Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/MxnaSSbQw86rarIinDMMZivkGdw.roa
File: MxnaSSbQw86rarIinDMMZivkGdw.roa (raw, json)
Hash identifier: h/ddKvaGl3fWPEP8Nd57aepj+bfiFJtbw0YUdod9iB0=
Subject key identifier: 33:19:DA:49:26:D0:C3:CE:AB:6A:B2:22:9C:33:0C:66:2B:E4:19:DC
Certificate issuer: /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial: 019421B1BEAF8DD70FEF146AD60204BD75D1
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/MxnaSSbQw86rarIinDMMZivkGdw.roa
Signing time: Wed 01 Jan 2025 11:48:04 +0000
ROA not before: Wed 01 Jan 2025 11:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215540
IP address blocks: 178.22.31.0/24 maxlen: 24
193.228.128.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:be:af:8d:d7:0f:ef:14:6a:d6:02:04:bd:75:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
Validity
Not Before: Jan 1 11:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3319da4926d0c3ceab6ab2229c330c662be419dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:be:29:af:8d:68:b5:6a:b0:e7:40:52:a2:ae:
46:63:ff:bb:0a:e4:42:86:36:c5:3b:88:5c:81:a3:
81:69:b8:4e:36:0f:04:4b:4e:7f:b0:15:69:f0:b4:
ad:3d:64:1c:c5:c8:dc:f1:41:99:40:64:93:23:82:
a1:b4:ef:a7:90:98:e7:50:65:01:79:2e:35:be:d1:
74:9b:f7:68:65:b3:ec:ad:da:c1:56:c9:ee:f0:38:
d6:3b:5f:d1:7a:5c:d7:e1:8d:68:72:9c:43:22:9e:
09:5d:e5:6a:f7:df:16:9c:12:05:99:2e:37:38:fb:
ed:49:74:9f:35:dd:b9:19:e6:fc:5c:e7:41:0f:5a:
40:df:11:4b:f9:6a:92:f7:b2:96:3f:34:5b:4f:dd:
22:36:2b:09:68:04:3e:ef:9c:15:f0:43:98:08:36:
6f:30:b9:3e:f6:36:7a:12:26:f5:02:b6:c9:55:5b:
46:28:7c:54:3e:9a:f0:2e:2f:06:fe:d1:f2:e3:80:
3f:03:79:02:04:21:fb:84:56:c0:ff:2f:81:0d:80:
ee:fb:55:ff:3f:56:01:71:cf:41:19:36:b5:9e:c0:
08:cf:39:73:f1:34:52:ee:dc:04:58:8d:8c:89:cc:
e7:4c:1a:68:99:fd:8a:7e:d4:a2:d2:ce:28:a9:61:
77:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:19:DA:49:26:D0:C3:CE:AB:6A:B2:22:9C:33:0C:66:2B:E4:19:DC
X509v3 Authority Key Identifier:
keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/MxnaSSbQw86rarIinDMMZivkGdw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.22.31.0/24
193.228.128.0/24
Signature Algorithm: sha256WithRSAEncryption
73:64:66:01:3f:e5:56:18:f1:67:5d:32:3d:17:36:34:2d:60:
22:29:6f:77:a9:30:35:5d:88:c4:7c:a9:44:f7:d2:a0:67:2c:
24:4c:ea:f4:07:d9:5b:26:c2:2f:63:5d:ac:78:ef:d6:7b:7e:
67:38:f7:a3:f9:ca:62:e9:05:74:69:2e:8e:61:76:cf:8e:f9:
fd:53:5a:a0:ec:d9:b8:62:1c:41:1d:e4:ce:73:89:b2:db:b8:
5e:46:f8:7d:ba:11:58:16:5f:35:12:e8:08:4f:57:81:7d:35:
67:83:63:5c:48:ca:da:23:23:94:82:7b:8d:9c:c3:4a:15:fe:
f6:83:60:3a:f2:53:2e:e2:0e:55:67:ca:63:03:ab:14:37:d1:
dc:82:01:99:e9:aa:06:af:68:4e:f4:98:28:17:16:e1:17:66:
58:31:e8:92:6f:16:c4:1c:ff:eb:63:d1:16:ca:b8:b4:3d:c1:
af:36:89:3c:b7:c8:48:a2:bd:26:eb:cb:73:c3:78:18:4d:31:
02:b4:2e:2d:ec:71:07:92:03:ce:0e:7f:c0:61:df:c8:24:30:
e9:37:35:16:fb:f5:aa:d4:a7:1d:99:e3:c2:a6:23:e7:c4:a8:
38:c6:02:7f:57:09:b4:c2:b8:b0:2b:fe:52:a5:84:31:97:31:
87:6e:4f:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsb6vjdcP7xRq1gIEvXXRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzE5ZGE0OTI2ZDBjM2NlYWI2YWIyMjI5YzMzMGM2NjJiZTQxOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv74pr41otWqw50BSoq5GY/+7CuRC
hjbFO4hcgaOBabhONg8ES05/sBVp8LStPWQcxcjc8UGZQGSTI4KhtO+nkJjnUGUB
eS41vtF0m/doZbPsrdrBVsnu8DjWO1/RelzX4Y1ocpxDIp4JXeVq998WnBIFmS43
OPvtSXSfNd25Geb8XOdBD1pA3xFL+WqS97KWPzRbT90iNisJaAQ+75wV8EOYCDZv
MLk+9jZ6Eib1ArbJVVtGKHxUPprwLi8G/tHy44A/A3kCBCH7hFbA/y+BDYDu+1X/
P1YBcc9BGTa1nsAIzzlz8TRS7twEWI2MicznTBpomf2KftSi0s4oqWF3mwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDMZ2kkm0MPOq2qyIpwzDGYr5BncMB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvTXhuYVNTYlF3ODZyYXJJaW5ETU1aaXZrR2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAshYfAwQA
weSAMA0GCSqGSIb3DQEBCwUAA4IBAQBzZGYBP+VWGPFnXTI9FzY0LWAiKW93qTA1
XYjEfKlE99KgZywkTOr0B9lbJsIvY12seO/We35nOPej+cpi6QV0aS6OYXbPjvn9
U1qg7Nm4YhxBHeTOc4my27heRvh9uhFYFl81EugIT1eBfTVng2NcSMraIyOUgnuN
nMNKFf72g2A68lMu4g5VZ8pjA6sUN9HcggGZ6aoGr2hO9JgoFxbhF2ZYMeiSbxbE
HP/rY9EWyri0PcGvNok8t8hIor0m68tzw3gYTTECtC4t7HEHkgPODn/AYd/IJDDp
NzUW+/Wq1KcdmePCpiPnxKg4xgJ/Vwm0wriwK/5SpYQxlzGHbk9G
-----END CERTIFICATE-----
Generated at Wed Apr 16 00:26:08 2025 by rpki-client