Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/veRYZxpgfTdCtrm8JnXzT8b0xUQ.roa
File: veRYZxpgfTdCtrm8JnXzT8b0xUQ.roa (raw, json)
Hash identifier: YmT5svhCfFvDjoERVwA2y4n9Zd36wGuR+ODkbIQ3RR8=
Subject key identifier: BD:E4:58:67:1A:60:7D:37:42:B6:B9:BC:26:75:F3:4F:C6:F4:C5:44
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 019454D5E530827C2B119B6A4332C7413945
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/veRYZxpgfTdCtrm8JnXzT8b0xUQ.roa
Signing time: Sat 11 Jan 2025 10:08:11 +0000
ROA not before: Sat 11 Jan 2025 10:08:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 31.44.32.0/20 maxlen: 20
31.44.46.0/23 maxlen: 23
46.21.16.0/24 maxlen: 24
46.21.29.0/24 maxlen: 24
77.220.64.0/19 maxlen: 19
193.221.216.0/23 maxlen: 23
193.222.104.0/23 maxlen: 24
2a0f:e880::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:54:d5:e5:30:82:7c:2b:11:9b:6a:43:32:c7:41:39:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Jan 11 10:08:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bde458671a607d3742b6b9bc2675f34fc6f4c544
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a6:ff:04:35:54:7f:8d:c2:fd:03:30:b1:6b:
62:6e:c5:79:20:4e:53:41:62:76:2e:b4:78:5e:76:
bd:86:c9:de:78:81:c8:fc:dc:ca:02:c7:70:5b:95:
e2:2e:e6:af:46:c4:a7:73:df:94:70:09:75:98:42:
23:8a:6f:34:e1:b3:77:02:1e:ae:0e:bc:c3:e2:11:
04:fc:9c:b8:8b:d2:a9:37:38:83:12:18:fd:9e:e4:
cc:11:54:30:c8:2e:70:10:ff:05:ef:48:96:e5:bb:
9a:13:57:83:67:ce:0c:ec:8b:4e:6d:cf:3e:16:5a:
0d:72:d7:78:16:a0:97:74:0a:d1:08:7a:1e:96:4b:
ae:d2:70:7f:b4:cc:3e:d1:a2:0b:df:c4:14:a0:fa:
d5:af:db:63:9f:b1:49:2c:a7:3e:50:81:68:05:fe:
f4:46:e8:10:ec:5f:22:25:9c:f8:a7:0b:76:3f:2d:
ea:7e:41:f7:c7:c7:18:4e:81:b2:63:cf:17:2e:46:
aa:09:e3:b7:60:26:95:0e:07:5f:53:76:b4:5e:29:
6a:c2:7e:73:1d:0e:cb:4f:48:68:cf:95:31:6d:af:
fc:2b:86:52:09:12:c2:e3:eb:12:6e:2a:b6:e2:e6:
99:62:99:f8:16:7a:b8:d0:ba:4d:a7:a0:8a:94:03:
30:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:E4:58:67:1A:60:7D:37:42:B6:B9:BC:26:75:F3:4F:C6:F4:C5:44
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/veRYZxpgfTdCtrm8JnXzT8b0xUQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
46.21.16.0/24
46.21.29.0/24
77.220.64.0/19
193.221.216.0/23
193.222.104.0/23
IPv6:
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
88:a1:3f:3d:69:07:e5:eb:c9:88:f1:eb:cd:b6:40:ef:28:14:
12:85:5c:e2:ec:bb:c7:1a:86:06:42:bc:66:06:65:6e:80:39:
cf:92:60:cb:db:f1:04:78:0a:0c:4d:2d:3b:52:88:55:39:01:
d5:a7:c6:79:6a:6f:89:c1:4e:5f:65:c5:d7:03:aa:90:36:69:
4d:93:e2:55:28:81:1c:6e:30:17:90:96:ec:ff:ad:fc:1f:41:
68:07:dd:7c:cb:23:7c:e1:85:5a:0e:4e:9b:13:6f:ff:c2:89:
a5:74:09:2f:98:4c:b8:ce:1f:18:12:3c:f8:b3:4a:75:15:29:
41:25:89:a3:56:ff:3e:ca:7c:3a:06:e1:e6:62:f7:c3:e5:fb:
70:0f:cb:a3:31:a4:5d:5f:e8:f8:60:8d:57:07:cb:a0:c6:0d:
c5:ef:a5:bf:37:28:36:9a:67:7e:e9:79:a7:0e:a9:22:7e:16:
3e:17:99:bc:24:a8:d4:59:f8:2c:59:fb:1c:e1:5e:58:f5:7c:
ff:51:c8:36:06:fb:b3:7e:31:48:e9:ea:ae:4d:69:78:94:9f:
30:07:ec:ec:7b:a8:08:f8:55:98:59:89:61:ec:04:b5:14:04:
14:58:8f:2c:15:79:09:d9:23:cd:f9:e7:b2:04:c3:62:45:93:
4c:f9:90:9f
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZRU1eUwgnwrEZtqQzLHQTlFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwMTExMTAwODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGU0NTg2NzFhNjA3ZDM3NDJiNmI5YmMyNjc1ZjM0ZmM2ZjRjNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsab/BDVUf43C/QMwsWtibsV5IE5T
QWJ2LrR4Xna9hsneeIHI/NzKAsdwW5XiLuavRsSnc9+UcAl1mEIjim804bN3Ah6u
DrzD4hEE/Jy4i9KpNziDEhj9nuTMEVQwyC5wEP8F70iW5buaE1eDZ84M7ItObc8+
FloNctd4FqCXdArRCHoelkuu0nB/tMw+0aIL38QUoPrVr9tjn7FJLKc+UIFoBf70
RugQ7F8iJZz4pwt2Py3qfkH3x8cYToGyY88XLkaqCeO3YCaVDgdfU3a0Xilqwn5z
HQ7LT0hoz5Uxba/8K4ZSCRLC4+sSbiq24uaZYpn4Fnq40LpNp6CKlAMw/QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFL3kWGcaYH03Qra5vCZ180/G9MVEMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvdmVSWVp4cGdmVGRDdHJtOEpuWHpUOGIweFVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEHywgAwQA
LhUQAwQALhUdAwQFTdxAAwQBwd3YAwQBwd5oMA0EAgACMAcDBQMqD+iAMA0GCSqG
SIb3DQEBCwUAA4IBAQCIoT89aQfl68mI8evNtkDvKBQShVzi7LvHGoYGQrxmBmVu
gDnPkmDL2/EEeAoMTS07UohVOQHVp8Z5am+JwU5fZcXXA6qQNmlNk+JVKIEcbjAX
kJbs/638H0FoB918yyN84YVaDk6bE2//womldAkvmEy4zh8YEjz4s0p1FSlBJYmj
Vv8+ynw6BuHmYvfD5ftwD8ujMaRdX+j4YI1XB8ugxg3F76W/Nyg2mmd+6XmnDqki
fhY+F5m8JKjUWfgsWfsc4V5Y9Xz/Ucg2BvuzfjFI6equTWl4lJ8wB+zse6gI+FWY
WYlh7AS1FAQUWI8sFXkJ2SPN+eeyBMNiRZNM+ZCf
-----END CERTIFICATE-----
Generated at Sat Apr 19 04:18:58 2025 by rpki-client