Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tqP74NFofphDtjh5_7gEvb1fB8s.roa
File: tqP74NFofphDtjh5_7gEvb1fB8s.roa (raw, json)
Hash identifier: W/rcPOARYIaEe6/roiP/ws9wehx8JoPBIgw2al/wc1c=
Subject key identifier: B6:A3:FB:E0:D1:68:7E:98:43:B6:38:79:FF:B8:04:BD:BD:5F:07:CB
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0194282500AD90BD969F96060554325EFAE6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tqP74NFofphDtjh5_7gEvb1fB8s.roa
Signing time: Thu 02 Jan 2025 17:51:40 +0000
ROA not before: Thu 02 Jan 2025 17:51:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205220
IP address blocks: 212.192.212.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:00:ad:90:bd:96:9f:96:06:05:54:32:5e:fa:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b6a3fbe0d1687e9843b63879ffb804bdbd5f07cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:98:20:aa:78:d2:49:58:c5:0f:ce:53:bd:67:
3c:3c:a4:13:ba:29:ff:39:7b:c4:30:72:43:a9:10:
b8:05:96:40:40:72:d5:ff:08:63:a2:0a:4c:b5:de:
7f:66:fd:5f:fe:aa:e0:f0:fd:d1:2b:96:59:ab:8d:
c5:60:f0:48:3c:df:1e:61:f5:d7:d2:2e:2a:32:70:
ea:12:b4:16:ac:b3:02:4c:c9:f4:6d:27:24:74:99:
f1:73:d5:61:60:7e:75:14:46:b1:f4:f1:0e:91:70:
60:33:32:17:3f:5e:64:20:26:bd:3f:15:e1:a4:cc:
5a:49:14:e5:c7:2e:9a:73:e1:f4:b7:27:33:44:da:
d8:9b:59:9b:86:ea:9e:0b:9d:48:a1:22:7f:2f:d5:
e4:b5:1c:65:63:89:38:d8:59:63:03:ad:6a:13:65:
8b:6b:a0:06:f2:a0:30:17:66:87:fd:0e:f3:57:31:
96:19:ff:96:50:40:06:2e:82:41:01:17:55:11:77:
74:62:8e:fa:89:2e:77:4c:cb:74:b8:f3:b4:2a:c3:
58:20:f9:7c:88:ab:18:f7:81:41:30:62:b6:37:c5:
e0:a7:31:97:26:17:26:4b:0b:6a:12:41:de:3e:80:
56:5c:12:ec:7f:48:28:1b:7d:c0:c8:ff:1d:90:5a:
06:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:A3:FB:E0:D1:68:7E:98:43:B6:38:79:FF:B8:04:BD:BD:5F:07:CB
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tqP74NFofphDtjh5_7gEvb1fB8s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.192.212.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:37:21:15:f7:1c:a1:c1:8d:9e:03:31:1a:ac:b5:ef:12:88:
fe:3e:bf:db:61:9c:02:e3:85:19:46:df:f1:09:2f:34:82:64:
db:81:c8:0e:5a:50:4d:cc:3c:1f:ee:b5:65:a7:51:52:35:03:
66:e8:f8:a6:5f:f3:5c:5c:ff:f2:a4:b5:15:07:4c:95:a4:cf:
6f:72:46:47:f7:d5:23:14:3d:e1:40:e3:ef:52:68:b9:c7:37:
d7:98:2b:38:ca:72:b4:97:da:72:27:5b:18:cb:1d:02:2b:6a:
e0:15:fd:a1:97:2a:6d:96:4f:55:53:2f:6c:cc:d4:33:8a:d1:
bd:3f:25:40:56:c5:37:9c:5a:d4:7b:d0:03:06:5e:82:41:6e:
3d:2e:96:43:3b:29:67:ef:3a:f1:a6:a7:ec:c0:76:b4:2f:6c:
da:7a:55:d5:8c:ad:e6:85:f0:be:d6:63:0a:26:54:d0:a1:b5:
f5:29:09:25:89:ed:b9:ce:1d:65:19:7a:fc:dd:03:4f:9b:e6:
3b:c7:69:9b:87:79:ae:5f:6f:1f:61:9f:d0:ee:cd:1f:64:9d:
aa:22:35:b4:12:b7:04:57:25:5b:e3:d0:8e:3d:16:48:bf:8e:
97:5f:2b:b2:5e:14:1f:13:dd:7e:49:58:6c:0e:70:b6:6d:a8:
bf:f4:ec:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQCtkL2Wn5YGBVQyXvrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmEzZmJlMGQxNjg3ZTk4NDNiNjM4NzlmZmI4MDRiZGJkNWYwN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5ggqnjSSVjFD85TvWc8PKQTuin/
OXvEMHJDqRC4BZZAQHLV/whjogpMtd5/Zv1f/qrg8P3RK5ZZq43FYPBIPN8eYfXX
0i4qMnDqErQWrLMCTMn0bSckdJnxc9VhYH51FEax9PEOkXBgMzIXP15kICa9PxXh
pMxaSRTlxy6ac+H0tyczRNrYm1mbhuqeC51IoSJ/L9XktRxlY4k42FljA61qE2WL
a6AG8qAwF2aH/Q7zVzGWGf+WUEAGLoJBARdVEXd0Yo76iS53TMt0uPO0KsNYIPl8
iKsY94FBMGK2N8XgpzGXJhcmSwtqEkHePoBWXBLsf0goG33AyP8dkFoGqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaj++DRaH6YQ7Y4ef+4BL29XwfLMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdHFQNzRORm9mcGhEdGpoNV83Z0V2YjFmQjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDUMA0G
CSqGSIb3DQEBCwUAA4IBAQB/NyEV9xyhwY2eAzEarLXvEoj+Pr/bYZwC44UZRt/x
CS80gmTbgcgOWlBNzDwf7rVlp1FSNQNm6PimX/NcXP/ypLUVB0yVpM9vckZH99Uj
FD3hQOPvUmi5xzfXmCs4ynK0l9pyJ1sYyx0CK2rgFf2hlyptlk9VUy9szNQzitG9
PyVAVsU3nFrUe9ADBl6CQW49LpZDOyln7zrxpqfswHa0L2zaelXVjK3mhfC+1mMK
JlTQobX1KQklie25zh1lGXr83QNPm+Y7x2mbh3muX28fYZ/Q7s0fZJ2qIjW0ErcE
VyVb49COPRZIv46XXyuyXhQfE91+SVhsDnC2bai/9Oyd
-----END CERTIFICATE-----
Generated at Mon Jun 16 15:20:48 2025 by rpki-client