Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/a269aa-c9bf-42c1-ade3-ed85ce094a87/1/t2642iJ0skzQi9E6AZEwytvf8m4.roa
File: t2642iJ0skzQi9E6AZEwytvf8m4.roa (raw, json)
Hash identifier: gIPPWO03VKLt/46PvA70+sFAjblnHQu9s1qgU/4Hidk=
Subject key identifier: B7:6E:B8:DA:22:74:B2:4C:D0:8B:D1:3A:01:91:30:CA:DB:DF:F2:6E
Certificate issuer: /CN=6e1d8dd31ae9e03af4d26e9da6e2dd86a03039a4
Certificate serial: 01951E6FDE30199AF76D1CB73B6E023E7333
Authority key identifier: 6E:1D:8D:D3:1A:E9:E0:3A:F4:D2:6E:9D:A6:E2:DD:86:A0:30:39:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bh2N0xrp4Dr00m6dpuLdhqAwOaQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/a269aa-c9bf-42c1-ade3-ed85ce094a87/1/t2642iJ0skzQi9E6AZEwytvf8m4.roa
Signing time: Wed 19 Feb 2025 13:40:02 +0000
ROA not before: Wed 19 Feb 2025 13:40:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31319
IP address blocks: 193.43.106.0/24 maxlen: 24
193.43.107.0/24 maxlen: 24
193.43.108.0/24 maxlen: 24
193.238.84.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:1e:6f:de:30:19:9a:f7:6d:1c:b7:3b:6e:02:3e:73:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6e1d8dd31ae9e03af4d26e9da6e2dd86a03039a4
Validity
Not Before: Feb 19 13:40:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b76eb8da2274b24cd08bd13a019130cadbdff26e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:74:41:4a:1f:a8:2f:63:47:f7:18:b3:c6:c5:
72:33:73:c7:b5:eb:43:71:bd:03:5d:a9:6c:d1:b6:
45:10:72:bc:f6:67:4e:da:7b:e4:80:1a:06:4e:5c:
75:f0:45:40:8c:c4:05:12:4a:bd:fb:66:f7:6e:80:
d1:e2:50:64:35:47:a7:94:d1:c6:00:ae:82:c5:81:
98:3b:5d:a2:14:94:ee:8d:bf:15:be:7a:fb:1a:b3:
23:6b:2e:fa:89:c1:63:21:5b:a9:ca:f2:c6:f9:7b:
bf:a7:4e:75:84:5e:74:22:7b:66:19:50:f9:22:19:
50:35:70:a2:cb:70:aa:8d:00:fc:7b:83:dd:a7:d0:
1e:ac:1b:b2:d8:92:39:2b:79:5a:8a:47:41:1e:e4:
af:9d:2d:3a:a5:d7:ed:9d:5a:bc:7d:08:01:1c:34:
58:6f:f1:90:f5:11:b7:ed:e8:c1:7d:94:59:9b:26:
03:20:ea:5b:32:2d:24:5a:a4:f6:91:e3:1a:56:5e:
d3:c5:58:37:72:d2:5e:2e:dc:3e:48:7c:56:ff:f8:
c9:8f:cb:86:0b:b4:30:d8:d8:80:0c:28:43:db:a4:
e9:57:cd:84:a4:5f:b7:35:12:00:05:00:b4:e4:56:
91:d6:41:b4:34:b8:07:00:57:b8:24:a9:cb:18:f0:
63:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:6E:B8:DA:22:74:B2:4C:D0:8B:D1:3A:01:91:30:CA:DB:DF:F2:6E
X509v3 Authority Key Identifier:
keyid:6E:1D:8D:D3:1A:E9:E0:3A:F4:D2:6E:9D:A6:E2:DD:86:A0:30:39:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bh2N0xrp4Dr00m6dpuLdhqAwOaQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/a269aa-c9bf-42c1-ade3-ed85ce094a87/1/t2642iJ0skzQi9E6AZEwytvf8m4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/a269aa-c9bf-42c1-ade3-ed85ce094a87/1/bh2N0xrp4Dr00m6dpuLdhqAwOaQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.43.106.0-193.43.108.255
