Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/wBxUxoIngyYZLXX_euzbXBK9GM4.roa
File: wBxUxoIngyYZLXX_euzbXBK9GM4.roa (raw, json)
Hash identifier: bf1lp3VXFD6zgslxyeACw86HQ+PiLmQiyE9kokSNzus=
Subject key identifier: C0:1C:54:C6:82:27:83:26:19:2D:75:FF:7A:EC:DB:5C:12:BD:18:CE
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 0194228E256DED06045DC826C43A8FE4A0BB
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/wBxUxoIngyYZLXX_euzbXBK9GM4.roa
Signing time: Wed 01 Jan 2025 15:48:48 +0000
ROA not before: Wed 01 Jan 2025 15:48:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 31.44.32.0/20 maxlen: 20
31.44.46.0/23 maxlen: 23
46.21.29.0/24 maxlen: 24
77.220.64.0/19 maxlen: 19
193.221.216.0/23 maxlen: 23
193.222.104.0/23 maxlen: 24
2a0f:e880::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:25:6d:ed:06:04:5d:c8:26:c4:3a:8f:e4:a0:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Jan 1 15:48:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c01c54c682278326192d75ff7aecdb5c12bd18ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:d0:2c:3c:40:73:0f:93:bb:69:38:a6:b8:7b:
4e:9c:f0:19:b0:2a:2b:4b:6b:fa:a2:48:e7:86:99:
95:2c:6a:72:d6:94:b6:4c:80:06:e7:55:5a:05:ca:
6d:1f:38:ec:cf:7c:4f:ce:db:1c:80:57:72:0a:fb:
e3:9b:7d:5f:ff:44:bb:cb:e8:92:fe:85:ae:84:53:
ff:98:ec:7a:de:bf:33:7b:9d:5a:32:34:89:ba:02:
91:03:73:da:3c:05:80:b6:82:64:6b:02:4c:6d:73:
05:1b:3d:dd:66:de:86:f8:b6:9f:f1:cd:b4:a8:ba:
b7:cc:b4:91:21:0f:e7:15:9e:6a:0a:af:b2:ff:d6:
7e:67:3c:6e:71:62:ad:9e:2e:0b:f7:5f:65:8b:30:
b9:23:65:6b:7d:c5:05:70:e0:b6:5c:96:e6:09:bc:
50:b3:7e:79:55:c2:d1:a4:14:29:3a:e8:33:7d:59:
07:17:7d:ba:dd:b0:06:df:9c:86:8f:97:60:8a:ec:
f6:35:90:b5:53:02:8e:bf:87:aa:82:9c:4e:f7:e2:
06:97:c7:15:18:21:0d:05:c8:17:a5:f6:23:88:d6:
d5:f5:16:d0:06:61:ce:d4:1f:ab:b7:02:2a:ce:39:
dc:09:2d:f2:79:9c:da:09:f5:77:59:96:24:af:40:
90:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:1C:54:C6:82:27:83:26:19:2D:75:FF:7A:EC:DB:5C:12:BD:18:CE
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/wBxUxoIngyYZLXX_euzbXBK9GM4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
46.21.29.0/24
77.220.64.0/19
193.221.216.0/23
193.222.104.0/23
IPv6:
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
90:43:32:c4:d7:27:be:da:e7:50:e6:b9:25:c2:b9:48:61:0d:
22:29:dc:a5:7b:c9:b8:d6:ed:73:fa:8a:2c:62:96:ed:b3:11:
94:71:92:04:dd:6e:74:ff:14:a6:70:4f:27:23:74:74:59:d1:
82:cb:91:68:20:d1:0c:45:bf:0a:18:32:04:be:4a:47:a6:3d:
22:f0:1a:d1:57:be:be:ad:c4:d8:c6:56:8e:f1:d6:30:5d:f2:
d5:05:8d:7c:90:88:ae:ac:5f:f4:a8:82:7d:ab:e5:28:92:c3:
f0:80:2e:ac:c1:ee:8c:ae:6c:14:e4:1e:ac:41:a1:41:99:08:
1a:2c:36:4d:fc:cc:36:13:f8:18:1e:f4:ee:75:d6:18:20:76:
5b:6b:67:73:14:10:f7:6c:44:ca:ba:05:bd:fd:c4:39:b2:66:
e6:28:ac:6b:a5:8e:2b:85:92:0c:7f:37:d3:74:a5:2c:a7:f9:
08:89:e6:83:94:f4:7f:ff:ad:03:5e:56:eb:91:e5:42:c9:49:
4f:d4:71:6d:b4:a3:aa:c0:fc:f2:bc:b1:ab:dc:67:cf:98:4b:
0c:cc:73:64:7a:09:cb:b5:b8:32:83:7f:a3:d3:75:89:26:0a:
61:e1:25:29:9a:e5:30:2a:8e:30:40:fe:6c:da:7b:74:17:c5:
5e:0c:a4:35
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQijiVt7QYEXcgmxDqP5KC7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDFjNTRjNjgyMjc4MzI2MTkyZDc1ZmY3YWVjZGI1YzEyYmQxOGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dAsPEBzD5O7aTimuHtOnPAZsCor
S2v6okjnhpmVLGpy1pS2TIAG51VaBcptHzjsz3xPztscgFdyCvvjm31f/0S7y+iS
/oWuhFP/mOx63r8ze51aMjSJugKRA3PaPAWAtoJkawJMbXMFGz3dZt6G+Laf8c20
qLq3zLSRIQ/nFZ5qCq+y/9Z+ZzxucWKtni4L919lizC5I2VrfcUFcOC2XJbmCbxQ
s355VcLRpBQpOugzfVkHF3263bAG35yGj5dgiuz2NZC1UwKOv4eqgpxO9+IGl8cV
GCENBcgXpfYjiNbV9RbQBmHO1B+rtwIqzjncCS3yeZzaCfV3WZYkr0CQ7wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFMAcVMaCJ4MmGS11/3rs21wSvRjOMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvd0J4VXhvSW5neVlaTFhYX2V1emJYQks5R000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQEHywgAwQA
LhUdAwQFTdxAAwQBwd3YAwQBwd5oMA0EAgACMAcDBQMqD+iAMA0GCSqGSIb3DQEB
CwUAA4IBAQCQQzLE1ye+2udQ5rklwrlIYQ0iKdyle8m41u1z+oosYpbtsxGUcZIE
3W50/xSmcE8nI3R0WdGCy5FoINEMRb8KGDIEvkpHpj0i8BrRV76+rcTYxlaO8dYw
XfLVBY18kIiurF/0qIJ9q+UoksPwgC6swe6MrmwU5B6sQaFBmQgaLDZN/Mw2E/gY
HvTuddYYIHZba2dzFBD3bETKugW9/cQ5smbmKKxrpY4rhZIMfzfTdKUsp/kIieaD
lPR//60DXlbrkeVCyUlP1HFttKOqwPzyvLGr3GfPmEsMzHNkegnLtbgyg3+j03WJ
Jgph4SUpmuUwKo4wQP5s2nt0F8VeDKQ1
-----END CERTIFICATE-----
Generated at Sat Apr 19 04:45:19 2025 by rpki-client