Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/rEbQghoDwMsdxNFRNBjw9tcsgWM.roa
File: rEbQghoDwMsdxNFRNBjw9tcsgWM.roa (raw, json)
Hash identifier: mGhdmopz1JpECYsG5yrVWS960QhuMN/17pd2LvehusU=
Subject key identifier: AC:46:D0:82:1A:03:C0:CB:1D:C4:D1:51:34:18:F0:F6:D7:2C:81:63
Certificate issuer: /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial: 0193CE542BA5708D1876BE8518451F3377E3
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/rEbQghoDwMsdxNFRNBjw9tcsgWM.roa
Signing time: Mon 16 Dec 2024 07:17:22 +0000
ROA not before: Mon 16 Dec 2024 07:17:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20904
IP address blocks: 5.61.88.0/21 maxlen: 24
37.35.80.0/21 maxlen: 21
46.254.208.0/22 maxlen: 22
77.95.242.0/24 maxlen: 24
77.95.245.0/24 maxlen: 24
77.95.246.0/23 maxlen: 23
80.75.96.0/20 maxlen: 20
80.75.106.0/24 maxlen: 24
93.174.192.0/21 maxlen: 22
149.126.176.0/21 maxlen: 21
185.16.168.0/22 maxlen: 22
185.25.76.0/22 maxlen: 22
185.67.80.0/22 maxlen: 22
188.64.0.0/21 maxlen: 21
2a00:1a58::/32 maxlen: 32
2a00:74a0::/32 maxlen: 32
2a04:240::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:ce:54:2b:a5:70:8d:18:76:be:85:18:45:1f:33:77:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Validity
Not Before: Dec 16 07:17:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ac46d0821a03c0cb1dc4d1513418f0f6d72c8163
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:a8:c3:2c:0a:e4:b5:f0:7c:37:2a:cf:ed:18:
2a:4f:26:a7:1d:a0:9e:7b:d7:4d:d8:0e:ad:0e:1e:
1e:4e:38:82:72:0c:f8:71:43:ce:65:09:36:ff:a3:
83:64:9c:62:a6:4a:fe:3c:b5:39:07:ab:34:36:fb:
03:eb:1e:7d:2a:72:48:1e:22:6e:b8:6e:42:e6:bf:
47:38:5d:30:a2:13:ee:28:4e:e1:46:52:b7:04:2d:
b4:41:76:97:92:bf:f4:b2:dc:62:98:7b:59:be:5f:
eb:39:1c:1e:b3:af:56:eb:31:70:7f:8a:98:c8:62:
6d:d1:45:5e:9b:79:a4:d6:cb:8f:6d:4b:15:e6:91:
c5:bb:f6:da:ec:ac:ed:8e:42:6e:78:c0:fb:b9:55:
fe:e4:00:5c:b2:73:2c:89:73:13:7d:6c:fa:8f:15:
ce:59:cf:a2:70:34:b4:d7:3c:ab:1b:65:90:dc:e0:
3c:46:f5:5e:f5:7f:1d:4e:6b:6c:02:4a:d3:89:ec:
b4:b3:9a:45:0f:ac:2f:f8:27:27:7e:47:9f:2b:e7:
91:30:03:f5:fd:c3:e4:2b:51:fb:36:84:5d:1c:4b:
9c:99:dd:e3:ad:3f:fb:ee:1e:09:53:c8:57:31:2f:
3f:52:2e:e0:59:8f:5e:da:ea:bf:f9:7a:2d:12:85:
11:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:46:D0:82:1A:03:C0:CB:1D:C4:D1:51:34:18:F0:F6:D7:2C:81:63
X509v3 Authority Key Identifier:
keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/rEbQghoDwMsdxNFRNBjw9tcsgWM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.88.0/21
37.35.80.0/21
46.254.208.0/22
