Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/bsPiVMk8gP5JUVwDSXOOnIVVF-I.roa
File: bsPiVMk8gP5JUVwDSXOOnIVVF-I.roa (raw, json)
Hash identifier: jBjNlQGuYPib0NZCUeyF8wwKY703CnYvauVdWLqI7/0=
Subject key identifier: 6E:C3:E2:54:C9:3C:80:FE:49:51:5C:03:49:73:8E:9C:85:55:17:E2
Certificate issuer: /CN=58015cc8da1f1bbf343e26ab208df8bb26fd53ae
Certificate serial: 0196AB19B332C0786D4B09581DB4501E4E55
Authority key identifier: 58:01:5C:C8:DA:1F:1B:BF:34:3E:26:AB:20:8D:F8:BB:26:FD:53:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WAFcyNofG780PiarII34uyb9U64.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/bsPiVMk8gP5JUVwDSXOOnIVVF-I.roa
Signing time: Wed 07 May 2025 14:15:10 +0000
ROA not before: Wed 07 May 2025 14:15:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15576
IP address blocks: 77.95.120.0/21 maxlen: 21
85.118.216.0/21 maxlen: 21
185.63.148.0/22 maxlen: 22
212.103.64.0/19 maxlen: 19
212.103.64.0/24 maxlen: 24
212.103.65.0/24 maxlen: 24
217.11.208.0/20 maxlen: 20
217.146.160.0/20 maxlen: 20
217.146.165.0/24 maxlen: 24
2a00:c38::/32 maxlen: 32
2a00:c38:1a5::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ab:19:b3:32:c0:78:6d:4b:09:58:1d:b4:50:1e:4e:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58015cc8da1f1bbf343e26ab208df8bb26fd53ae
Validity
Not Before: May 7 14:15:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6ec3e254c93c80fe49515c0349738e9c855517e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:fe:a7:e0:cf:a4:58:56:9c:17:fd:45:b0:4c:
29:18:c2:ac:60:45:f1:e3:14:8a:48:1e:dc:6f:c5:
d4:2d:a4:aa:16:11:00:e9:50:1f:79:50:12:a6:64:
dd:d2:17:ab:9a:74:90:09:46:58:55:25:87:1b:d8:
76:2c:f6:05:3c:7c:42:2c:e8:70:40:1f:3b:8e:95:
c8:d3:8c:35:0f:6d:2b:1f:0c:ea:b5:6f:fd:8e:51:
1c:58:4d:69:2f:00:e9:47:b7:0d:37:9a:e8:68:a2:
f3:67:04:73:48:56:6f:8a:79:01:4d:0c:4c:c2:e4:
75:8e:e7:f9:cf:2a:da:ac:86:18:c2:70:b8:55:d7:
85:ff:7b:cd:02:66:8d:0f:ce:ac:68:8e:fd:00:ef:
9c:bf:af:97:62:0a:c7:a8:f2:48:74:1b:e7:62:b8:
46:86:22:78:f6:4f:c6:9d:f1:e1:93:08:26:a7:f7:
86:d7:ec:9a:50:0e:3e:a2:13:d3:82:a9:82:b6:b0:
07:36:86:08:28:77:a3:02:ce:cc:8c:6a:bc:69:39:
61:6c:b4:ee:54:67:e9:00:f8:53:c7:ff:09:42:0a:
3c:4b:bd:fa:ab:20:4e:8f:96:ae:cc:b3:f8:8a:b2:
29:df:5b:57:5b:29:1a:6e:30:7f:a2:02:24:90:14:
e3:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:C3:E2:54:C9:3C:80:FE:49:51:5C:03:49:73:8E:9C:85:55:17:E2
X509v3 Authority Key Identifier:
keyid:58:01:5C:C8:DA:1F:1B:BF:34:3E:26:AB:20:8D:F8:BB:26:FD:53:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAFcyNofG780PiarII34uyb9U64.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/bsPiVMk8gP5JUVwDSXOOnIVVF-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/WAFcyNofG780PiarII34uyb9U64.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.95.120.0/21
