Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/mUYwhUXYIfwJn4Em5ttUVxach4s.roa
File: mUYwhUXYIfwJn4Em5ttUVxach4s.roa (raw, json)
Hash identifier: HqW1JPGnDAMrBz7DqqXE4tTC1koieOuR/Gzb62wLR8w=
Subject key identifier: 99:46:30:85:45:D8:21:FC:09:9F:81:26:E6:DB:54:57:16:9C:87:8B
Certificate issuer: /CN=79e24b47f8943cad6e04c9f646cb1077c140fdfb
Certificate serial: 0195B9072C00920D6BA7D6E701A3447F670D
Authority key identifier: 79:E2:4B:47:F8:94:3C:AD:6E:04:C9:F6:46:CB:10:77:C1:40:FD:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/mUYwhUXYIfwJn4Em5ttUVxach4s.roa
Signing time: Fri 21 Mar 2025 14:06:49 +0000
ROA not before: Fri 21 Mar 2025 14:06:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42532
IP address blocks: 77.73.64.0/23 maxlen: 23
77.73.71.0/24 maxlen: 24
91.197.0.0/22 maxlen: 22
94.242.48.0/24 maxlen: 24
94.242.49.0/24 maxlen: 24
94.242.58.0/23 maxlen: 23
185.22.172.0/22 maxlen: 22
185.145.245.0/24 maxlen: 24
185.155.119.0/24 maxlen: 24
185.242.104.0/22 maxlen: 22
185.242.106.0/23 maxlen: 23
212.6.44.0/24 maxlen: 24
2a0c:16c0::/32 maxlen: 32
2a0c:16c1::/32 maxlen: 32
2a0c:16c2::/32 maxlen: 32
2a0c:16c3::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b9:07:2c:00:92:0d:6b:a7:d6:e7:01:a3:44:7f:67:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=79e24b47f8943cad6e04c9f646cb1077c140fdfb
Validity
Not Before: Mar 21 14:06:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9946308545d821fc099f8126e6db5457169c878b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:ce:6e:3f:88:95:a7:54:bf:88:54:4d:ce:7f:
e2:4c:04:a7:b6:22:ea:52:ff:1a:fc:48:c1:f3:4e:
bf:a0:8d:ec:30:3e:0d:bf:ad:f9:d7:3a:7c:4a:73:
6e:dc:ea:6a:58:28:26:bb:46:c6:40:1b:49:e4:34:
ed:67:0c:54:e6:1f:66:aa:a7:44:4f:ae:dd:25:34:
51:c4:a1:83:6c:0c:46:6c:02:b0:8c:23:e4:24:ec:
e6:be:f4:63:3b:ad:e8:b9:f7:f5:b0:04:e7:fa:64:
13:94:7d:e8:52:a7:e0:86:36:21:cb:c8:bd:21:68:
8c:fc:0d:c4:17:ba:5f:b6:d6:e4:ae:83:7e:09:2b:
13:94:c0:59:a0:4f:7d:1c:b1:56:e1:8c:e9:ab:d6:
f9:1a:df:e8:ef:7e:74:bd:6b:84:22:2a:02:ed:a8:
c5:fa:39:b7:e9:d1:58:80:ae:ff:52:29:e2:9b:42:
d0:13:70:e9:83:96:86:f1:fe:41:03:a9:33:29:fc:
94:0b:39:47:0c:83:81:09:63:4d:91:7e:94:15:00:
98:b8:32:e0:cb:6e:6f:ba:0c:10:68:2b:8a:54:87:
24:d2:ad:6e:3f:46:be:19:a7:53:3a:2a:93:4e:75:
d6:92:3f:eb:74:68:80:84:5f:5b:b3:5c:5b:9c:8a:
4d:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:46:30:85:45:D8:21:FC:09:9F:81:26:E6:DB:54:57:16:9C:87:8B
X509v3 Authority Key Identifier:
keyid:79:E2:4B:47:F8:94:3C:AD:6E:04:C9:F6:46:CB:10:77:C1:40:FD:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eeJLR_iUPK1uBMn2RssQd8FA_fs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/mUYwhUXYIfwJn4Em5ttUVxach4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/54a65b-cf0b-498f-80d4-bc584b36cbef/1/eeJLR_iUPK1uBMn2RssQd8FA_fs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.73.64.0/23
