Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/wKxo4krayT7Mm2EjIsP5N4DXVvI.roa
File: wKxo4krayT7Mm2EjIsP5N4DXVvI.roa (raw, json)
Hash identifier: RQnrJFeqyXAVfwDTM8QD1bcwMckRYcRD+pjXq2Q3HWU=
Subject key identifier: C0:AC:68:E2:4A:DA:C9:3E:CC:9B:61:23:22:C3:F9:37:80:D7:56:F2
Certificate issuer: /CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Certificate serial: 018B95EBBB70B4E85AAA957F7FB7843B9C92
Authority key identifier: B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/wKxo4krayT7Mm2EjIsP5N4DXVvI.roa
Signing time: Fri 03 Nov 2023 16:02:15 +0000
ROA not before: Fri 03 Nov 2023 16:02:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58026
IP address blocks: 176.116.4.0/24 maxlen: 24
65.111.0.0/19 maxlen: 19
104.167.16.0/20 maxlen: 20
104.207.32.0/19 maxlen: 19
45.78.80.0/20 maxlen: 20
45.3.32.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:95:eb:bb:70:b4:e8:5a:aa:95:7f:7f:b7:84:3b:9c:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b404cc0e038eb0e697ec6e7ae49d0286146e0c1a
Validity
Not Before: Nov 3 16:02:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c0ac68e24adac93ecc9b612322c3f93780d756f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:d0:4a:12:9b:2a:93:d6:6b:08:91:43:90:35:
2b:b4:f5:d6:e3:2b:43:29:80:72:0b:26:0c:38:b5:
45:b6:cc:99:2f:a7:98:24:99:33:ca:13:cf:1f:e7:
34:76:20:45:4e:34:41:52:8d:78:31:6f:aa:42:64:
e0:30:5f:a0:e3:38:90:50:a1:4f:f2:9e:6e:92:04:
6b:05:fd:7e:9f:b0:41:98:7e:a3:e2:36:d2:25:28:
32:39:be:4b:f7:1e:fb:c0:8e:66:a1:1e:f1:cf:31:
b4:ba:17:78:b5:b4:d5:76:a7:0d:48:22:22:ea:31:
b3:05:45:03:5c:d9:40:a7:61:db:bc:8c:e5:2f:4f:
9d:ab:bd:db:25:7a:6e:d2:40:b6:5d:83:e0:15:00:
af:e8:3c:6c:59:41:c5:fa:b3:90:3b:94:36:08:e3:
07:63:79:8f:24:ec:e1:70:17:c1:ef:66:5e:47:9d:
19:eb:ac:d9:88:9e:65:1a:47:28:02:44:c9:94:d2:
0d:bc:4c:2d:13:ac:2d:c4:66:d0:10:2a:ba:2f:ae:
f4:b1:37:39:97:72:78:4c:54:87:5a:83:78:26:d5:
09:b1:27:0f:aa:03:74:51:9b:01:36:e2:80:9f:8f:
e4:08:fa:39:d0:1e:59:ef:2e:28:97:18:49:e3:e9:
8a:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:AC:68:E2:4A:DA:C9:3E:CC:9B:61:23:22:C3:F9:37:80:D7:56:F2
X509v3 Authority Key Identifier:
keyid:B4:04:CC:0E:03:8E:B0:E6:97:EC:6E:7A:E4:9D:02:86:14:6E:0C:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tATMDgOOsOaX7G565J0ChhRuDBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/wKxo4krayT7Mm2EjIsP5N4DXVvI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/abe16b-92cc-48e3-b5b9-86a2f067b4e8/1/tATMDgOOsOaX7G565J0ChhRuDBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.3.32.0/19
