d:f3:14:78:15:53:40:
92:c8:c9:74:cc:c6:a0:eb:00:b9:b7:c9:42:1b:07:f3:b2:6e:
79:7b:f6:bb:cf:7f:3e:4c:9e:29:ef:ae:36:bc:8a:9f:19:ba:
d0:a2:09:6e:b7:50:c8:a3:76:a8:28:d8:d7:61:e4:3d:9b:3b:
34:6f:d2:8c:8d:fc:aa:f7:35:53:c0:58:86:34:45:89:37:24:
eb:c1:0e:a3:f8:29:4d:10:e9:5a:ac:87:33:c6:4e:53:ea:b1:
c9:68:92:4f:92:7f:8b:60:29:14:79:52:6a:fa:74:cb:1f:26:
42:48:2f:cd:d3:cc:30:37:cd:77:6f:ce:fd:10:b6:f8:b3:cb:
b1:ff:06:47:5f:a4:bb:d7:53:3f:1b:dd:3d:da:a0:16:0e:4f:
30:1b:c3:9e:1b:a1:36:2d:34:b6:11:63:89:27:86:89:43:26:
4b:7c:cf:f2:8f:1b:2b:57:a3:cc:37:17:94:cc:c8:dd:a8:a0:
05:b6:f7:11:7b:39:64:22:ba:07:bd:34:2f:bf:53:74:df:56:
3d:5c:6a:57:a3:1c:82:8f:ac:cf:b1:b5:57:11:4c:ed:d7:34:
14:c1:81:12
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAY2dmsOQD3XebX8Dc0VdOlvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjEyMTM1NjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjVlZDdiMGU3YTU5Y2JiZjVlMDNkOGNjNWM5ZTQ0ZmZhODQ1Y2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQ4+fogoYr0lblb6asoq/320HDyt
hMBBqFzRjHj6/wG5OmbyxWQWPw0FaHHOeezRm9hHZzD++jCfql6Bs4/9q7pVk+jm
M+F/kkmZh2OcoEAFNDsGrgngNBUABU1oHYW60U/gXkiAE/FiIcuZFP4PRerOSsaK
bqlZ+IkGfK8hCJi+INNfd3octRfY2j61ZC9exjyH0sPMagaZYswuVQ45N6TXMfYU
e5lKi1auLj2TG/Rnbzd41caVHe7QescQ3Xv74avZEQcGx0wRI18Pv2x/1wsYG2IP
HgKs4Enbdb9pBOnLH4h31wlOfTIUVSZlr4LhAhJDMVR6mzvv0LFwCeDbpQIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFH9e17DnpZy79eA9jMXJ5E/6hFztMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZjE3WHNPZWxuTHYxNEQyTXhjbmtUX3FFWE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBADB
fAUDBADBfAcDBADBfF8DBADBfMgDBADBfMoDBADBfM8DBADCVxYDBADCVyADBADC
V1EDBADCV5UDBADCV6oDBADCV6wDBADCV8kDBADChxIDBADDOjYDBADDOjwDBADD
hRkDBADDhUgDBADDhVUDBADDhcADBADUwAEDBADUwQ0wDQYJKoZIhvcNAQELBQAD
ggEBAB2BXmfjG3sJyWyLVke5oehXXaSydmG71wnmeo2HLfMUeBVTQJLIyXTMxqDr
ALm3yUIbB/Oybnl79rvPfz5Mninvrja8ip8ZutCiCW63UMijdqgo2Ndh5D2bOzRv
0oyN/Kr3NVPAWIY0RYk3JOvBDqP4KU0Q6VqshzPGTlPqsclokk+Sf4tgKRR5Umr6
dMsfJkJIL83TzDA3zXdvzv0Qtvizy7H/BkdfpLvXUz8b3T3aoBYOTzAbw54boTYt
NLYRY4knholDJkt8z/KPGytXo8w3F5TMyN2ooAW29xF7OWQiuge9NC+/U3TfVj1c
alejHIKPrM+xtVcRTO3XNBTBgRI=
-----END CERTIFICATE-----
Generated at Mon Jun 16 14:08:07 2025 by rpki-client