Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/WJH47C61XR_K2-CtYxgpUp74kn0.roa
File: WJH47C61XR_K2-CtYxgpUp74kn0.roa (raw, json)
Hash identifier: BVccIg7io/eziHh+vAH/IUFYNMXuHQFyf8ZMaD2OiiM=
Subject key identifier: 58:91:F8:EC:2E:B5:5D:1F:CA:DB:E0:AD:63:18:29:52:9E:F8:92:7D
Certificate issuer: /CN=b3b6f54ea9b15a8bd4f33825386cb277b03439dd
Certificate serial: 019566950FC1ACCB76C90029BAFC7CB787AF
Authority key identifier: B3:B6:F5:4E:A9:B1:5A:8B:D4:F3:38:25:38:6C:B2:77:B0:34:39:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s7b1TqmxWovU8zglOGyyd7A0Od0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/WJH47C61XR_K2-CtYxgpUp74kn0.roa
Signing time: Wed 05 Mar 2025 13:53:19 +0000
ROA not before: Wed 05 Mar 2025 13:53:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42184
IP address blocks: 45.82.124.0/22 maxlen: 24
91.190.224.0/21 maxlen: 24
178.251.8.0/21 maxlen: 24
185.64.168.0/22 maxlen: 24
185.143.168.0/22 maxlen: 24
185.153.140.0/22 maxlen: 24
188.64.248.0/21 maxlen: 24
194.15.152.0/22 maxlen: 24
2a02:f08::/32 maxlen: 48
2a0f:8880::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:66:95:0f:c1:ac:cb:76:c9:00:29:ba:fc:7c:b7:87:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b3b6f54ea9b15a8bd4f33825386cb277b03439dd
Validity
Not Before: Mar 5 13:53:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5891f8ec2eb55d1fcadbe0ad631829529ef8927d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:1d:d7:81:40:e0:bc:d3:6c:36:6d:cb:99:36:
b9:e9:f4:e1:e6:64:9b:30:52:4d:2c:1a:ea:12:74:
92:4d:20:20:51:62:10:4b:e1:a0:37:3c:92:9a:e0:
1b:51:cf:0c:2c:d6:a6:ac:ff:6a:3b:1d:50:25:de:
a0:63:7d:15:3a:9b:9a:ab:22:e4:46:4c:2c:4d:7a:
62:bc:1b:46:14:1e:0b:a3:5d:e5:c0:b0:fb:38:8f:
b8:f7:b6:11:b5:3c:77:53:e1:9d:53:ae:6b:c4:ee:
4f:ff:63:aa:98:78:c8:76:77:ef:62:7e:c4:34:99:
59:f3:f2:f9:5d:a5:fa:e8:3b:43:7a:01:dd:04:61:
55:86:13:92:ed:21:25:61:16:c3:b8:06:f2:3d:be:
f7:6e:eb:75:29:94:d9:c5:bb:1c:82:04:65:76:34:
06:5d:f7:cd:a8:b4:27:68:31:70:d3:c9:ae:04:2a:
75:e5:25:92:bc:25:c5:cb:41:f4:be:ef:91:5a:b8:
10:18:03:91:ed:20:7f:15:f2:0b:14:f2:6a:b6:ef:
c3:c8:f1:16:a6:d1:4b:ef:ab:0f:24:41:da:bd:26:
ff:0f:9c:9b:d2:8d:16:79:f3:73:e3:09:8f:68:fe:
53:ec:d5:14:0b:d4:63:88:af:05:a6:3a:b8:2f:ce:
4c:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:91:F8:EC:2E:B5:5D:1F:CA:DB:E0:AD:63:18:29:52:9E:F8:92:7D
X509v3 Authority Key Identifier:
keyid:B3:B6:F5:4E:A9:B1:5A:8B:D4:F3:38:25:38:6C:B2:77:B0:34:39:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s7b1TqmxWovU8zglOGyyd7A0Od0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/WJH47C61XR_K2-CtYxgpUp74kn0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/8de4a3-8d5a-46b1-a735-2f46e9317cc6/1/s7b1TqmxWovU8zglOGyyd7A0Od0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.82.124.0/22
