Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/eIX5As6S3PSq7gUoIC56DXHljjE.roa
File: eIX5As6S3PSq7gUoIC56DXHljjE.roa (raw, json)
Hash identifier: lWG6MyUMxhqG1Q1XRU8bIv0ZwwJ+uGTslYUvb2/zuMo=
Subject key identifier: 78:85:F9:02:CE:92:DC:F4:AA:EE:05:28:20:2E:7A:0D:71:E5:8E:31
Certificate issuer: /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial: 0192B27D6BD18808358C54834FADF0D0A3F9
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/eIX5As6S3PSq7gUoIC56DXHljjE.roa
Signing time: Tue 22 Oct 2024 04:30:16 +0000
ROA not before: Tue 22 Oct 2024 04:30:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20904
IP address blocks: 5.61.88.0/21 maxlen: 24
37.35.80.0/21 maxlen: 21
46.254.208.0/21 maxlen: 21
46.254.208.0/22 maxlen: 22
77.95.242.0/24 maxlen: 24
77.95.245.0/24 maxlen: 24
77.95.246.0/23 maxlen: 23
80.75.96.0/20 maxlen: 20
80.75.106.0/24 maxlen: 24
84.240.64.0/19 maxlen: 19
84.240.96.0/19 maxlen: 19
93.174.192.0/21 maxlen: 22
149.126.176.0/21 maxlen: 21
185.16.168.0/22 maxlen: 22
185.25.76.0/22 maxlen: 22
185.67.80.0/22 maxlen: 22
188.64.0.0/21 maxlen: 21
2a00:1a58::/32 maxlen: 32
2a00:74a0::/32 maxlen: 32
2a04:240::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:b2:7d:6b:d1:88:08:35:8c:54:83:4f:ad:f0:d0:a3:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Validity
Not Before: Oct 22 04:30:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7885f902ce92dcf4aaee0528202e7a0d71e58e31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:54:7b:73:a3:96:09:20:54:3b:63:e2:5d:7a:
2b:b1:30:2b:45:42:bc:3c:12:9b:c3:fa:16:e4:06:
79:3f:95:b2:54:d7:03:02:7e:a9:e0:0b:e8:f3:bc:
0c:21:ad:5b:a4:e3:22:a8:2f:85:16:18:f4:ab:40:
c1:af:99:8c:0e:46:0b:31:aa:96:0e:06:92:fb:5b:
bd:dd:56:9e:4f:d6:09:93:1f:15:ba:3c:ae:40:d8:
c0:6a:d3:07:55:93:3e:18:5f:db:3b:d4:8f:3d:2b:
e9:78:5c:c1:82:a3:57:56:56:25:36:f0:e9:ba:e5:
35:88:6e:a8:e0:a2:98:36:3a:57:12:58:a1:35:7c:
1a:53:c5:26:56:c7:9f:6c:99:6d:c9:42:da:77:94:
c5:c9:72:ba:35:f2:4e:cb:a6:8c:2b:9e:04:8d:db:
8a:cf:40:93:f1:06:0d:d0:b0:2f:bf:d8:9b:33:65:
a1:00:7f:69:6f:74:4c:d5:99:f2:61:94:87:24:87:
df:c0:85:81:00:5c:75:ab:c7:27:23:0d:11:92:8e:
f4:24:16:b6:6c:e5:8e:94:64:3b:a6:a0:ef:77:d4:
39:ba:91:ff:0c:12:07:bb:81:76:2f:31:03:4f:a4:
6c:ab:e3:1c:4e:81:71:ab:da:bc:2d:a4:42:46:3f:
93:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:85:F9:02:CE:92:DC:F4:AA:EE:05:28:20:2E:7A:0D:71:E5:8E:31
X509v3 Authority Key Identifier:
keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/eIX5As6S3PSq7gUoIC56DXHljjE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.88.0/21
