Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/bKF3RoAiT9_EA4ObMT5VyXGJVjY.roa
File: bKF3RoAiT9_EA4ObMT5VyXGJVjY.roa (raw, json)
Hash identifier: vcRn59ZiEULhyArfw3CjhOvrMsqugbLLWmc15VIdXMs=
Subject key identifier: 6C:A1:77:46:80:22:4F:DF:C4:03:83:9B:31:3E:55:C9:71:89:56:36
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 0195E28609668A5B170BD1C0CDEC2BD5390E
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/bKF3RoAiT9_EA4ObMT5VyXGJVjY.roa
Signing time: Sat 29 Mar 2025 15:29:49 +0000
ROA not before: Sat 29 Mar 2025 15:29:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 31.44.32.0/20 maxlen: 20
31.44.46.0/23 maxlen: 23
45.143.158.0/23 maxlen: 24
46.21.29.0/24 maxlen: 24
77.220.64.0/19 maxlen: 19
193.221.216.0/23 maxlen: 23
193.222.104.0/23 maxlen: 24
193.222.105.0/24 maxlen: 24
2a0f:e880::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:e2:86:09:66:8a:5b:17:0b:d1:c0:cd:ec:2b:d5:39:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Mar 29 15:29:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6ca1774680224fdfc403839b313e55c971895636
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:bb:6c:4d:6c:c1:14:42:5c:e5:29:a0:26:ce:
a2:ed:ee:36:74:6d:d8:d6:83:0c:6e:d3:39:7d:49:
93:04:d6:b7:cc:d0:01:e1:51:f9:9e:9f:ab:ac:a8:
0c:f0:7a:1f:41:1f:d3:72:4d:b6:5e:fd:ad:4c:5c:
2e:51:9e:98:8a:fb:08:a7:88:c9:82:0d:e6:8d:63:
c6:b0:f6:31:bd:56:a0:c0:5c:f4:8b:be:c0:9d:1b:
22:2b:5d:66:cb:0f:1f:81:ba:42:76:85:0f:90:6b:
3e:0a:11:d9:a9:2d:44:fa:e7:c9:fd:9e:72:8d:03:
39:51:dd:62:65:92:c3:c9:86:71:cb:b6:4a:f6:67:
86:5e:8f:a9:90:0b:5b:ab:58:d3:fb:11:c0:00:a3:
48:46:a6:b2:19:a3:45:87:c8:d6:f2:5b:d2:4e:8f:
cb:ea:5b:e6:30:3a:09:35:30:bb:cd:63:f5:81:09:
54:33:63:21:87:7c:b9:c8:0c:62:a6:9d:0c:03:c9:
df:e6:0a:c6:c3:1d:da:04:85:98:07:6c:88:6e:2a:
16:9a:ba:72:cd:1a:1d:86:01:cc:f7:19:1a:fa:8d:
a1:3a:0d:c7:3f:53:ae:96:b6:2a:0f:d0:65:71:1e:
8d:ab:fa:78:f8:47:de:72:c7:6a:3e:d2:03:7a:95:
98:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:A1:77:46:80:22:4F:DF:C4:03:83:9B:31:3E:55:C9:71:89:56:36
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/bKF3RoAiT9_EA4ObMT5VyXGJVjY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
45.143.158.0/23
46.21.29.0/24
77.220.64.0/19
193.221.216.0/23
193.222.104.0/23
IPv6:
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
01:af:55:c8:2d:4c:6e:19:b0:e0:d8:f1:67:d4:92:39:38:34:
01:7f:1b:73:8f:53:f4:76:bf:51:3c:f4:6a:92:d4:77:df:b8:
3d:e9:e6:8c:59:22:df:e8:42:7c:a0:d1:be:47:fa:50:1f:60:
3b:86:12:72:f5:a7:73:fe:91:bc:9c:f1:6a:38:03:22:72:77:
b5:3d:23:6b:df:6d:fb:13:8a:3b:82:01:a9:1b:53:d4:a7:de:
d9:f8:90:7e:0d:be:54:81:b4:7c:11:e0:1c:49:08:71:3c:a9:
2b:a4:e9:85:57:31:d9:3a:25:c4:3d:0b:a1:23:78:ea:ea:d4:
38:38:82:b0:a7:ed:b5:4a:31:e5:ce:b7:8b:1b:9d:de:ff:1a:
96:87:86:d8:7a:54:b2:18:da:c6:c9:3b:27:c6:e3:9b:ce:59:
6c:a3:10:f6:b4:7a:a4:95:8e:05:45:21:81:d0:21:fe:61:7c:
d4:34:dd:8a:8d:69:2e:32:50:65:44:a8:d6:23:58:55:03:04:
5e:80:8e:20:72:ca:31:a1:c1:c3:ff:b7:dc:fc:01:7b:5a:56:
59:33:06:6c:86:bf:b2:12:0d:73:4c:20:00:04:7f:86:cd:aa:
25:ae:77:a5:d2:3a:b5:12:26:60:89:8d:c6:d9:17:56:a2:d8:
c7:86:20:cc
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZXihglmilsXC9HAzewr1TkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwMzI5MTUyOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2ExNzc0NjgwMjI0ZmRmYzQwMzgzOWIzMTNlNTVjOTcxODk1NjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7tsTWzBFEJc5SmgJs6i7e42dG3Y
1oMMbtM5fUmTBNa3zNAB4VH5np+rrKgM8HofQR/Tck22Xv2tTFwuUZ6YivsIp4jJ
gg3mjWPGsPYxvVagwFz0i77AnRsiK11myw8fgbpCdoUPkGs+ChHZqS1E+ufJ/Z5y
jQM5Ud1iZZLDyYZxy7ZK9meGXo+pkAtbq1jT+xHAAKNIRqayGaNFh8jW8lvSTo/L
6lvmMDoJNTC7zWP1gQlUM2Mhh3y5yAxipp0MA8nf5grGwx3aBIWYB2yIbioWmrpy
zRodhgHM9xka+o2hOg3HP1OulrYqD9BlcR6Nq/p4+EfecsdqPtIDepWYlwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFGyhd0aAIk/fxAODmzE+VclxiVY2MB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvYktGM1JvQWlUOV9FQTRPYk1UNVZ5WEdKVmpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEHywgAwQB
LY+eAwQALhUdAwQFTdxAAwQBwd3YAwQBwd5oMA0EAgACMAcDBQMqD+iAMA0GCSqG
SIb3DQEBCwUAA4IBAQABr1XILUxuGbDg2PFn1JI5ODQBfxtzj1P0dr9RPPRqktR3
37g96eaMWSLf6EJ8oNG+R/pQH2A7hhJy9adz/pG8nPFqOAMicne1PSNr3237E4o7
ggGpG1PUp97Z+JB+Db5UgbR8EeAcSQhxPKkrpOmFVzHZOiXEPQuhI3jq6tQ4OIKw
p+21SjHlzreLG53e/xqWh4bYelSyGNrGyTsnxuObzllsoxD2tHqklY4FRSGB0CH+
YXzUNN2KjWkuMlBlRKjWI1hVAwRegI4gcsoxocHD/7fc/AF7WlZZMwZshr+yEg1z
TCAABH+Gzaolrnel0jq1EiZgiY3G2RdWotjHhiDM
-----END CERTIFICATE-----
Generated at Sat Apr 19 04:35:13 2025 by rpki-client