91.190.224.0/21
178.251.8.0/21
185.64.168.0/22
185.143.168.0/22
185.153.140.0/22
188.64.248.0/21
194.15.152.0/22
IPv6:
2a02:f08::/32
2a0f:8880::/29
Signature Algorithm: sha256WithRSAEncryption
67:29:68:8e:b5:30:ea:d2:c1:9a:2a:29:1b:2f:75:1c:91:d2:
58:81:99:a7:dd:f3:3c:b8:36:ea:06:21:de:5a:4c:16:1a:3a:
88:c3:d6:bb:9c:1f:56:34:79:f1:95:c7:e2:a1:cb:63:e3:af:
e4:78:e4:41:72:5e:8e:d7:1c:dd:e5:af:07:74:47:c2:ff:bd:
01:f7:48:d5:10:9a:78:ae:47:ca:35:0f:0b:1d:98:7a:99:5c:
f3:36:de:68:d8:89:15:99:9d:ec:c9:a3:e4:32:00:85:19:e0:
dc:79:0f:69:a8:34:b5:9e:c0:ee:4c:ad:a4:fd:bd:ee:87:1b:
3d:94:82:c9:90:7d:f6:89:49:ef:74:ab:c0:1d:90:d5:64:44:
12:bd:0a:ab:9d:4e:b4:38:74:71:fc:ed:7e:26:c8:05:57:bb:
c9:ab:14:e3:c1:ff:ee:88:87:96:34:39:bf:30:ff:bd:59:9e:
fd:33:f6:24:1c:7c:62:d7:3b:4e:43:dd:d9:80:e1:b2:e3:52:
81:6c:1a:2c:ca:31:75:c5:a1:31:48:39:1a:0c:e6:1e:7d:60:
3c:f8:b5:41:61:3c:e4:a1:5d:14:34:cb:9d:3f:26:18:32:22:
73:1a:ad:77:fe:36:a6:e4:6f:35:ce:79:45:d9:ed:aa:ed:71:
39:d6:46:8e
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZVmlQ/BrMt2yQApuvx8t4evMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYjZmNTRlYTliMTVhOGJkNGYzMzgyNTM4NmNiMjc3YjAz
NDM5ZGQwHhcNMjUwMzA1MTM1MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODkxZjhlYzJlYjU1ZDFmY2FkYmUwYWQ2MzE4Mjk1MjllZjg5MjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxB3XgUDgvNNsNm3LmTa56fTh5mSb
MFJNLBrqEnSSTSAgUWIQS+GgNzySmuAbUc8MLNamrP9qOx1QJd6gY30VOpuaqyLk
RkwsTXpivBtGFB4Lo13lwLD7OI+497YRtTx3U+GdU65rxO5P/2OqmHjIdnfvYn7E
NJlZ8/L5XaX66DtDegHdBGFVhhOS7SElYRbDuAbyPb73but1KZTZxbscggRldjQG
XffNqLQnaDFw08muBCp15SWSvCXFy0H0vu+RWrgQGAOR7SB/FfILFPJqtu/DyPEW
ptFL76sPJEHavSb/D5yb0o0WefNz4wmPaP5T7NUUC9RjiK8Fpjq4L85MlQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFFiR+OwutV0fytvgrWMYKVKe+JJ9MB8GA1UdIwQY
MBaAFLO29U6psVqL1PM4JThssnewNDndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczdiMVRxbXhXb3ZVOHpnbE9HeXlkN0EwT2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84ZGU0YTMtOGQ1YS00NmIxLWE3MzUt
MmY0NmU5MzE3Y2M2LzEvV0pINDdDNjFYUl9LMi1DdFl4Z3BVcDc0a24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84ZGU0YTMtOGQ1YS00NmIxLWE3MzUtMmY0NmU5MzE3Y2M2
LzEvczdiMVRxbXhXb3ZVOHpnbE9HeXlkN0EwT2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQCLVJ8AwQD
W77gAwQDsvsIAwQCuUCoAwQCuY+oAwQCuZmMAwQDvED4AwQCwg+YMBQEAgACMA4D
BQAqAg8IAwUDKg+IgDANBgkqhkiG9w0BAQsFAAOCAQEAZylojrUw6tLBmiopGy91
HJHSWIGZp93zPLg26gYh3lpMFho6iMPWu5wfVjR58ZXH4qHLY+Ov5HjkQXJejtcc
3eWvB3RHwv+9AfdI1RCaeK5HyjUPCx2Yeplc8zbeaNiJFZmd7Mmj5DIAhRng3HkP
aag0tZ7A7kytpP297ocbPZSCyZB99olJ73SrwB2Q1WREEr0Kq51OtDh0cfztfibI
BVe7yasU48H/7oiHljQ5vzD/vVme/TP2JBx8Ytc7TkPd2YDhsuNSgWwaLMoxdcWh
MUg5GgzmHn1gPPi1QWE85KFdFDTLnT8mGDIicxqtd/42puRvNc55Rdntqu1xOdZG
jg==
-----END CERTIFICATE-----
Generated at Mon Apr 28 11:16:26 2025 by rpki-client