45.78.80.0/20
65.111.0.0/19
104.167.16.0/20
104.207.32.0/19
176.116.4.0/24
Signature Algorithm: sha256WithRSAEncryption
53:62:91:3a:70:34:66:7a:1d:f8:11:57:e6:7b:7a:e4:03:36:
f3:53:21:31:30:99:d0:cf:18:d1:8d:57:c3:a9:4b:1e:cd:a1:
bc:14:de:fc:f0:ea:15:14:02:55:0e:df:a5:07:25:5b:a5:12:
17:a7:dd:c6:12:a7:8d:db:65:81:31:c5:a1:6e:bc:bb:ce:03:
1d:90:bc:82:25:06:50:63:c6:80:b2:2a:02:a0:2a:1e:35:da:
88:ce:9a:85:9c:86:f7:0a:29:ec:90:de:46:b0:34:5d:8d:cf:
d0:78:69:5f:75:56:1b:66:a7:ad:9d:c2:ed:ab:45:1d:56:1c:
f7:21:ba:f1:bb:c3:dc:cf:bb:cd:f1:66:57:42:58:8f:97:27:
e7:dd:5b:1a:10:aa:68:c1:02:c3:c5:2a:39:dc:be:0d:b0:98:
99:49:ab:b5:a0:4f:cb:78:53:5f:a1:3d:66:d5:8e:79:17:7c:
ab:d7:95:83:3f:3b:b9:50:13:bd:80:a7:2d:50:7d:13:9c:8a:
d7:cc:0e:1b:0d:79:79:ec:38:fc:82:49:b4:15:37:f0:eb:74:
86:c4:e4:1e:79:47:d5:68:ee:0d:93:1e:6c:cc:98:ab:41:85:
ae:80:15:27:d2:94:f5:18:1e:eb:66:84:33:a7:bd:a2:ef:db:
d7:ac:88:b0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYuV67twtOhaqpV/f7eEO5ySMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MDRjYzBlMDM4ZWIwZTY5N2VjNmU3YWU0OWQwMjg2MTQ2
ZTBjMWEwHhcNMjMxMTAzMTYwMjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGFjNjhlMjRhZGFjOTNlY2M5YjYxMjMyMmMzZjkzNzgwZDc1NmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNBKEpsqk9ZrCJFDkDUrtPXW4ytD
KYByCyYMOLVFtsyZL6eYJJkzyhPPH+c0diBFTjRBUo14MW+qQmTgMF+g4ziQUKFP
8p5ukgRrBf1+n7BBmH6j4jbSJSgyOb5L9x77wI5moR7xzzG0uhd4tbTVdqcNSCIi
6jGzBUUDXNlAp2HbvIzlL0+dq73bJXpu0kC2XYPgFQCv6DxsWUHF+rOQO5Q2COMH
Y3mPJOzhcBfB72ZeR50Z66zZiJ5lGkcoAkTJlNINvEwtE6wtxGbQECq6L670sTc5
l3J4TFSHWoN4JtUJsScPqgN0UZsBNuKAn4/kCPo50B5Z7y4olxhJ4+mKCwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMCsaOJK2sk+zJthIyLD+TeA11byMB8GA1UdIwQY
MBaAFLQEzA4DjrDml+xueuSdAoYUbgwaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1Yjkt
ODZhMmYwNjdiNGU4LzEvd0t4bzRrcmF5VDdNbTJFaklzUDVONERYVnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9hYmUxNmItOTJjYy00OGUzLWI1YjktODZhMmYwNjdiNGU4
LzEvdEFUTURnT09zT2FYN0c1NjVKMENoaFJ1REJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQFLQMgAwQE
LU5QAwQFQW8AAwQEaKcQAwQFaM8gAwQAsHQEMA0GCSqGSIb3DQEBCwUAA4IBAQBT
YpE6cDRmeh34EVfme3rkAzbzUyExMJnQzxjRjVfDqUsezaG8FN788OoVFAJVDt+l
ByVbpRIXp93GEqeN22WBMcWhbry7zgMdkLyCJQZQY8aAsioCoCoeNdqIzpqFnIb3
CinskN5GsDRdjc/QeGlfdVYbZqetncLtq0UdVhz3Ibrxu8Pcz7vN8WZXQliPlyfn
3VsaEKpowQLDxSo53L4NsJiZSau1oE/LeFNfoT1m1Y55F3yr15WDPzu5UBO9gKct
UH0TnIrXzA4bDXl57Dj8gkm0FTfw63SGxOQeeUfVaO4Nkx5szJirQYWugBUn0pT1
GB7rZoQzp72i79vXrIiw
-----END CERTIFICATE-----
Generated at Mon Apr 28 07:45:55 2025 by rpki-client