Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/ppddWR7AyMDSIYVd2WuCRHrBFjM.roa
File: ppddWR7AyMDSIYVd2WuCRHrBFjM.roa (raw, json)
Hash identifier: xM3ZLOhYJe+HEw7LS9Ccq0pgsvjhs8TgoH6PP+tZ8OY=
Subject key identifier: A6:97:5D:59:1E:C0:C8:C0:D2:21:85:5D:D9:6B:82:44:7A:C1:16:33
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 0196C503990C8A5474B37A88F7D4261AC45F
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/ppddWR7AyMDSIYVd2WuCRHrBFjM.roa
Signing time: Mon 12 May 2025 15:01:09 +0000
ROA not before: Mon 12 May 2025 15:01:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 45.143.158.0/23 maxlen: 24
45.143.159.0/24 maxlen: 24
46.21.29.0/24 maxlen: 24
185.155.176.0/22 maxlen: 24
185.155.184.0/23 maxlen: 24
193.221.216.0/23 maxlen: 23
193.222.104.0/23 maxlen: 24
193.222.105.0/24 maxlen: 24
2a00:bd00::/32 maxlen: 32
2a0f:e880::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:c5:03:99:0c:8a:54:74:b3:7a:88:f7:d4:26:1a:c4:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: May 12 15:01:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a6975d591ec0c8c0d221855dd96b82447ac11633
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:6f:d1:26:b6:67:a3:73:0c:40:7a:db:61:59:
19:5e:79:19:45:c7:6c:33:85:33:e4:5d:3c:c5:e4:
0e:d1:52:c5:98:69:ec:fe:77:08:93:ee:74:77:21:
9a:4c:9d:b0:df:13:07:09:49:e2:df:e9:f5:b8:ce:
5c:d5:ff:29:55:b2:f1:57:16:a4:c3:37:ba:bd:df:
62:af:64:53:cb:e5:73:bc:06:b5:9a:40:24:0c:c6:
38:06:c2:01:da:4c:05:f7:e7:57:e8:96:ab:2a:65:
de:b4:56:3d:41:a4:40:70:19:6a:a5:2f:70:d4:69:
fb:53:31:59:b9:1d:75:6f:c3:8c:ef:80:e4:9e:55:
70:6c:5d:1d:e5:34:26:3c:2f:34:71:3a:c2:3f:59:
fc:d5:f2:ef:a2:5d:03:f1:33:f2:96:44:e9:0f:8c:
8e:a5:5e:e2:af:94:74:bc:8c:20:0e:7d:dd:42:05:
29:a0:8d:50:f8:fc:09:3e:11:0e:10:3b:69:66:76:
9a:3b:53:f0:0f:b0:0b:48:80:38:c4:91:56:5f:77:
0e:6c:16:c9:0d:67:2c:c6:e1:64:31:f1:01:de:41:
6c:29:89:7a:ff:29:96:31:4e:45:12:1b:a9:66:d0:
6b:d4:53:db:70:2e:99:98:3e:7a:a1:6e:16:40:e3:
de:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:97:5D:59:1E:C0:C8:C0:D2:21:85:5D:D9:6B:82:44:7A:C1:16:33
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/ppddWR7AyMDSIYVd2WuCRHrBFjM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.158.0/23
46.21.29.0/24
185.155.176.0/22
185.155.184.0/23
193.221.216.0/23
193.222.104.0/23
IPv6:
2a00:bd00::/32
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
84:0e:b7:04:fd:83:b8:5f:1e:74:c5:3c:f9:cb:c5:a6:00:74:
f8:d9:e0:92:e8:4d:a4:0f:07:62:2e:df:c3:80:63:73:20:be:
3f:66:a1:67:a9:5d:33:a7:ad:f0:a6:71:ef:1f:0e:a1:cd:1c:
51:82:eb:61:bf:88:84:55:66:b2:04:ee:5a:d1:bf:91:f2:7d:
7d:dc:d7:89:8e:bf:6b:85:7b:47:15:bb:90:41:14:3c:41:69:
47:74:be:8e:42:91:20:c3:19:03:1b:1d:04:4b:31:6c:65:39:
29:46:3b:30:03:a5:67:a8:a9:63:63:77:92:b7:b7:a7:cf:a2:
a1:c2:6b:77:9b:de:12:0c:43:b5:f2:24:99:00:4b:69:fa:0e:
86:d5:8e:c4:7a:69:07:ff:8a:3e:43:db:85:63:43:67:0a:56:
fe:43:a6:b7:7c:59:0b:9e:e4:a8:5e:26:56:9b:86:d7:9c:5d:
8f:19:af:6b:bf:b0:dd:b6:e5:24:53:53:a1:cf:28:43:a2:49:
7c:57:e2:18:b4:bc:78:69:95:22:ca:05:f2:35:22:73:1d:54:
bf:17:12:32:a0:6b:23:a8:43:91:be:eb:3f:7f:96:bb:93:8e:
66:17:8e:f1:0a:e8:bc:10:67:3b:c4:dd:a1:71:7e:27:64:11:
26:ab:1d:f1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZbFA5kMilR0s3qI99QmGsRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwNTEyMTUwMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjk3NWQ1OTFlYzBjOGMwZDIyMTg1NWRkOTZiODI0NDdhYzExNjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG/RJrZno3MMQHrbYVkZXnkZRcds
M4Uz5F08xeQO0VLFmGns/ncIk+50dyGaTJ2w3xMHCUni3+n1uM5c1f8pVbLxVxak
wze6vd9ir2RTy+VzvAa1mkAkDMY4BsIB2kwF9+dX6JarKmXetFY9QaRAcBlqpS9w
1Gn7UzFZuR11b8OM74DknlVwbF0d5TQmPC80cTrCP1n81fLvol0D8TPylkTpD4yO
pV7ir5R0vIwgDn3dQgUpoI1Q+PwJPhEOEDtpZnaaO1PwD7ALSIA4xJFWX3cObBbJ
DWcsxuFkMfEB3kFsKYl6/ymWMU5FEhupZtBr1FPbcC6ZmD56oW4WQOPecQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFKaXXVkewMjA0iGFXdlrgkR6wRYzMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvcHBkZFdSN0F5TURTSVlWZDJXdUNSSHJCRmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQBLY+eAwQA
LhUdAwQCuZuwAwQBuZu4AwQBwd3YAwQBwd5oMBQEAgACMA4DBQAqAL0AAwUDKg/o
gDANBgkqhkiG9w0BAQsFAAOCAQEAhA63BP2DuF8edMU8+cvFpgB0+NngkuhNpA8H
Yi7fw4BjcyC+P2ahZ6ldM6et8KZx7x8Ooc0cUYLrYb+IhFVmsgTuWtG/kfJ9fdzX
iY6/a4V7RxW7kEEUPEFpR3S+jkKRIMMZAxsdBEsxbGU5KUY7MAOlZ6ipY2N3kre3
p8+iocJrd5veEgxDtfIkmQBLafoOhtWOxHppB/+KPkPbhWNDZwpW/kOmt3xZC57k
qF4mVpuG15xdjxmva7+w3bblJFNToc8oQ6JJfFfiGLS8eGmVIsoF8jUicx1UvxcS
MqBrI6hDkb7rP3+Wu5OOZheO8QrovBBnO8TdoXF+J2QRJqsd8Q==
-----END CERTIFICATE-----
Generated at Sat Jul 26 00:15:28 2025 by rpki-client