Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/X0co1XfF9bUC937x5RzBhGvPwuI.roa
File: X0co1XfF9bUC937x5RzBhGvPwuI.roa (raw, json)
Hash identifier: XOEVF2Xxjs4omkG/65i3MexHqeJgOpXnkV/u+OY/5NU=
Subject key identifier: 5F:47:28:D5:77:C5:F5:B5:02:F7:7E:F1:E5:1C:C1:84:6B:CF:C2:E2
Certificate issuer: /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial: 01943C18D4F37ADD027B6A32CD007BD53B00
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/X0co1XfF9bUC937x5RzBhGvPwuI.roa
Signing time: Mon 06 Jan 2025 14:50:47 +0000
ROA not before: Mon 06 Jan 2025 14:50:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43205
IP address blocks: 37.143.192.0/18 maxlen: 18
46.40.64.0/18 maxlen: 18
46.40.75.0/24 maxlen: 24
46.47.64.0/18 maxlen: 18
46.237.64.0/18 maxlen: 18
91.139.128.0/17 maxlen: 17
93.155.128.0/17 maxlen: 17
109.121.192.0/18 maxlen: 18
158.58.192.0/18 maxlen: 18
178.169.128.0/17 maxlen: 17
185.4.80.0/22 maxlen: 22
188.254.128.0/17 maxlen: 17
193.24.240.0/22 maxlen: 22
212.43.32.0/19 maxlen: 19
212.75.0.0/19 maxlen: 19
213.214.64.0/19 maxlen: 19
2a02:6800::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:3c:18:d4:f3:7a:dd:02:7b:6a:32:cd:00:7b:d5:3b:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Validity
Not Before: Jan 6 14:50:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f4728d577c5f5b502f77ef1e51cc1846bcfc2e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:69:ce:db:5a:cc:47:ae:8a:86:16:92:61:74:
8f:76:4c:e3:25:e2:d2:3c:d6:1e:10:ff:a9:e2:50:
74:48:9f:6a:79:4c:53:00:55:b3:5c:4f:3f:6f:4d:
f2:a7:44:97:32:81:0c:81:2d:80:dc:ed:9e:14:33:
f5:3e:2a:98:48:72:fd:c5:ed:5c:53:3c:e1:58:bc:
0d:6f:de:fe:82:75:2e:fe:6a:64:b6:5b:35:e4:39:
79:70:5c:52:81:cc:08:3e:16:8f:e7:e9:ee:3e:9d:
bc:a9:e9:0c:59:64:10:4a:27:ff:05:ba:fa:a3:f0:
5a:8d:1b:e3:e0:eb:02:c3:be:36:b2:0a:d8:25:33:
77:a3:60:94:11:d0:20:13:57:49:19:f3:2a:8a:32:
31:97:40:67:f1:8a:08:65:9b:df:a1:cf:f1:8e:c3:
16:90:e7:d6:1a:f6:ea:f3:8f:67:93:f7:4e:c2:b6:
d2:26:64:cf:fb:94:05:6a:64:b1:e5:eb:c6:a7:26:
ce:9a:2a:b3:4b:c7:3f:c2:32:9d:b5:83:dc:26:9e:
e2:1f:62:47:80:f6:b3:14:df:cb:bd:56:13:a0:7a:
d0:9a:82:f6:9f:cd:54:e1:08:80:7b:95:75:29:50:
f7:c5:2b:b3:48:c0:f3:ab:78:a0:f7:73:6d:81:e1:
d8:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:47:28:D5:77:C5:F5:B5:02:F7:7E:F1:E5:1C:C1:84:6B:CF:C2:E2
X509v3 Authority Key Identifier:
keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/X0co1XfF9bUC937x5RzBhGvPwuI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.192.0/18
46.40.64.0/18
