Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/MXmdXMgoJJESwPLVijQ8G8UUvTs.roa
File: MXmdXMgoJJESwPLVijQ8G8UUvTs.roa (raw, json)
Hash identifier: ZtqV4ArnJ2OUC/t6XLxjLeWjObzc2iOFIlXkuDmY24I=
Subject key identifier: 31:79:9D:5C:C8:28:24:91:12:C0:F2:D5:8A:34:3C:1B:C5:14:BD:3B
Certificate issuer: /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial: 01856F54BA64A06FBDB12A1838DB243334F8
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/MXmdXMgoJJESwPLVijQ8G8UUvTs.roa
Signing time: Sun 01 Jan 2023 21:55:01 +0000
ROA not before: Sun 01 Jan 2023 21:55:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44814
IP address blocks: 93.94.137.0/24 maxlen: 24
185.7.217.0/24 maxlen: 24
46.253.0.0/21 maxlen: 21
46.253.10.0/24 maxlen: 24
46.253.15.0/24 maxlen: 24
95.169.218.0/24 maxlen: 24
2a01:4a40::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:54:ba:64:a0:6f:bd:b1:2a:18:38:db:24:33:34:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Validity
Not Before: Jan 1 21:55:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=31799d5cc828249112c0f2d58a343c1bc514bd3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:d7:f8:a8:78:e8:b0:7c:4a:0e:50:b4:46:31:
ae:a1:f0:f5:18:13:8d:1f:f7:13:1d:60:a2:0b:88:
bb:7a:3f:8b:4f:86:84:c9:1d:87:c8:7e:b0:a0:7b:
41:4e:7f:45:85:4b:12:35:6a:2b:e5:cc:0e:30:4e:
4e:e0:12:83:22:d1:29:7d:ae:5a:78:71:7e:13:3b:
d9:49:3b:a7:28:9d:bb:51:d2:f5:dd:14:57:f3:87:
15:c6:6f:7c:15:d2:59:f9:44:49:8b:d8:a2:0e:37:
35:df:b1:0a:b7:07:83:04:5c:3a:18:64:9e:ad:3f:
32:49:07:75:fa:0a:5f:00:55:e1:19:b5:31:2a:0c:
05:6f:c2:ca:52:3e:05:f6:45:5a:e9:e3:77:3b:07:
89:40:54:e3:fd:78:6b:aa:2c:9b:66:6f:11:ac:28:
0d:56:79:a3:ea:2b:40:20:3c:af:48:1e:e7:02:39:
50:29:71:eb:49:1f:34:5c:99:1a:03:83:45:20:1b:
7c:c0:0d:5a:c9:00:7a:0b:ff:7b:ec:2c:b6:f3:df:
ee:94:85:7c:71:0b:fe:65:a7:92:38:77:9a:df:bd:
71:3a:5c:07:98:a3:10:00:96:74:14:bb:7d:cd:58:
da:1f:4f:2a:9b:2d:9d:e1:8f:8e:a1:2b:cc:92:ac:
cb:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:79:9D:5C:C8:28:24:91:12:C0:F2:D5:8A:34:3C:1B:C5:14:BD:3B
X509v3 Authority Key Identifier:
keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/MXmdXMgoJJESwPLVijQ8G8UUvTs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.253.0.0/21
46.253.10.0/24
46.253.15.0/24
93.94.137.0/24
95.169.218.0/24
185.7.217.0/24
IPv6:
2a01:4a40::/32
Signature Algorithm: sha256WithRSAEncryption
69:bb:b7:10:2a:07:b8:40:6c:d8:be:73:9f:c4:c0:18:d8:79:
3b:0b:af:9c:8c:6b:e9:d2:78:1a:e8:75:76:07:5b:1f:ff:22:
44:39:27:04:71:53:4e:7f:a0:8d:36:82:73:a7:28:c9:0c:3e:
9f:c0:d6:d3:03:ae:3b:ae:c2:25:cf:ab:a6:d1:e7:48:14:9d:
11:c7:e0:62:29:00:b4:99:8a:9c:59:3f:37:f4:5f:db:e8:97:
0c:5c:ba:e9:88:ec:e7:1a:80:82:c7:8d:09:09:ba:e4:56:e7:
31:60:17:8f:17:05:fa:0f:ef:2a:99:ee:65:62:02:4d:91:53:
bd:7d:ca:f1:27:36:1d:f8:c4:f1:4b:b2:b5:15:c2:12:4e:32:
04:3a:80:a8:de:8a:e9:19:c4:ac:a7:a7:8d:bd:19:0c:47:89:
77:b5:8e:ff:5f:0f:2d:0e:ef:8a:30:aa:ef:42:3d:83:75:a5:
46:e4:19:84:72:21:2c:1e:57:dd:2f:5e:70:fb:1e:2a:0b:9c:
34:78:62:fb:c3:0e:42:81:ab:3a:a4:df:72:6b:13:29:34:77:
69:09:ce:1f:8b:f0:62:07:04:4a:10:8f:c4:ff:68:58:c2:f4:
35:d4:6b:fe:cb:03:e8:97:9d:60:96:7d:44:60:d8:ed:fa:bf:
73:7a:4a:79
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVvVLpkoG+9sSoYONskMzT4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjMwMTAxMjE1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTc5OWQ1Y2M4MjgyNDkxMTJjMGYyZDU4YTM0M2MxYmM1MTRiZDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntf4qHjosHxKDlC0RjGuofD1GBON
H/cTHWCiC4i7ej+LT4aEyR2HyH6woHtBTn9FhUsSNWor5cwOME5O4BKDItEpfa5a
eHF+EzvZSTunKJ27UdL13RRX84cVxm98FdJZ+URJi9iiDjc137EKtweDBFw6GGSe
rT8ySQd1+gpfAFXhGbUxKgwFb8LKUj4F9kVa6eN3OweJQFTj/XhrqiybZm8RrCgN
Vnmj6itAIDyvSB7nAjlQKXHrSR80XJkaA4NFIBt8wA1ayQB6C/977Cy289/ulIV8
cQv+ZaeSOHea371xOlwHmKMQAJZ0FLt9zVjaH08qmy2d4Y+OoSvMkqzL3QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDF5nVzIKCSREsDy1Yo0PBvFFL07MB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvTVhtZFhNZ29KSkVTd1BMVmlqUThHOFVVdlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDLv0AAwQA
Lv0KAwQALv0PAwQAXV6JAwQAX6naAwQAuQfZMA0EAgACMAcDBQAqAUpAMA0GCSqG
SIb3DQEBCwUAA4IBAQBpu7cQKge4QGzYvnOfxMAY2Hk7C6+cjGvp0nga6HV2B1sf
/yJEOScEcVNOf6CNNoJzpyjJDD6fwNbTA647rsIlz6um0edIFJ0Rx+BiKQC0mYqc
WT839F/b6JcMXLrpiOznGoCCx40JCbrkVucxYBePFwX6D+8qme5lYgJNkVO9fcrx
JzYd+MTxS7K1FcISTjIEOoCo3orpGcSsp6eNvRkMR4l3tY7/Xw8tDu+KMKrvQj2D
daVG5BmEciEsHlfdL15w+x4qC5w0eGL7ww5Cgas6pN9yaxMpNHdpCc4fi/BiBwRK
EI/E/2hYwvQ11Gv+ywPol51gln1EYNjt+r9zekp5
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:24:06 2025 by rpki-client