85.118.216.0/21
185.63.148.0/22
212.103.64.0/19
217.11.208.0/20
217.146.160.0/20
IPv6:
2a00:c38::/32
Signature Algorithm: sha256WithRSAEncryption
38:ab:4f:0f:6f:b0:d9:19:c6:09:e0:de:48:fc:75:b1:2e:7e:
eb:fb:f0:e1:5e:54:6f:7c:07:f2:57:90:73:fa:28:db:c7:b5:
03:37:a2:d8:4f:ca:67:5f:28:16:ee:33:b4:85:0d:8d:66:f9:
9e:67:ef:75:48:42:c3:20:7e:d2:67:2f:39:13:a2:f7:28:aa:
39:8e:f1:f4:14:d0:20:b8:bc:6c:ae:21:f7:21:8c:7e:d5:9b:
c9:b1:ac:ab:6d:66:33:50:50:fa:31:0f:03:9d:2a:43:8c:ee:
2b:b9:15:a3:80:2e:78:00:b2:07:ab:86:1a:93:c3:65:44:11:
ea:49:4c:03:d7:fa:9f:5b:44:75:7e:14:83:09:4e:84:99:ff:
b7:2f:dd:93:ad:dc:3b:19:7d:fd:85:ba:19:d8:8b:a2:00:e9:
d0:d7:f0:4a:6d:cf:e9:36:86:6c:eb:59:73:d5:1c:9a:68:83:
ed:df:7d:55:7d:53:81:b6:3b:eb:c7:51:bc:20:5f:aa:e0:bb:
21:39:c5:25:66:f1:67:80:31:b0:b3:27:e0:72:ab:05:90:df:
74:86:e7:df:59:bd:4f:ff:bc:14:98:05:1c:18:14:a2:07:0a:
e3:7b:e4:65:19:5e:26:ec:f6:05:41:d9:8b:8a:a0:f1:a6:f3:
81:5a:88:5e
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZarGbMywHhtSwlYHbRQHk5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDE1Y2M4ZGExZjFiYmYzNDNlMjZhYjIwOGRmOGJiMjZm
ZDUzYWUwHhcNMjUwNTA3MTQxNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWMzZTI1NGM5M2M4MGZlNDk1MTVjMDM0OTczOGU5Yzg1NTUxN2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv6n4M+kWFacF/1FsEwpGMKsYEXx
4xSKSB7cb8XULaSqFhEA6VAfeVASpmTd0hermnSQCUZYVSWHG9h2LPYFPHxCLOhw
QB87jpXI04w1D20rHwzqtW/9jlEcWE1pLwDpR7cNN5roaKLzZwRzSFZvinkBTQxM
wuR1juf5zyrarIYYwnC4VdeF/3vNAmaND86saI79AO+cv6+XYgrHqPJIdBvnYrhG
hiJ49k/GnfHhkwgmp/eG1+yaUA4+ohPTgqmCtrAHNoYIKHejAs7MjGq8aTlhbLTu
VGfpAPhTx/8JQgo8S736qyBOj5auzLP4irIp31tXWykabjB/ogIkkBTj6QIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFG7D4lTJPID+SVFcA0lzjpyFVRfiMB8GA1UdIwQY
MBaAFFgBXMjaHxu/ND4mqyCN+Lsm/VOuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FGY3lOb2ZHNzgwUGlhcklJMzR1eWI5VTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kNDE3NWQtMTkyYy00MThjLTk3MmYt
OGVlMjFiNzRkZDU2LzEvYnNQaVZNazhnUDVKVVZ3RFNYT09uSVZWRi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kNDE3NWQtMTkyYy00MThjLTk3MmYtOGVlMjFiNzRkZDU2
LzEvV0FGY3lOb2ZHNzgwUGlhcklJMzR1eWI5VTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDTV94AwQD
VXbYAwQCuT+UAwQF1GdAAwQE2QvQAwQE2ZKgMA0EAgACMAcDBQAqAAw4MA0GCSqG
SIb3DQEBCwUAA4IBAQA4q08Pb7DZGcYJ4N5I/HWxLn7r+/DhXlRvfAfyV5Bz+ijb
x7UDN6LYT8pnXygW7jO0hQ2NZvmeZ+91SELDIH7SZy85E6L3KKo5jvH0FNAguLxs
riH3IYx+1ZvJsayrbWYzUFD6MQ8DnSpDjO4ruRWjgC54ALIHq4Yak8NlRBHqSUwD
1/qfW0R1fhSDCU6Emf+3L92Trdw7GX39hboZ2IuiAOnQ1/BKbc/pNoZs61lz1Rya
aIPt331VfVOBtjvrx1G8IF+q4LshOcUlZvFngDGwsyfgcqsFkN90huffWb1P/7wU
mAUcGBSiBwrje+RlGV4m7PYFQdmLiqDxpvOBWohe
-----END CERTIFICATE-----
Generated at Sat May 10 14:03:44 2025 by rpki-client