46.47.64.0/18
46.237.64.0/18
91.139.128.0/17
93.155.128.0/17
109.121.192.0/18
158.58.192.0/18
178.169.128.0/17
185.4.80.0/22
188.254.128.0/17
193.24.240.0/22
212.43.32.0/19
212.75.0.0/19
213.214.64.0/19
IPv6:
2a02:6800::/32
Signature Algorithm: sha256WithRSAEncryption
00:f8:a9:79:b5:e1:52:dd:d2:db:18:ef:d5:da:d4:b3:4a:92:
a7:9c:cb:fd:1f:e1:90:50:e7:2a:d4:e0:3c:52:50:1e:b6:27:
92:d7:a1:10:b4:67:77:0e:75:19:76:97:39:34:e2:03:6e:37:
47:b8:62:5d:88:df:a4:a5:a8:0d:be:32:3b:a2:27:de:12:43:
36:11:0d:39:b6:62:f5:31:54:91:81:e3:a5:71:49:1d:cd:27:
07:6d:3b:1f:77:1f:8a:a2:c1:26:26:24:9c:9c:42:8e:d3:ca:
07:b6:f7:d4:6a:8a:6a:4c:a5:4b:ff:95:94:e8:07:7f:95:45:
ae:ef:18:98:69:b2:61:57:c4:b2:d2:17:ab:07:0c:54:8a:10:
f7:79:09:7a:64:e4:60:c9:d0:7b:f3:ec:33:1b:8a:77:f0:da:
ab:02:ce:24:3d:da:2d:b2:c8:06:7f:ef:1f:8c:fe:fc:6d:04:
78:03:4f:71:60:45:f8:f4:17:5c:b1:01:45:a8:33:05:f4:59:
6f:74:6a:ab:9a:13:e5:eb:e8:1d:be:19:c1:08:ed:44:1f:57:
d8:cd:63:c0:ac:6d:8a:69:1f:3e:75:32:a1:13:a9:e8:71:7b:
52:a5:92:8a:3a:b3:ae:22:d9:8d:3a:87:dc:4b:70:46:fe:ad:
7b:79:05:5d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZQ8GNTzet0Ce2oyzQB71TsAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTA2MTQ1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjQ3MjhkNTc3YzVmNWI1MDJmNzdlZjFlNTFjYzE4NDZiY2ZjMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmnO21rMR66KhhaSYXSPdkzjJeLS
PNYeEP+p4lB0SJ9qeUxTAFWzXE8/b03yp0SXMoEMgS2A3O2eFDP1PiqYSHL9xe1c
UzzhWLwNb97+gnUu/mpktls15Dl5cFxSgcwIPhaP5+nuPp28qekMWWQQSif/Bbr6
o/BajRvj4OsCw742sgrYJTN3o2CUEdAgE1dJGfMqijIxl0Bn8YoIZZvfoc/xjsMW
kOfWGvbq849nk/dOwrbSJmTP+5QFamSx5evGpybOmiqzS8c/wjKdtYPcJp7iH2JH
gPazFN/LvVYToHrQmoL2n81U4QiAe5V1KVD3xSuzSMDzq3ig93NtgeHYuQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFF9HKNV3xfW1Avd+8eUcwYRrz8LiMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvWDBjbzFYZkY5YlVDOTM3eDVSekJoR3ZQd3VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEBiWPwAME
Bi4oQAMEBi4vQAMEBi7tQAMEB1uLgAMEB12bgAMEBm15wAMEBp46wAMEB7KpgAME
ArkEUAMEB7z+gAMEAsEY8AMEBdQrIAMEBdRLAAMEBdXWQDANBAIAAjAHAwUAKgJo
ADANBgkqhkiG9w0BAQsFAAOCAQEAAPipebXhUt3S2xjv1drUs0qSp5zL/R/hkFDn
KtTgPFJQHrYnktehELRndw51GXaXOTTiA243R7hiXYjfpKWoDb4yO6In3hJDNhEN
ObZi9TFUkYHjpXFJHc0nB207H3cfiqLBJiYknJxCjtPKB7b31GqKakylS/+VlOgH
f5VFru8YmGmyYVfEstIXqwcMVIoQ93kJemTkYMnQe/PsMxuKd/DaqwLOJD3aLbLI
Bn/vH4z+/G0EeANPcWBF+PQXXLEBRagzBfRZb3Rqq5oT5evoHb4ZwQjtRB9X2M1j
wKxtimkfPnUyoROp6HF7UqWSijqzriLZjTqH3EtwRv6te3kFXQ==
-----END CERTIFICATE-----
Generated at Sat May 10 13:58:36 2025 by rpki-client