77.73.71.0/24
91.197.0.0/22
94.242.48.0/23
94.242.58.0/23
185.22.172.0/22
185.145.245.0/24
185.155.119.0/24
185.242.104.0/22
212.6.44.0/24
IPv6:
2a0c:16c0::/30
Signature Algorithm: sha256WithRSAEncryption
49:41:cc:e7:a2:e8:bf:e4:ea:a9:b9:95:f3:88:1e:33:68:cc:
78:1f:39:87:e3:7d:7a:9b:d0:39:5a:69:0a:e2:20:34:97:c8:
b0:80:2a:12:af:a4:c0:1d:b8:bc:c6:f2:e2:29:7b:84:b7:72:
35:16:7e:64:3d:c1:19:00:be:ee:70:dd:cc:c0:82:ba:d7:2d:
b0:55:f9:19:9c:e5:67:a1:29:f5:cf:5d:d3:d3:75:a6:a2:30:
3f:60:10:7d:c7:db:8a:8e:61:4f:2e:1b:96:28:b3:29:03:14:
15:af:8c:27:b8:62:24:a0:48:10:4f:0b:7b:96:ef:90:0e:00:
d5:f0:16:4a:00:9e:2e:ef:5c:57:22:9f:0d:4b:32:86:38:d9:
a7:05:8f:df:e1:e3:27:67:7a:1d:f5:19:dd:8a:0d:bb:56:e8:
90:eb:3f:4f:01:ce:88:85:f8:67:99:95:3c:e5:37:d3:0f:79:
87:71:80:84:cc:39:a9:d6:13:81:ea:84:e4:5f:b2:a8:87:45:
a8:00:7a:ab:4f:e5:53:bc:ef:44:d7:40:d7:53:e2:d8:2c:a2:
c6:6f:f1:f8:13:dd:39:af:7e:79:e5:76:cc:eb:12:3a:65:05:
0b:16:73:ad:73:93:07:0b:7e:b0:8e:44:34:88:ea:67:6b:b7:
b0:7b:80:cb
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAZW5BywAkg1rp9bnAaNEf2cNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZTI0YjQ3Zjg5NDNjYWQ2ZTA0YzlmNjQ2Y2IxMDc3YzE0
MGZkZmIwHhcNMjUwMzIxMTQwNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTQ2MzA4NTQ1ZDgyMWZjMDk5ZjgxMjZlNmRiNTQ1NzE2OWM4NzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc5uP4iVp1S/iFRNzn/iTASntiLq
Uv8a/EjB806/oI3sMD4Nv6351zp8SnNu3OpqWCgmu0bGQBtJ5DTtZwxU5h9mqqdE
T67dJTRRxKGDbAxGbAKwjCPkJOzmvvRjO63ouff1sATn+mQTlH3oUqfghjYhy8i9
IWiM/A3EF7pfttbkroN+CSsTlMBZoE99HLFW4Yzpq9b5Gt/o7350vWuEIioC7ajF
+jm36dFYgK7/Uinim0LQE3Dpg5aG8f5BA6kzKfyUCzlHDIOBCWNNkX6UFQCYuDLg
y25vugwQaCuKVIck0q1uP0a+GadTOiqTTnXWkj/rdGiAhF9bs1xbnIpNWQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFJlGMIVF2CH8CZ+BJubbVFcWnIeLMB8GA1UdIwQY
MBaAFHniS0f4lDytbgTJ9kbLEHfBQP37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWVKTFJfaVVQSzF1Qk1uMlJzc1FkOEZBX2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi81NGE2NWItY2YwYi00OThmLTgwZDQt
YmM1ODRiMzZjYmVmLzEvbVVZd2hVWFlJZndKbjRFbTV0dFVWeGFjaDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi81NGE2NWItY2YwYi00OThmLTgwZDQtYmM1ODRiMzZjYmVm
LzEvZWVKTFJfaVVQSzF1Qk1uMlJzc1FkOEZBX2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQBTUlAAwQA
TUlHAwQCW8UAAwQBXvIwAwQBXvI6AwQCuRasAwQAuZH1AwQAuZt3AwQCufJoAwQA
1AYsMA0EAgACMAcDBQIqDBbAMA0GCSqGSIb3DQEBCwUAA4IBAQBJQcznoui/5Oqp
uZXziB4zaMx4HzmH4316m9A5WmkK4iA0l8iwgCoSr6TAHbi8xvLiKXuEt3I1Fn5k
PcEZAL7ucN3MwIK61y2wVfkZnOVnoSn1z13T03WmojA/YBB9x9uKjmFPLhuWKLMp
AxQVr4wnuGIkoEgQTwt7lu+QDgDV8BZKAJ4u71xXIp8NSzKGONmnBY/f4eMnZ3od
9Rndig27VuiQ6z9PAc6IhfhnmZU85TfTD3mHcYCEzDmp1hOB6oTkX7Koh0WoAHqr
T+VTvO9E10DXU+LYLKLGb/H4E905r3555XbM6xI6ZQULFnOtc5MHC36wjkQ0iOpn
a7ewe4DL
-----END CERTIFICATE-----
Generated at Sat Apr 19 17:12:14 2025 by rpki-client