193.238.84.0/24
Signature Algorithm: sha256WithRSAEncryption
63:7e:9b:08:c3:1d:84:fd:16:77:13:60:c6:dc:93:bb:9e:17:
64:e2:34:47:8b:3d:50:78:e0:cf:65:a4:60:d3:54:d4:e1:b7:
00:f0:eb:d5:48:75:5d:9c:90:fd:81:1a:61:f5:11:5d:50:ad:
da:ce:6e:8a:3b:74:15:92:d5:dd:05:52:92:83:0a:08:9d:d2:
c8:10:df:e6:7d:b4:97:aa:44:69:bd:1c:bb:0a:65:db:c3:c9:
ed:1b:4b:17:26:c1:36:de:79:53:0f:43:1f:cd:4d:2f:9c:80:
18:95:b1:d1:27:f1:95:3b:3a:a1:88:29:b2:9f:b0:5e:3d:68:
18:19:17:90:83:d1:05:eb:e1:2b:04:18:f7:94:09:51:60:a5:
b4:8d:ab:5d:34:c2:af:58:22:b6:b0:cf:cb:62:ec:a8:13:49:
6f:d3:96:78:f3:00:51:e1:bc:3b:d5:f1:37:a8:7f:65:28:3a:
29:8d:51:76:cd:66:a2:2d:de:9a:0b:8b:b1:4a:e3:3d:ff:92:
db:b9:d6:81:ac:4b:fc:70:96:7e:d3:ce:5d:43:66:ca:fc:13:
77:27:67:6c:a6:15:2a:18:e0:1c:c0:c7:ba:fd:a1:59:d6:cc:
11:ad:91:82:4c:55:8a:1c:75:eb:9a:37:a9:36:b8:93:7c:93:
88:fb:cf:d5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZUeb94wGZr3bRy3O24CPnMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlMWQ4ZGQzMWFlOWUwM2FmNGQyNmU5ZGE2ZTJkZDg2YTAz
MDM5YTQwHhcNMjUwMjE5MTM0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZlYjhkYTIyNzRiMjRjZDA4YmQxM2EwMTkxMzBjYWRiZGZmMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnRBSh+oL2NH9xizxsVyM3PHtetD
cb0DXals0bZFEHK89mdO2nvkgBoGTlx18EVAjMQFEkq9+2b3boDR4lBkNUenlNHG
AK6CxYGYO12iFJTujb8Vvnr7GrMjay76icFjIVupyvLG+Xu/p051hF50IntmGVD5
IhlQNXCiy3CqjQD8e4Pdp9AerBuy2JI5K3laikdBHuSvnS06pdftnVq8fQgBHDRY
b/GQ9RG37ejBfZRZmyYDIOpbMi0kWqT2keMaVl7TxVg3ctJeLtw+SHxW//jJj8uG
C7Qw2NiADChD26TpV82EpF+3NRIABQC05FaR1kG0NLgHAFe4JKnLGPBjTQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLduuNoidLJM0IvROgGRMMrb3/JuMB8GA1UdIwQY
MBaAFG4djdMa6eA69NJunabi3YagMDmkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmgyTjB4cnA0RHIwMG02ZHB1TGRocUF3T2FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9hMjY5YWEtYzliZi00MmMxLWFkZTMt
ZWQ4NWNlMDk0YTg3LzEvdDI2NDJpSjBza3pRaTlFNkFaRXd5dHZmOG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9hMjY5YWEtYzliZi00MmMxLWFkZTMtZWQ4NWNlMDk0YTg3
LzEvYmgyTjB4cnA0RHIwMG02ZHB1TGRocUF3T2FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAHBK2oD
BADBK2wDBADB7lQwDQYJKoZIhvcNAQELBQADggEBAGN+mwjDHYT9FncTYMbck7ue
F2TiNEeLPVB44M9lpGDTVNThtwDw69VIdV2ckP2BGmH1EV1QrdrOboo7dBWS1d0F
UpKDCgid0sgQ3+Z9tJeqRGm9HLsKZdvDye0bSxcmwTbeeVMPQx/NTS+cgBiVsdEn
8ZU7OqGIKbKfsF49aBgZF5CD0QXr4SsEGPeUCVFgpbSNq100wq9YIrawz8ti7KgT
SW/TlnjzAFHhvDvV8Teof2UoOimNUXbNZqIt3poLi7FK4z3/ktu51oGsS/xwln7T
zl1DZsr8E3cnZ2ymFSoY4BzAx7r9oVnWzBGtkYJMVYocdeuaN6k2uJN8k4j7z9U=
-----END CERTIFICATE-----
Generated at Fri May 2 15:36:31 2025 by rpki-client