Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/rMWDXGXx1jCOH4ojj2hSjQAOG7Y.roa
File: rMWDXGXx1jCOH4ojj2hSjQAOG7Y.roa (raw, json)
Hash identifier: JLp2lHDz6/bx1QN1HFa0ePfuORkgJe6WK7HGCNIzNrw=
Subject key identifier: AC:C5:83:5C:65:F1:D6:30:8E:1F:8A:23:8F:68:52:8D:00:0E:1B:B6
Certificate issuer: /CN=a14e499240cea588541a7dc74f321c9141744bb6
Certificate serial: 018CC8DE70F0202E5AF09B2CCBC5B443F3E4
Authority key identifier: A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/rMWDXGXx1jCOH4ojj2hSjQAOG7Y.roa
Signing time: Tue 02 Jan 2024 06:31:10 +0000
ROA not before: Tue 02 Jan 2024 06:31:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49603
IP address blocks: 46.19.152.0/21 maxlen: 24
185.88.60.0/22 maxlen: 24
185.92.152.0/22 maxlen: 24
89.207.248.0/21 maxlen: 24
185.92.160.0/22 maxlen: 24
185.92.168.0/22 maxlen: 24
185.92.180.0/22 maxlen: 24
185.92.188.0/22 maxlen: 24
185.92.204.0/22 maxlen: 24
2a05:ca80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:de:70:f0:20:2e:5a:f0:9b:2c:cb:c5:b4:43:f3:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a14e499240cea588541a7dc74f321c9141744bb6
Validity
Not Before: Jan 2 06:31:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=acc5835c65f1d6308e1f8a238f68528d000e1bb6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:bd:39:65:f1:c7:de:6d:98:db:0f:d9:5d:c3:
fe:95:d4:f8:c1:96:96:8a:61:e9:63:ad:89:9e:1b:
9a:a4:ce:00:29:1c:b3:01:e6:74:3b:fb:8c:c6:fe:
97:7e:96:3a:b4:4e:ae:0a:5c:68:20:5b:04:88:21:
9c:87:02:38:8f:04:db:3f:3e:4d:fa:2c:0b:0f:25:
5f:57:a0:69:c6:e5:38:b2:c9:cf:0c:03:95:2f:dd:
0e:a8:2b:61:5d:d3:47:bf:2f:45:f6:47:89:46:38:
72:a2:eb:d7:c7:70:7e:95:22:36:e9:cb:be:96:6c:
70:86:6a:b6:8c:48:a8:6b:74:79:ed:97:0e:57:4c:
9b:06:d3:c0:b1:0f:57:12:1e:4d:c9:34:b2:b8:13:
93:98:74:4f:29:b1:98:ed:64:09:16:60:90:49:5e:
df:eb:1f:5b:2c:b6:67:ab:dc:be:ef:9e:f6:ba:ae:
85:e9:87:e8:ba:55:df:0c:04:84:ee:d8:38:0c:0b:
59:a2:89:6f:0c:45:11:e3:42:31:d5:30:d2:3f:08:
f8:75:b8:3c:e8:3b:57:75:34:ee:31:4b:82:75:df:
e4:df:e8:28:e8:65:0a:21:4d:ae:f2:90:20:bb:4a:
2e:99:78:27:6c:53:7b:13:09:bc:36:f1:3f:7f:08:
33:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:C5:83:5C:65:F1:D6:30:8E:1F:8A:23:8F:68:52:8D:00:0E:1B:B6
X509v3 Authority Key Identifier:
keyid:A1:4E:49:92:40:CE:A5:88:54:1A:7D:C7:4F:32:1C:91:41:74:4B:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oU5JkkDOpYhUGn3HTzIckUF0S7Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/rMWDXGXx1jCOH4ojj2hSjQAOG7Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/0828e7-1e57-4747-8ea1-36a808f3d14d/1/oU5JkkDOpYhUGn3HTzIckUF0S7Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.19.152.0/21
89.207.248.0/21
