Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/WktdTvX0-hq4xW8wz5vyBfGXagY.roa
File: WktdTvX0-hq4xW8wz5vyBfGXagY.roa (raw, json)
Hash identifier: oswWuQzne+IYV0POlgfv2ablkKrLOFi1wQbsazIR9fU=
Subject key identifier: 5A:4B:5D:4E:F5:F4:FA:1A:B8:C5:6F:30:CF:9B:F2:05:F1:97:6A:06
Certificate issuer: /CN=ca96218c20efd8fe53fca9990b725dd7963c885c
Certificate serial: 018558BB33E6DF2E4C1DFF2C5D2F003BD678
Authority key identifier: CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/WktdTvX0-hq4xW8wz5vyBfGXagY.roa
Signing time: Wed 28 Dec 2022 12:35:41 +0000
ROA not before: Wed 28 Dec 2022 12:35:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 9121
IP address blocks: 213.144.98.0/24 maxlen: 24
213.144.96.0/24 maxlen: 24
213.144.97.0/24 maxlen: 24
213.144.99.0/24 maxlen: 24
213.144.100.0/24 maxlen: 24
213.144.105.0/24 maxlen: 24
213.144.101.0/24 maxlen: 24
213.144.102.0/24 maxlen: 24
213.144.103.0/24 maxlen: 24
213.144.104.0/24 maxlen: 24
213.144.111.0/24 maxlen: 24
213.144.112.0/24 maxlen: 24
213.144.108.0/24 maxlen: 24
213.144.109.0/24 maxlen: 24
213.144.110.0/24 maxlen: 24
213.144.106.0/24 maxlen: 24
213.144.107.0/24 maxlen: 24
213.144.118.0/24 maxlen: 24
213.144.115.0/24 maxlen: 24
213.144.116.0/24 maxlen: 24
213.144.117.0/24 maxlen: 24
213.144.113.0/24 maxlen: 24
213.144.114.0/24 maxlen: 24
213.144.125.0/24 maxlen: 24
213.144.122.0/24 maxlen: 24
213.144.123.0/24 maxlen: 24
213.144.124.0/24 maxlen: 24
213.144.119.0/24 maxlen: 24
213.144.120.0/24 maxlen: 24
213.144.121.0/24 maxlen: 24
213.144.126.0/24 maxlen: 24
213.144.127.0/24 maxlen: 24
77.92.110.0/24 maxlen: 24
77.92.111.0/24 maxlen: 24
77.92.112.0/24 maxlen: 24
77.92.106.0/24 maxlen: 24
77.92.107.0/24 maxlen: 24
77.92.108.0/24 maxlen: 24
77.92.109.0/24 maxlen: 24
77.92.117.0/24 maxlen: 24
77.92.118.0/24 maxlen: 24
77.92.113.0/24 maxlen: 24
77.92.114.0/24 maxlen: 24
77.92.115.0/24 maxlen: 24
77.92.116.0/24 maxlen: 24
77.92.124.0/24 maxlen: 24
77.92.125.0/24 maxlen: 24
77.92.120.0/24 maxlen: 24
77.92.121.0/24 maxlen: 24
77.92.122.0/24 maxlen: 24
77.92.123.0/24 maxlen: 24
77.92.119.0/24 maxlen: 24
77.92.127.0/24 maxlen: 24
77.92.126.0/24 maxlen: 24
185.115.210.0/24 maxlen: 24
185.115.211.0/24 maxlen: 24
185.115.208.0/24 maxlen: 24
77.92.96.0/24 maxlen: 24
77.92.97.0/24 maxlen: 24
77.92.98.0/24 maxlen: 24
77.92.103.0/24 maxlen: 24
77.92.104.0/24 maxlen: 24
77.92.105.0/24 maxlen: 24
77.92.99.0/24 maxlen: 24
77.92.100.0/24 maxlen: 24
77.92.101.0/24 maxlen: 24
77.92.102.0/24 maxlen: 24
31.40.240.0/24 maxlen: 24
31.40.241.0/24 maxlen: 24
31.40.242.0/24 maxlen: 24
31.40.243.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:58:bb:33:e6:df:2e:4c:1d:ff:2c:5d:2f:00:3b:d6:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca96218c20efd8fe53fca9990b725dd7963c885c
Validity
Not Before: Dec 28 12:35:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5a4b5d4ef5f4fa1ab8c56f30cf9bf205f1976a06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:68:4c:9f:95:eb:16:d3:d9:11:ab:ce:c1:52:
38:fb:04:df:13:c7:51:2f:93:be:47:01:93:94:f1:
28:b8:06:bb:4a:3f:42:3a:5b:5c:59:11:73:e6:5e:
5c:ae:f8:ab:59:9c:aa:41:2d:4a:29:e9:a2:c1:05:
01:77:18:c6:b0:f1:b3:54:59:ed:90:ee:58:78:41:
c4:3e:52:82:44:74:d8:0c:d9:c4:d7:a5:0b:69:d6:
ff:b0:77:ef:05:ea:cf:3a:03:41:e3:b5:31:bb:c2:
39:1d:fc:a8:5d:1c:e3:fd:c1:17:9b:6e:ca:76:3d:
57:49:fe:b1:37:66:57:dc:3d:e7:09:32:9c:39:38:
46:a3:76:b9:59:ed:fd:f7:8e:fa:6d:24:89:66:aa:
73:56:e8:89:bf:01:d6:71:b9:3a:10:47:8f:2f:bf:
42:51:dd:e2:98:ed:78:53:fa:9f:0e:d4:15:20:43:
bd:c8:c7:8c:30:9d:1e:ed:99:5d:88:78:20:e5:30:
0b:fe:88:8f:5f:68:a4:13:6a:c2:4b:0a:91:34:6d:
1b:88:6d:20:60:28:06:e0:f0:26:fd:20:2d:55:af:
af:6b:f8:a3:3c:21:79:fc:9c:cf:eb:4c:c0:82:f2:
0c:41:ca:c0:52:3a:7b:19:32:85:11:54:50:c1:94:
37:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:4B:5D:4E:F5:F4:FA:1A:B8:C5:6F:30:CF:9B:F2:05:F1:97:6A:06
X509v3 Authority Key Identifier:
keyid:CA:96:21:8C:20:EF:D8:FE:53:FC:A9:99:0B:72:5D:D7:96:3C:88:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/WktdTvX0-hq4xW8wz5vyBfGXagY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/9755d5-7f0b-427f-afe0-d712d4738046/1/ypYhjCDv2P5T_KmZC3Jd15Y8iFw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.40.240.0/22
77.92.96.0/19
185.115.208.0/24
185.115.210.0/23
213.144.96.0/19
Signature Algorithm: sha256WithRSAEncryption
ae:0a:82:43:56:5a:aa:ff:60:34:d0:86:64:b2:12:8b:a1:b4:
83:f6:a0:7b:2c:1d:02:24:a8:9b:e9:1b:9a:2f:09:65:42:74:
8e:0e:57:fd:f2:75:2b:93:ab:8a:0e:8f:58:f9:14:10:26:f5:
0c:00:e8:c0:8c:31:40:6d:ce:a4:b1:3d:52:17:42:ea:61:27:
a5:97:cc:ca:2e:f0:b5:e5:23:60:0c:c1:6b:15:d5:16:29:a0:
d7:c7:49:dc:3b:58:d7:4b:9a:96:94:95:0c:3f:22:63:16:4e:
15:b4:c3:ea:a1:4e:df:5b:59:7b:7d:76:b0:f1:51:c5:bb:1a:
28:89:bb:c4:30:6a:bc:be:12:ff:3a:56:43:9a:05:8d:38:32:
ee:11:34:4a:0f:98:8d:99:0a:b9:91:76:80:f8:40:fb:69:65:
b5:c8:06:47:cd:c0:cc:48:9c:8b:80:c4:e2:fb:9e:86:e4:4e:
fd:22:c0:9e:6d:41:cf:b1:3e:d9:3a:9c:17:63:04:cd:e9:1f:
7c:66:fb:8a:b8:d9:94:79:6e:0e:01:34:9d:f7:84:c2:91:00:
1f:f0:02:7f:0a:7d:f2:56:ee:08:13:4e:ba:8e:48:d3:9f:5e:
a5:bf:49:09:71:7b:01:5a:c9:dc:2d:a1:ff:56:a3:89:e5:cf:
45:aa:7e:09
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVYuzPm3y5MHf8sXS8AO9Z4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTYyMThjMjBlZmQ4ZmU1M2ZjYTk5OTBiNzI1ZGQ3OTYz
Yzg4NWMwHhcNMjIxMjI4MTIzNTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTRiNWQ0ZWY1ZjRmYTFhYjhjNTZmMzBjZjliZjIwNWYxOTc2YTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWhMn5XrFtPZEavOwVI4+wTfE8dR
L5O+RwGTlPEouAa7Sj9COltcWRFz5l5crvirWZyqQS1KKemiwQUBdxjGsPGzVFnt
kO5YeEHEPlKCRHTYDNnE16ULadb/sHfvBerPOgNB47Uxu8I5HfyoXRzj/cEXm27K
dj1XSf6xN2ZX3D3nCTKcOThGo3a5We399476bSSJZqpzVuiJvwHWcbk6EEePL79C
Ud3imO14U/qfDtQVIEO9yMeMMJ0e7ZldiHgg5TAL/oiPX2ikE2rCSwqRNG0biG0g
YCgG4PAm/SAtVa+va/ijPCF5/JzP60zAgvIMQcrAUjp7GTKFEVRQwZQ34QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFpLXU719PoauMVvMM+b8gXxl2oGMB8GA1UdIwQY
MBaAFMqWIYwg79j+U/ypmQtyXdeWPIhcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBZaGpDRHYyUDVUX0ttWkMzSmQxNVk4aUZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzU1ZDUtN2YwYi00MjdmLWFmZTAt
ZDcxMmQ0NzM4MDQ2LzEvV2t0ZFR2WDAtaHE0eFc4d3o1dnlCZkdYYWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzU1ZDUtN2YwYi00MjdmLWFmZTAtZDcxMmQ0NzM4MDQ2
LzEveXBZaGpDRHYyUDVUX0ttWkMzSmQxNVk4aUZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCHyjwAwQF
TVxgAwQAuXPQAwQBuXPSAwQF1ZBgMA0GCSqGSIb3DQEBCwUAA4IBAQCuCoJDVlqq
/2A00IZkshKLobSD9qB7LB0CJKib6RuaLwllQnSODlf98nUrk6uKDo9Y+RQQJvUM
AOjAjDFAbc6ksT1SF0LqYSell8zKLvC15SNgDMFrFdUWKaDXx0ncO1jXS5qWlJUM
PyJjFk4VtMPqoU7fW1l7fXaw8VHFuxooibvEMGq8vhL/OlZDmgWNODLuETRKD5iN
mQq5kXaA+ED7aWW1yAZHzcDMSJyLgMTi+56G5E79IsCebUHPsT7ZOpwXYwTN6R98
ZvuKuNmUeW4OATSd94TCkQAf8AJ/Cn3yVu4IE066jkjTn16lv0kJcXsBWsncLaH/
VqOJ5c9Fqn4J
-----END CERTIFICATE-----
Generated at Sun Apr 20 22:47:18 2025 by rpki-client