Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fn-l_F9sEq5mMHTEz3-zcm-l4is.roa
File: fn-l_F9sEq5mMHTEz3-zcm-l4is.roa (raw, json)
Hash identifier: hRgwf3+aLw+e9ArV4cvEEs9CRD64C2aCokfn4yqkbOM=
Subject key identifier: 7E:7F:A5:FC:5F:6C:12:AE:66:30:74:C4:CF:7F:B3:72:6F:A5:E2:2B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0189E3B860BCF0140A46081DD95DD65E8259
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fn-l_F9sEq5mMHTEz3-zcm-l4is.roa
Signing time: Fri 11 Aug 2023 08:30:58 +0000
ROA not before: Fri 11 Aug 2023 08:30:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197450
IP address blocks: 62.76.226.0/24 maxlen: 24
194.87.36.0/24 maxlen: 24
212.192.0.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:e3:b8:60:bc:f0:14:0a:46:08:1d:d9:5d:d6:5e:82:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Aug 11 08:30:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7e7fa5fc5f6c12ae663074c4cf7fb3726fa5e22b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:34:85:cc:06:0c:ee:33:da:3a:36:22:2d:65:
69:59:9e:e1:08:17:a5:1b:39:e7:43:f7:4c:85:bd:
06:1e:f6:b9:c4:f4:9a:65:86:94:7e:f9:be:c9:2b:
ed:48:95:b9:2a:a6:9c:ee:b7:40:a6:5e:e7:91:0d:
f8:b0:ec:83:ab:28:76:d5:7b:f0:6d:af:bb:89:24:
62:d7:ee:75:8d:a5:8f:3e:1e:b4:df:1f:f9:eb:8a:
0e:e3:65:0f:af:e3:fe:52:81:20:b1:fe:19:6a:80:
ef:5f:7c:1c:01:0a:75:8a:5f:85:c6:84:d6:76:b3:
8e:f3:39:3c:74:36:f9:36:f7:73:f9:43:a1:62:1a:
e3:08:d7:53:57:f3:ab:ac:a7:c3:43:78:d7:ad:cf:
04:77:73:40:58:66:69:2d:e9:4d:5f:eb:fc:d3:11:
03:18:59:fd:67:62:58:ef:23:d4:b7:da:18:cb:1c:
c4:da:62:07:55:95:a7:cd:ef:14:7d:95:39:2d:46:
19:80:ac:12:e6:75:9b:01:0d:f3:17:46:29:a6:36:
c3:05:37:bb:b3:f2:34:f7:83:db:90:83:43:00:5e:
0b:fc:fb:c2:43:01:56:b4:0f:92:ba:c5:ad:75:08:
8d:b2:7a:6d:c1:4b:9d:33:c5:d6:08:e0:5d:2c:86:
2f:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:7F:A5:FC:5F:6C:12:AE:66:30:74:C4:CF:7F:B3:72:6F:A5:E2:2B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fn-l_F9sEq5mMHTEz3-zcm-l4is.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.226.0/24
194.87.36.0/24
212.192.0.0/24
Signature Algorithm: sha256WithRSAEncryption
76:ee:a2:6d:f4:68:fd:5d:1d:5a:5f:62:85:15:00:c3:64:92:
d4:07:f5:42:29:4e:8e:68:61:a5:66:4d:46:df:3b:bc:6e:54:
f4:0c:37:15:46:ab:24:db:5f:65:83:a0:c4:15:f9:6f:35:06:
4c:bd:9c:f9:21:00:05:a7:66:df:d7:d3:a6:a0:a6:1a:07:3d:
8d:f3:dd:2c:89:52:b6:21:11:eb:d2:82:34:cf:ec:b7:1e:cf:
53:8e:01:f6:37:83:75:30:d3:7d:c2:33:53:19:ff:fe:f9:81:
6c:f8:3b:c9:77:31:6a:d1:83:6b:04:bd:2e:c5:bb:d2:b9:3a:
46:3c:31:1d:02:df:f2:7d:66:0c:3e:c6:ca:7a:08:12:51:fa:
a8:20:cf:f0:c5:2c:34:e3:8d:06:e8:83:fd:f0:09:a4:77:5c:
58:2a:43:a0:02:59:0f:54:a0:92:3b:73:5b:7e:a6:32:0f:d7:
24:5c:5b:b0:ac:b1:26:04:6b:1b:a4:4c:82:75:1b:a8:e1:d1:
49:47:66:05:1e:96:79:8f:72:cd:e9:9d:26:f3:50:23:cf:3f:
66:3f:ac:66:51:a2:99:97:c2:39:7c:a3:a6:18:31:4b:3d:51:
4b:d9:99:42:9b:e3:2d:62:03:b9:43:2d:28:e5:61:5d:83:85:
9e:53:20:16
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYnjuGC88BQKRggd2V3WXoJZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwODExMDgzMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTdmYTVmYzVmNmMxMmFlNjYzMDc0YzRjZjdmYjM3MjZmYTVlMjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTSFzAYM7jPaOjYiLWVpWZ7hCBel
GznnQ/dMhb0GHva5xPSaZYaUfvm+ySvtSJW5Kqac7rdApl7nkQ34sOyDqyh21Xvw
ba+7iSRi1+51jaWPPh603x/564oO42UPr+P+UoEgsf4ZaoDvX3wcAQp1il+FxoTW
drOO8zk8dDb5Nvdz+UOhYhrjCNdTV/OrrKfDQ3jXrc8Ed3NAWGZpLelNX+v80xED
GFn9Z2JY7yPUt9oYyxzE2mIHVZWnze8UfZU5LUYZgKwS5nWbAQ3zF0YppjbDBTe7
s/I094PbkINDAF4L/PvCQwFWtA+SusWtdQiNsnptwUudM8XWCOBdLIYvawIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH5/pfxfbBKuZjB0xM9/s3JvpeIrMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZm4tbF9GOXNFcTVtTUhURXozLXpjbS1sNGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPkziAwQA
wlckAwQA1MAAMA0GCSqGSIb3DQEBCwUAA4IBAQB27qJt9Gj9XR1aX2KFFQDDZJLU
B/VCKU6OaGGlZk1G3zu8blT0DDcVRqsk219lg6DEFflvNQZMvZz5IQAFp2bf19Om
oKYaBz2N890siVK2IRHr0oI0z+y3Hs9TjgH2N4N1MNN9wjNTGf/++YFs+DvJdzFq
0YNrBL0uxbvSuTpGPDEdAt/yfWYMPsbKeggSUfqoIM/wxSw0440G6IP98Amkd1xY
KkOgAlkPVKCSO3NbfqYyD9ckXFuwrLEmBGsbpEyCdRuo4dFJR2YFHpZ5j3LN6Z0m
81Ajzz9mP6xmUaKZl8I5fKOmGDFLPVFL2ZlCm+MtYgO5Qy0o5WFdg4WeUyAW
-----END CERTIFICATE-----
Generated at Mon Jun 16 13:09:29 2025 by rpki-client