37.35.80.0/21
46.254.208.0/21
77.95.242.0/24
77.95.245.0-77.95.247.255
80.75.96.0/20
84.240.64.0/18
93.174.192.0/21
149.126.176.0/21
185.16.168.0/22
185.25.76.0/22
185.67.80.0/22
188.64.0.0/21
IPv6:
2a00:1a58::/32
2a00:74a0::/32
2a04:240::/29
Signature Algorithm: sha256WithRSAEncryption
80:7a:30:95:67:0e:f2:19:ef:b7:7c:7c:69:41:5f:48:7f:64:
19:3f:fa:c3:ad:c7:7f:16:4c:6d:92:de:76:1a:29:b4:7f:f7:
c0:2e:d5:cc:fa:8f:66:c8:df:83:5e:40:51:e5:fb:5d:c8:7c:
62:f2:97:19:d0:90:7e:db:7a:b6:c9:7f:74:7b:ad:16:d9:03:
b6:39:d2:75:8b:08:bc:7d:81:e7:db:bd:43:5d:62:15:16:44:
fb:a0:35:65:c9:83:e8:1a:af:50:f2:df:cf:a6:52:82:25:a2:
1a:27:3f:f4:9f:c5:9b:3f:c0:5e:df:36:19:36:67:77:48:09:
67:27:a5:c6:82:5c:29:64:9a:b6:dd:68:6e:e0:67:04:24:4b:
4a:24:36:eb:a8:e6:9f:6b:85:09:81:e8:04:a0:1d:ce:ba:ff:
b0:32:08:60:ba:35:cd:bd:5a:ea:b5:cb:70:49:a5:15:d9:72:
cb:f6:09:ac:e4:8e:f9:a0:2f:b8:be:7c:da:20:ea:30:e9:bc:
39:e4:23:b6:d8:d5:cc:a9:ad:af:af:76:c5:e0:62:61:1e:82:
f6:65:a0:e7:fe:00:33:31:47:1f:a0:1d:a7:eb:29:eb:55:b5:
b4:57:89:c1:d9:1e:28:9d:76:8e:75:8b:f0:a8:ae:df:7f:17:
08:eb:81:18
-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgISAZKyfWvRiAg1jFSDT63w0KP5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjQxMDIyMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODg1ZjkwMmNlOTJkY2Y0YWFlZTA1MjgyMDJlN2EwZDcxZTU4ZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1R7c6OWCSBUO2PiXXorsTArRUK8
PBKbw/oW5AZ5P5WyVNcDAn6p4Avo87wMIa1bpOMiqC+FFhj0q0DBr5mMDkYLMaqW
DgaS+1u93VaeT9YJkx8VujyuQNjAatMHVZM+GF/bO9SPPSvpeFzBgqNXVlYlNvDp
uuU1iG6o4KKYNjpXElihNXwaU8UmVsefbJltyULad5TFyXK6NfJOy6aMK54EjduK
z0CT8QYN0LAvv9ibM2WhAH9pb3RM1ZnyYZSHJIffwIWBAFx1q8cnIw0Rko70JBa2
bOWOlGQ7pqDvd9Q5upH/DBIHu4F2LzEDT6Rsq+McToFxq9q8LaRCRj+T8QIDAQAB
o4ICdzCCAnMwHQYDVR0OBBYEFHiF+QLOktz0qu4FKCAueg1x5Y4xMB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEvZUlYNUFzNlMzUFNxN2dVb0lDNTZEWEhsampFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGMBggrBgEFBQcBBwEB/wR9MHswXAQCAAEwVgMEAwU9WAME
AyUjUAMEAy7+0AMEAE1f8jAMAwQATV/1AwQDTV/wAwQEUEtgAwQGVPBAAwQDXa7A
AwQDlX6wAwQCuRCoAwQCuRlMAwQCuUNQAwQDvEAAMBsEAgACMBUDBQAqABpYAwUA
KgB0oAMFAyoEAkAwDQYJKoZIhvcNAQELBQADggEBAIB6MJVnDvIZ77d8fGlBX0h/
ZBk/+sOtx38WTG2S3nYaKbR/98Au1cz6j2bI34NeQFHl+13IfGLylxnQkH7berbJ
f3R7rRbZA7Y50nWLCLx9gefbvUNdYhUWRPugNWXJg+gar1Dy38+mUoIlohonP/Sf
xZs/wF7fNhk2Z3dICWcnpcaCXClkmrbdaG7gZwQkS0okNuuo5p9rhQmB6ASgHc66
/7AyCGC6Nc29Wuq1y3BJpRXZcsv2CazkjvmgL7i+fNog6jDpvDnkI7bY1cypra+v
dsXgYmEegvZloOf+ADMxRx+gHafrKetVtbRXicHZHiiddo51i/Cort9/FwjrgRg=
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:13:36 2025 by rpki-client