Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/hFSpEoptCD1eFf67Q4U2OImm9_8.roa
File: hFSpEoptCD1eFf67Q4U2OImm9_8.roa (raw, json)
Hash identifier: fsJSsl64mknBbVatkiNqCOw6ykE8/4QOA/HsnoYW2Hs=
Subject key identifier: 84:54:A9:12:8A:6D:08:3D:5E:15:FE:BB:43:85:36:38:89:A6:F7:FF
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 0195E28609EEBBE48F680CF0D08F24684598
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/hFSpEoptCD1eFf67Q4U2OImm9_8.roa
Signing time: Sat 29 Mar 2025 15:29:49 +0000
ROA not before: Sat 29 Mar 2025 15:29:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199077
IP address blocks: 46.21.21.0/24 maxlen: 24
46.21.22.0/24 maxlen: 24
77.220.92.0/24 maxlen: 24
77.220.93.0/24 maxlen: 24
77.220.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:e2:86:09:ee:bb:e4:8f:68:0c:f0:d0:8f:24:68:45:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Mar 29 15:29:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8454a9128a6d083d5e15febb4385363889a6f7ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:76:71:a0:de:a2:83:c3:00:58:5b:f4:fc:64:
1f:af:c2:ce:49:c8:89:cd:0a:6a:25:a7:ea:03:b0:
a9:ac:70:23:63:02:24:0e:7e:6f:dd:00:09:52:b8:
b3:b8:41:1c:cf:6b:1b:9a:1e:6c:44:84:b8:cb:56:
97:4d:cb:42:2f:f2:3f:c7:68:77:4b:74:e3:af:6b:
df:93:f6:0a:67:bb:3a:09:d1:74:89:eb:fb:a9:28:
cf:f1:a6:d8:4b:26:e0:b7:92:f7:27:c0:f9:7e:02:
75:44:e1:cd:47:09:91:a8:4c:45:79:f0:94:c9:ac:
42:6a:72:ca:53:07:bf:1c:bb:62:6a:c8:d1:51:64:
5b:17:79:b9:58:73:62:15:1c:df:68:87:d8:7c:dc:
66:53:bc:e9:87:5a:17:ab:02:ce:c8:40:e7:aa:ac:
00:ca:3c:3d:82:b7:e9:a2:1a:30:85:37:67:db:ce:
78:63:a0:92:04:4c:89:f4:40:c6:49:34:21:20:2f:
e8:54:96:75:05:1f:bf:35:ef:6a:66:1b:ca:64:98:
a8:6e:19:89:e2:52:cc:77:36:c8:99:dc:f6:f9:07:
bc:33:2f:a6:33:81:21:ba:12:75:3d:74:d9:10:a6:
96:0e:1a:d7:f5:47:d9:c3:95:b5:74:e2:90:3c:7d:
d0:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:54:A9:12:8A:6D:08:3D:5E:15:FE:BB:43:85:36:38:89:A6:F7:FF
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/hFSpEoptCD1eFf67Q4U2OImm9_8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.21.0-46.21.22.255
77.220.92.0-77.220.94.255
Signature Algorithm: sha256WithRSAEncryption
5d:d6:6e:d7:a4:e6:ba:19:a4:c3:41:b4:b2:de:b5:a6:9c:11:
9f:ce:20:29:26:82:bb:1c:04:27:5d:ed:8e:d0:8d:74:3d:87:
9b:b5:83:b9:e8:bb:fd:5a:cd:fd:76:01:ab:57:f7:ed:fe:34:
99:fa:01:e3:71:0d:84:1d:53:14:b3:7a:af:96:5b:a1:52:fd:
11:d2:c6:8b:d1:02:bb:d2:4f:76:d3:78:93:b9:a5:ed:4a:01:
a0:7f:34:7e:cc:4a:63:aa:d0:9b:68:f6:55:bc:28:9b:c9:1b:
10:b4:6d:9e:97:0b:ce:c4:f5:09:2d:99:6e:00:b5:00:01:68:
cf:2f:6f:e4:ad:74:e9:9b:74:26:10:ef:b5:47:6d:ba:1a:4d:
f8:93:1b:a8:ce:e2:7b:8d:91:9c:22:34:e9:78:e1:d6:c3:4d:
85:6e:4f:6e:e6:0b:33:6e:8c:5b:37:d7:eb:bc:87:6f:f0:75:
91:47:ed:f9:49:77:7f:32:d6:64:e7:90:69:76:4b:25:62:49:
ca:a6:e1:66:79:b1:cf:54:cf:21:f9:af:54:f9:7c:58:23:e8:
27:7d:51:0b:b9:52:71:1c:ce:c9:d1:fe:3a:74:a3:76:e3:fb:
94:08:74:73:29:16:df:09:ed:28:fa:ec:cc:53:07:72:7e:7c:
cd:d7:75:c2
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZXihgnuu+SPaAzw0I8kaEWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwMzI5MTUyOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDU0YTkxMjhhNmQwODNkNWUxNWZlYmI0Mzg1MzYzODg5YTZmN2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3ZxoN6ig8MAWFv0/GQfr8LOSciJ
zQpqJafqA7CprHAjYwIkDn5v3QAJUrizuEEcz2sbmh5sRIS4y1aXTctCL/I/x2h3
S3Tjr2vfk/YKZ7s6CdF0iev7qSjP8abYSybgt5L3J8D5fgJ1ROHNRwmRqExFefCU
yaxCanLKUwe/HLtiasjRUWRbF3m5WHNiFRzfaIfYfNxmU7zph1oXqwLOyEDnqqwA
yjw9grfpohowhTdn2854Y6CSBEyJ9EDGSTQhIC/oVJZ1BR+/Ne9qZhvKZJiobhmJ
4lLMdzbImdz2+Qe8My+mM4EhuhJ1PXTZEKaWDhrX9UfZw5W1dOKQPH3Q5QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFIRUqRKKbQg9XhX+u0OFNjiJpvf/MB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvaEZTcEVvcHRDRDFlRmY2N1E0VTJPSW1tOV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAAuFRUD
BAAuFRYwDAMEAk3cXAMEAE3cXjANBgkqhkiG9w0BAQsFAAOCAQEAXdZu16Tmuhmk
w0G0st61ppwRn84gKSaCuxwEJ13tjtCNdD2Hm7WDuei7/VrN/XYBq1f37f40mfoB
43ENhB1TFLN6r5ZboVL9EdLGi9ECu9JPdtN4k7ml7UoBoH80fsxKY6rQm2j2Vbwo
m8kbELRtnpcLzsT1CS2ZbgC1AAFozy9v5K106Zt0JhDvtUdtuhpN+JMbqM7ie42R
nCI06Xjh1sNNhW5PbuYLM26MWzfX67yHb/B1kUft+Ul3fzLWZOeQaXZLJWJJyqbh
Znmxz1TPIfmvVPl8WCPoJ31RC7lScRzOydH+OnSjduP7lAh0cykW3wntKPrszFMH
cn58zdd1wg==
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:53:16 2025 by rpki-client