Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/543b15-fb1b-445f-8aa4-db4d714859b5/1/kqhXAnPg0v59KJzigHJ_nCMlIWU.roa
File: kqhXAnPg0v59KJzigHJ_nCMlIWU.roa (raw, json)
Hash identifier: 5l1Ln/FgEZJE2DMC0N+4AEdv4Uf8+RasfSSVp0Em1eA=
Subject key identifier: 92:A8:57:02:73:E0:D2:FE:7D:28:9C:E2:80:72:7F:9C:23:25:21:65
Certificate issuer: /CN=3e482fb3c9f9af470e4e48b6df382d3d50154661
Certificate serial: 0195B32177092F55AEFBC89FBDCCEC3941A0
Authority key identifier: 3E:48:2F:B3:C9:F9:AF:47:0E:4E:48:B6:DF:38:2D:3D:50:15:46:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Pkgvs8n5r0cOTki23zgtPVAVRmE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/543b15-fb1b-445f-8aa4-db4d714859b5/1/kqhXAnPg0v59KJzigHJ_nCMlIWU.roa
Signing time: Thu 20 Mar 2025 10:37:49 +0000
ROA not before: Thu 20 Mar 2025 10:37:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212665
IP address blocks: 193.200.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b3:21:77:09:2f:55:ae:fb:c8:9f:bd:cc:ec:39:41:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e482fb3c9f9af470e4e48b6df382d3d50154661
Validity
Not Before: Mar 20 10:37:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=92a8570273e0d2fe7d289ce280727f9c23252165
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:96:d1:ec:61:9b:e5:be:b6:b1:55:3d:50:d6:
dc:8c:81:e0:0d:75:2a:85:96:18:83:9d:0b:61:10:
d2:88:a8:49:31:d5:a8:72:b4:9d:c2:66:74:b6:0d:
eb:9e:8f:2e:19:b1:cb:f1:72:e1:a6:55:31:62:93:
e5:d7:e8:03:77:7f:2a:5f:c1:a8:1c:53:e8:36:d0:
f4:83:14:74:24:b7:5b:48:74:c8:7b:b0:b7:f3:84:
d8:f0:35:8c:f6:89:36:a3:c7:29:60:4c:ce:bc:6f:
5d:4b:79:51:1b:01:52:09:b6:b8:7a:ff:10:d4:af:
a1:be:a6:13:55:46:01:fd:22:26:8b:21:a4:42:c9:
f1:b9:57:76:6e:24:30:0b:5b:e9:06:42:7e:0e:b0:
1f:bd:70:0d:68:45:fb:87:fa:56:d6:5d:74:ea:5e:
59:f4:b4:e9:40:46:50:61:14:86:72:c0:8c:6f:71:
59:29:8f:e5:8c:47:99:66:91:8a:2e:58:c7:e4:1c:
9f:42:8c:68:c6:55:43:83:b6:10:2c:dc:ae:c7:af:
6e:0e:c2:87:fc:90:df:c0:05:31:c9:6b:8e:54:4c:
b9:c9:b9:85:39:0c:e6:ce:09:45:47:c0:04:45:e0:
15:09:7b:44:c4:ab:46:49:7e:94:03:a8:38:e7:b1:
15:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:A8:57:02:73:E0:D2:FE:7D:28:9C:E2:80:72:7F:9C:23:25:21:65
X509v3 Authority Key Identifier:
keyid:3E:48:2F:B3:C9:F9:AF:47:0E:4E:48:B6:DF:38:2D:3D:50:15:46:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pkgvs8n5r0cOTki23zgtPVAVRmE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/543b15-fb1b-445f-8aa4-db4d714859b5/1/kqhXAnPg0v59KJzigHJ_nCMlIWU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/543b15-fb1b-445f-8aa4-db4d714859b5/1/Pkgvs8n5r0cOTki23zgtPVAVRmE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.200.217.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:57:44:f9:6a:61:cb:fb:4a:28:e7:a1:a3:00:3b:c7:c4:c0:
