Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/DqiUX-ItaIjvnXK9rYF_RD_iEMc.roa
File: DqiUX-ItaIjvnXK9rYF_RD_iEMc.roa (raw, json)
Hash identifier: fU21aovepwLasPmEMfB9RPx5am5pGCirdU1GWlotKvg=
Subject key identifier: 0E:A8:94:5F:E2:2D:68:88:EF:9D:72:BD:AD:81:7F:44:3F:E2:10:C7
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 0194602EDCD19B7323E82C32D78A165D9C1F
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/DqiUX-ItaIjvnXK9rYF_RD_iEMc.roa
Signing time: Mon 13 Jan 2025 15:01:11 +0000
ROA not before: Mon 13 Jan 2025 15:01:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 31.44.32.0/20 maxlen: 20
31.44.46.0/23 maxlen: 23
45.143.158.0/23 maxlen: 24
46.21.16.0/24 maxlen: 24
46.21.29.0/24 maxlen: 24
77.220.64.0/19 maxlen: 19
193.221.216.0/23 maxlen: 23
193.222.104.0/23 maxlen: 24
2a0f:e880::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:60:2e:dc:d1:9b:73:23:e8:2c:32:d7:8a:16:5d:9c:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Jan 13 15:01:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ea8945fe22d6888ef9d72bdad817f443fe210c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:9f:fc:34:da:8c:bd:e8:43:c2:0b:14:84:47:
7d:b8:9d:31:08:d8:51:f2:b9:6a:4e:a4:85:ed:79:
ed:55:dc:af:81:92:8f:e0:70:8d:cf:25:2a:a6:f0:
33:e7:79:8d:76:ab:a1:45:6b:c4:6f:20:ef:72:c1:
1e:31:46:75:3f:dd:28:91:8b:7d:b6:ec:ed:c6:0f:
05:75:d9:7d:99:dd:21:b1:c7:ed:6b:d5:fe:ff:2d:
0a:13:55:d4:51:c9:77:b6:eb:fe:57:54:85:b1:a9:
5e:c5:45:ed:dd:9e:b6:3b:0c:b7:33:38:07:19:a2:
9d:20:d8:14:d7:2f:31:bd:d4:37:52:9a:8e:76:86:
4d:4c:3f:9c:02:c3:d7:46:13:69:28:52:25:db:a5:
fc:0c:8b:5d:96:1f:10:2b:45:08:73:59:31:e3:48:
de:4e:a6:f8:f4:ee:bb:8d:95:26:cb:ae:4b:ec:66:
88:ee:34:65:3f:ed:b2:de:4f:d8:d4:e0:3f:ab:2f:
93:2f:ab:3b:fb:2a:fb:5e:a4:b8:b2:31:23:e0:93:
da:91:45:85:d8:ae:72:9e:b0:07:ab:68:71:d9:03:
5c:41:17:44:de:73:cc:43:eb:11:97:de:7c:72:4f:
58:a7:a6:07:ca:ea:32:4d:aa:1b:e1:d5:91:8c:88:
c6:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:A8:94:5F:E2:2D:68:88:EF:9D:72:BD:AD:81:7F:44:3F:E2:10:C7
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/DqiUX-ItaIjvnXK9rYF_RD_iEMc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
45.143.158.0/23
46.21.16.0/24
46.21.29.0/24
77.220.64.0/19
193.221.216.0/23
193.222.104.0/23
IPv6:
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
53:28:63:5c:eb:41:12:55:d8:ca:26:96:9e:93:8b:e2:8a:2e:
54:6b:12:d9:7d:9a:dc:65:af:fd:89:98:e1:b3:98:d2:4c:93:
f8:60:ba:52:da:7d:0a:ce:66:cd:5f:62:62:2b:b8:df:75:26:
0d:52:a9:38:74:72:19:91:90:3b:fd:ec:b7:f3:dd:df:b6:ac:
7e:66:58:5b:08:2b:0e:5e:a6:88:99:d4:12:fe:0c:f0:3b:56:
79:5c:02:b8:c1:72:8f:c1:e2:ce:7b:b8:40:7a:61:49:d6:3a:
32:f6:04:50:a2:ac:8d:de:a4:f3:d7:7d:e2:c8:b9:c9:57:45:
1b:35:5d:fe:5c:24:67:23:24:eb:ab:c6:ce:fb:05:25:cd:dc:
01:0e:e6:2b:c4:7d:a8:03:73:4c:cf:f0:f3:b9:bc:7e:ca:2d:
7b:0b:7c:ea:53:08:0e:e1:38:08:32:d1:90:f3:5b:68:c1:7d:
47:25:ed:30:6b:37:9c:48:f7:95:73:ac:9e:44:54:9b:6e:a7:
31:2d:a8:8e:7d:b1:ec:f9:f3:6f:8d:38:66:2c:33:5f:92:12:
4c:f7:29:a3:5e:09:ea:5a:9f:a9:6d:1d:d8:d5:61:bb:72:46:
22:37:72:6d:eb:5a:fe:24:7e:7d:f3:83:1b:07:45:1c:f8:41:
66:98:4f:77
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZRgLtzRm3Mj6Cwy14oWXZwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwMTEzMTUwMTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWE4OTQ1ZmUyMmQ2ODg4ZWY5ZDcyYmRhZDgxN2Y0NDNmZTIxMGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Z/8NNqMvehDwgsUhEd9uJ0xCNhR
8rlqTqSF7XntVdyvgZKP4HCNzyUqpvAz53mNdquhRWvEbyDvcsEeMUZ1P90okYt9
tuztxg8Fddl9md0hscfta9X+/y0KE1XUUcl3tuv+V1SFsalexUXt3Z62Owy3MzgH
GaKdINgU1y8xvdQ3UpqOdoZNTD+cAsPXRhNpKFIl26X8DItdlh8QK0UIc1kx40je
Tqb49O67jZUmy65L7GaI7jRlP+2y3k/Y1OA/qy+TL6s7+yr7XqS4sjEj4JPakUWF
2K5ynrAHq2hx2QNcQRdE3nPMQ+sRl958ck9Yp6YHyuoyTaob4dWRjIjGmwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFA6olF/iLWiI751yva2Bf0Q/4hDHMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvRHFpVVgtSXRhSWp2blhLOXJZRl9SRF9pRU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEHywgAwQB
LY+eAwQALhUQAwQALhUdAwQFTdxAAwQBwd3YAwQBwd5oMA0EAgACMAcDBQMqD+iA
MA0GCSqGSIb3DQEBCwUAA4IBAQBTKGNc60ESVdjKJpaek4viii5UaxLZfZrcZa/9
iZjhs5jSTJP4YLpS2n0KzmbNX2JiK7jfdSYNUqk4dHIZkZA7/ey3893ftqx+Zlhb
CCsOXqaImdQS/gzwO1Z5XAK4wXKPweLOe7hAemFJ1joy9gRQoqyN3qTz133iyLnJ
V0UbNV3+XCRnIyTrq8bO+wUlzdwBDuYrxH2oA3NMz/Dzubx+yi17C3zqUwgO4TgI
MtGQ81towX1HJe0wazecSPeVc6yeRFSbbqcxLaiOfbHs+fNvjThmLDNfkhJM9ymj
XgnqWp+pbR3Y1WG7ckYiN3Jt61r+JH5984MbB0Uc+EFmmE93
-----END CERTIFICATE-----
Generated at Mon Apr 21 10:41:32 2025 by rpki-client