77.95.242.0/24
77.95.245.0-77.95.247.255
80.75.96.0/20
93.174.192.0/21
149.126.176.0/21
185.16.168.0/22
185.25.76.0/22
185.67.80.0/22
188.64.0.0/21
IPv6:
2a00:1a58::/32
2a00:74a0::/32
2a04:240::/29
Signature Algorithm: sha256WithRSAEncryption
25:7e:30:db:96:05:17:1c:78:65:68:ea:86:ec:2d:c5:4b:b7:
84:5e:ae:49:6c:f9:96:54:98:3c:56:e9:cf:7b:19:ea:3f:84:
a7:ba:6d:96:cf:66:70:6d:c2:93:ac:3f:4f:6c:c7:58:22:f0:
89:86:e5:60:b8:2a:38:c7:e5:a3:6a:d9:55:66:91:42:5b:82:
5c:d5:28:56:88:ef:f7:fb:9e:b3:fa:79:25:d4:1d:05:09:79:
64:74:d1:71:13:78:b3:5a:21:07:b4:39:0e:65:23:5a:fd:f8:
3f:8d:7e:90:63:37:3d:90:fe:47:64:a7:a9:32:6c:f5:0c:f1:
74:34:fa:cb:5b:b2:56:a2:54:8b:de:4a:91:c5:82:ea:75:f6:
ba:b7:c3:0e:82:c5:92:f9:d5:99:2c:d8:8a:e3:9d:77:a0:dc:
05:4f:45:f3:56:38:b9:9c:cf:ef:17:1b:15:15:47:a5:59:71:
67:24:f5:36:c9:8b:66:bb:80:d1:7b:88:27:a9:fd:a1:b5:52:
b2:ba:da:01:48:3b:9a:1b:74:9b:2f:79:ea:4b:82:61:a3:56:
af:fe:23:84:9e:1d:78:ef:d1:4d:98:19:08:26:64:b3:13:6c:
f7:cd:c9:72:b2:0f:08:61:fa:84:6a:30:fe:a9:c9:a4:da:c5:
e8:7f:6f:ec
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAZPOVCulcI0Ydr6FGEUfM3fjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjQxMjE2MDcxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ2ZDA4MjFhMDNjMGNiMWRjNGQxNTEzNDE4ZjBmNmQ3MmM4MTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qjDLArktfB8NyrP7RgqTyanHaCe
e9dN2A6tDh4eTjiCcgz4cUPOZQk2/6ODZJxipkr+PLU5B6s0NvsD6x59KnJIHiJu
uG5C5r9HOF0wohPuKE7hRlK3BC20QXaXkr/0stximHtZvl/rORwes69W6zFwf4qY
yGJt0UVem3mk1suPbUsV5pHFu/ba7KztjkJueMD7uVX+5ABcsnMsiXMTfWz6jxXO
Wc+icDS01zyrG2WQ3OA8RvVe9X8dTmtsAkrTiey0s5pFD6wv+CcnfkefK+eRMAP1
/cPkK1H7NoRdHEucmd3jrT/77h4JU8hXMS8/Ui7gWY9e2uq/+XotEoURhwIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFKxG0IIaA8DLHcTRUTQY8PbXLIFjMB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEvckViUWdob0R3TXNkeE5GUk5Canc5dGNzZ1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwVgQCAAEwUAMEAwU9WAME
AyUjUAMEAi7+0AMEAE1f8jAMAwQATV/1AwQDTV/wAwQEUEtgAwQDXa7AAwQDlX6w
AwQCuRCoAwQCuRlMAwQCuUNQAwQDvEAAMBsEAgACMBUDBQAqABpYAwUAKgB0oAMF
AyoEAkAwDQYJKoZIhvcNAQELBQADggEBACV+MNuWBRcceGVo6obsLcVLt4Rerkls
+ZZUmDxW6c97Geo/hKe6bZbPZnBtwpOsP09sx1gi8ImG5WC4KjjH5aNq2VVmkUJb
glzVKFaI7/f7nrP6eSXUHQUJeWR00XETeLNaIQe0OQ5lI1r9+D+NfpBjNz2Q/kdk
p6kybPUM8XQ0+stbslaiVIveSpHFgup19rq3ww6CxZL51Zks2IrjnXeg3AVPRfNW
OLmcz+8XGxUVR6VZcWck9TbJi2a7gNF7iCep/aG1UrK62gFIO5obdJsveepLgmGj
Vq/+I4SeHXjv0U2YGQgmZLMTbPfNyXKyDwhh+oRqMP6pyaTaxeh/b+w=
-----END CERTIFICATE-----
Generated at Sun Apr 20 02:05:15 2025 by rpki-client