ef:46:ef:6e:b1:1e:d7:81:25:3d:f8:63:5d:ce:f8:87:e2:5d:
3f:7f:f5:8a:3d:7f:a7:bf:cb:71:0d:e0:dd:09:17:64:89:05:
76:72:29:73:b1:91:2a:2a:33:41:f1:68:82:63:cc:4d:91:dd:
38:62:e4:6b:1d:b4:32:70:50:18:9b:87:03:49:93:44:7c:0d:
91:17:a2:4c:08:11:8d:d1:df:5c:dc:dd:02:bc:90:15:02:b4:
df:47:76:e9:0d:3c:b7:38:37:94:6d:29:4a:42:18:ed:80:b0:
b7:1c:18:34:49:81:d6:b8:3f:6d:89:c6:dc:51:36:b3:75:d7:
16:b7:60:18:04:69:50:e6:4a:ba:e7:6b:62:89:17:ee:87:ac:
d6:e6:d3:d3:0c:54:ea:7b:1f:63:72:03:7f:52:e1:5f:76:4d:
18:71:0f:1d:b5:b0:95:d6:86:ad:63:55:d7:7c:bc:6d:6b:ac:
07:4e:0e:bb:e4:be:45:ce:18:82:74:57:09:86:86:2c:6f:93:
39:3a:28:f3:2e:06:76:bf:10:58:7b:4a:9c:c3:35:d5:45:1a:
48:e9:03:07:7f:f6:c0:05:d5:8c:3a:67:2e:46:0a:35:e9:df:
54:92:96:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWzIXcJL1Wu+8ifvczsOUGgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNDgyZmIzYzlmOWFmNDcwZTRlNDhiNmRmMzgyZDNkNTAx
NTQ2NjEwHhcNMjUwMzIwMTAzNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmE4NTcwMjczZTBkMmZlN2QyODljZTI4MDcyN2Y5YzIzMjUyMTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspbR7GGb5b62sVU9UNbcjIHgDXUq
hZYYg50LYRDSiKhJMdWocrSdwmZ0tg3rno8uGbHL8XLhplUxYpPl1+gDd38qX8Go
HFPoNtD0gxR0JLdbSHTIe7C384TY8DWM9ok2o8cpYEzOvG9dS3lRGwFSCba4ev8Q
1K+hvqYTVUYB/SImiyGkQsnxuVd2biQwC1vpBkJ+DrAfvXANaEX7h/pW1l106l5Z
9LTpQEZQYRSGcsCMb3FZKY/ljEeZZpGKLljH5ByfQoxoxlVDg7YQLNyux69uDsKH
/JDfwAUxyWuOVEy5ybmFOQzmzglFR8AEReAVCXtExKtGSX6UA6g457EVCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKoVwJz4NL+fSic4oByf5wjJSFlMB8GA1UdIwQY
MBaAFD5IL7PJ+a9HDk5Itt84LT1QFUZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGtndnM4bjVyMGNPVGtpMjN6Z3RQVkFWUm1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81NDNiMTUtZmIxYi00NDVmLThhYTQt
ZGI0ZDcxNDg1OWI1LzEva3FoWEFuUGcwdjU5S0p6aWdISl9uQ01sSVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81NDNiMTUtZmIxYi00NDVmLThhYTQtZGI0ZDcxNDg1OWI1
LzEvUGtndnM4bjVyMGNPVGtpMjN6Z3RQVkFWUm1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjZMA0G
CSqGSIb3DQEBCwUAA4IBAQBPV0T5amHL+0oo56GjADvHxMDvRu9usR7XgSU9+GNd
zviH4l0/f/WKPX+nv8txDeDdCRdkiQV2cilzsZEqKjNB8WiCY8xNkd04YuRrHbQy
cFAYm4cDSZNEfA2RF6JMCBGN0d9c3N0CvJAVArTfR3bpDTy3ODeUbSlKQhjtgLC3
HBg0SYHWuD9ticbcUTazddcWt2AYBGlQ5kq652tiiRfuh6zW5tPTDFTqex9jcgN/
UuFfdk0YcQ8dtbCV1oatY1XXfLxta6wHTg675L5FzhiCdFcJhoYsb5M5OijzLgZ2
vxBYe0qcwzXVRRpI6QMHf/bABdWMOmcuRgo16d9Ukpa2
-----END CERTIFICATE-----
Generated at Wed May 7 23:10:47 2025 by rpki-client