185.88.60.0/22
185.92.152.0/22
185.92.160.0/22
185.92.168.0/22
185.92.180.0/22
185.92.188.0/22
185.92.204.0/22
IPv6:
2a05:ca80::/29
Signature Algorithm: sha256WithRSAEncryption
25:c3:4e:45:61:ce:c0:28:72:bd:ef:f8:70:42:84:62:ff:ae:
9c:59:5f:d9:db:d3:2e:cf:35:0d:48:0e:96:c3:a8:46:9c:ca:
9d:b2:c9:bf:3c:cb:27:76:98:63:6c:9b:52:9b:51:5f:56:87:
54:75:6b:7f:b3:c7:1f:76:5c:01:00:d9:e2:e1:e4:15:e1:fb:
37:8f:93:e3:1a:1f:d4:dc:4b:61:e4:8b:ff:8f:66:c5:2f:95:
d9:1d:b5:c1:8c:08:4c:38:82:87:90:50:61:61:10:8e:ac:db:
e3:08:32:8a:ee:da:43:f4:45:09:20:25:da:98:40:b4:67:16:
14:82:a3:db:42:29:50:99:56:a0:73:e0:12:7d:12:61:3e:d4:
9c:c7:f2:a5:e8:5e:2c:6d:96:53:c4:e3:94:56:a5:8a:2e:bf:
fe:3e:c7:b6:41:48:85:2c:0f:7a:a1:8d:96:d2:03:83:9e:7f:
63:74:38:46:56:f1:04:f0:4b:12:ed:64:6b:4a:e2:7a:1f:39:
76:59:79:72:ef:9b:c7:9b:3f:28:a3:0b:b0:25:9d:d4:5a:e5:
b9:73:e5:eb:77:d5:86:69:86:6b:6c:96:b0:67:a5:3a:58:76:
98:6d:1a:e3:18:9e:db:49:dd:3c:e2:bd:cf:22:ed:21:5a:26:
23:eb:4f:6b
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYzI3nDwIC5a8Jssy8W0Q/PkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNGU0OTkyNDBjZWE1ODg1NDFhN2RjNzRmMzIxYzkxNDE3
NDRiYjYwHhcNMjQwMTAyMDYzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2M1ODM1YzY1ZjFkNjMwOGUxZjhhMjM4ZjY4NTI4ZDAwMGUxYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu705ZfHH3m2Y2w/ZXcP+ldT4wZaW
imHpY62JnhuapM4AKRyzAeZ0O/uMxv6XfpY6tE6uClxoIFsEiCGchwI4jwTbPz5N
+iwLDyVfV6BpxuU4ssnPDAOVL90OqCthXdNHvy9F9keJRjhyouvXx3B+lSI26cu+
lmxwhmq2jEioa3R57ZcOV0ybBtPAsQ9XEh5NyTSyuBOTmHRPKbGY7WQJFmCQSV7f
6x9bLLZnq9y+7572uq6F6YfoulXfDASE7tg4DAtZoolvDEUR40Ix1TDSPwj4dbg8
6DtXdTTuMUuCdd/k3+go6GUKIU2u8pAgu0oumXgnbFN7Ewm8NvE/fwgzMQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFKzFg1xl8dYwjh+KI49oUo0ADhu2MB8GA1UdIwQY
MBaAFKFOSZJAzqWIVBp9x08yHJFBdEu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEt
MzZhODA4ZjNkMTRkLzEvck1XRFhHWHgxakNPSDRvamoyaFNqUUFPRzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8wODI4ZTctMWU1Ny00NzQ3LThlYTEtMzZhODA4ZjNkMTRk
LzEvb1U1SmtrRE9wWWhVR24zSFR6SWNrVUYwUzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDLhOYAwQD
Wc/4AwQCuVg8AwQCuVyYAwQCuVygAwQCuVyoAwQCuVy0AwQCuVy8AwQCuVzMMA0E
AgACMAcDBQMqBcqAMA0GCSqGSIb3DQEBCwUAA4IBAQAlw05FYc7AKHK97/hwQoRi
/66cWV/Z29MuzzUNSA6Ww6hGnMqdssm/PMsndphjbJtSm1FfVodUdWt/s8cfdlwB
ANni4eQV4fs3j5PjGh/U3Eth5Iv/j2bFL5XZHbXBjAhMOIKHkFBhYRCOrNvjCDKK
7tpD9EUJICXamEC0ZxYUgqPbQilQmVagc+ASfRJhPtScx/Kl6F4sbZZTxOOUVqWK
Lr/+Pse2QUiFLA96oY2W0gODnn9jdDhGVvEE8EsS7WRrSuJ6Hzl2WXly75vHmz8o
owuwJZ3UWuW5c+Xrd9WGaYZrbJawZ6U6WHaYbRrjGJ7bSd084r3PIu0hWiYj609r
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:28:47 2025 by rpki-client