Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/5Ea3Paek6M7rhR2Hftachp5poxw.roa
File: 5Ea3Paek6M7rhR2Hftachp5poxw.roa (raw, json)
Hash identifier: JEAT/7zeW2ZYVVGGC+J/xaTgZBBfXgpbaq/nhkheVi8=
Subject key identifier: E4:46:B7:3D:A7:A4:E8:CE:EB:85:1D:87:7E:D6:9C:86:9E:69:A3:1C
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 018C1CBC7316ECAEDE608617952834660ED2
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/5Ea3Paek6M7rhR2Hftachp5poxw.roa
Signing time: Wed 29 Nov 2023 20:19:21 +0000
ROA not before: Wed 29 Nov 2023 20:19:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5398
IP address blocks: 185.155.184.0/23 maxlen: 24
31.44.32.0/20 maxlen: 20
193.221.216.0/23 maxlen: 23
31.44.46.0/23 maxlen: 23
77.220.64.0/19 maxlen: 19
46.21.29.0/24 maxlen: 24
2a0f:e880::/29 maxlen: 29
2a00:bd00::/32 maxlen: 32
2a02:210::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1c:bc:73:16:ec:ae:de:60:86:17:95:28:34:66:0e:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Nov 29 20:19:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e446b73da7a4e8ceeb851d877ed69c869e69a31c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:70:91:98:36:c1:0d:41:bd:d1:86:9b:e1:2a:
84:01:9e:52:e9:11:26:1a:44:b9:bb:47:de:8e:82:
65:49:18:65:dd:4b:05:35:96:7d:0b:e8:ae:25:e1:
43:42:5e:ee:1f:90:c1:14:c4:bb:f1:fb:f6:fe:ae:
0b:ab:9d:ea:62:83:1c:f0:e1:1b:13:56:b1:2f:2f:
b4:d5:4a:f1:68:27:58:18:3a:03:71:9e:f3:c8:a2:
05:3e:15:61:bd:19:36:22:c9:38:ba:1e:17:74:ac:
4b:28:a6:be:52:55:a8:df:07:c2:fb:10:09:2d:89:
9d:af:06:e3:55:ec:ba:e7:b9:29:19:45:fd:cd:76:
fa:5d:8b:b4:a8:ca:b1:7d:14:bb:1a:12:7e:a6:99:
40:fd:08:e6:aa:9b:3e:61:67:32:33:78:72:50:09:
f3:22:70:dc:fc:69:bb:ab:29:00:50:be:69:e3:d4:
6b:ba:9f:ff:08:f9:af:58:22:4e:67:19:7d:f5:b5:
1a:e8:d2:92:12:f9:2a:da:92:3c:63:07:63:08:4a:
cf:4d:88:f5:b6:96:54:8c:48:73:c7:9b:2a:40:f3:
78:c3:aa:12:db:99:2d:7e:86:61:d2:de:57:94:d8:
53:25:8c:90:2b:90:bc:7e:c4:bf:9d:4f:26:95:4a:
d1:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:46:B7:3D:A7:A4:E8:CE:EB:85:1D:87:7E:D6:9C:86:9E:69:A3:1C
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/5Ea3Paek6M7rhR2Hftachp5poxw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
46.21.29.0/24
77.220.64.0/19
185.155.184.0/23
193.221.216.0/23
IPv6:
2a00:bd00::/32
2a02:210::/32
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
3c:4d:31:0a:f5:21:de:c1:ac:1b:84:97:25:fd:e4:23:87:76:
5f:76:6c:70:12:08:ff:6b:fa:3e:c0:bc:e2:ff:74:d1:b2:db:
20:d7:3b:48:4a:54:04:f6:bc:59:8a:44:e2:29:a1:bd:82:55:
73:d7:95:06:2a:f2:b1:37:52:ba:f8:68:17:cd:6d:8c:ec:a3:
9b:43:0e:82:f7:d1:69:9e:b5:4f:bd:27:c0:ca:fb:76:41:1a:
66:53:65:2f:14:e5:7a:5b:e8:16:66:c5:0c:d8:72:d6:81:fd:
04:58:4c:e5:a9:47:9f:aa:fe:38:9f:1f:2a:ea:a9:8c:94:13:
38:9e:fe:77:27:d7:49:73:8b:25:77:fe:af:d6:9b:e2:96:ec:
91:df:ee:94:1b:bb:e2:02:16:73:e9:68:ce:7f:d9:5b:22:0c:
5e:cd:f3:6b:a2:de:1c:c1:68:9a:1d:a5:d8:f2:e7:23:6d:5d:
05:a6:f3:e5:80:ff:ab:63:71:ed:9d:cc:2f:3b:47:13:f0:7e:
f5:d6:22:91:d7:3d:ff:73:c8:48:c5:5a:c3:65:cf:68:9d:b3:
9f:7c:4c:61:0d:6c:6f:ad:55:25:ec:c0:3b:78:58:78:6f:6d:
f8:dd:4a:1b:40:8d:93:d5:af:42:b7:93:04:7e:d8:a4:23:49:
49:8a:52:25
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYwcvHMW7K7eYIYXlSg0Zg7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMxMTI5MjAxOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDQ2YjczZGE3YTRlOGNlZWI4NTFkODc3ZWQ2OWM4NjllNjlhMzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnCRmDbBDUG90Yab4SqEAZ5S6REm
GkS5u0fejoJlSRhl3UsFNZZ9C+iuJeFDQl7uH5DBFMS78fv2/q4Lq53qYoMc8OEb
E1axLy+01UrxaCdYGDoDcZ7zyKIFPhVhvRk2Isk4uh4XdKxLKKa+UlWo3wfC+xAJ
LYmdrwbjVey657kpGUX9zXb6XYu0qMqxfRS7GhJ+pplA/Qjmqps+YWcyM3hyUAnz
InDc/Gm7qykAUL5p49Rrup//CPmvWCJOZxl99bUa6NKSEvkq2pI8YwdjCErPTYj1
tpZUjEhzx5sqQPN4w6oS25ktfoZh0t5XlNhTJYyQK5C8fsS/nU8mlUrR9QIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFORGtz2npOjO64Udh37WnIaeaaMcMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvNUVhM1BhZWs2TTdyaFIySGZ0YWNocDVwb3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAkBAIAATAeAwQEHywgAwQA
LhUdAwQFTdxAAwQBuZu4AwQBwd3YMBsEAgACMBUDBQAqAL0AAwUAKgICEAMFAyoP
6IAwDQYJKoZIhvcNAQELBQADggEBADxNMQr1Id7BrBuElyX95COHdl92bHASCP9r
+j7AvOL/dNGy2yDXO0hKVAT2vFmKROIpob2CVXPXlQYq8rE3Urr4aBfNbYzso5tD
DoL30WmetU+9J8DK+3ZBGmZTZS8U5Xpb6BZmxQzYctaB/QRYTOWpR5+q/jifHyrq
qYyUEzie/ncn10lziyV3/q/Wm+KW7JHf7pQbu+ICFnPpaM5/2VsiDF7N82ui3hzB
aJodpdjy5yNtXQWm8+WA/6tjce2dzC87RxPwfvXWIpHXPf9zyEjFWsNlz2ids598
TGENbG+tVSXswDt4WHhvbfjdShtAjZPVr0K3kwR+2KQjSUmKUiU=
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:54:02 2025 by rpki-client