Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/3fX9hDvL-xm5CCgdB4jWTSrU-94.roa
File: 3fX9hDvL-xm5CCgdB4jWTSrU-94.roa (raw, json)
Hash identifier: 9RUWrxGXRKEfLspCcdvEDgH+OBsMsB9SDdg1GqkmKfQ=
Subject key identifier: DD:F5:FD:84:3B:CB:FB:19:B9:08:28:1D:07:88:D6:4D:2A:D4:FB:DE
Certificate issuer: /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial: 01856CAEF4ACE46547168207E0837E0A1960
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/3fX9hDvL-xm5CCgdB4jWTSrU-94.roa
Signing time: Sun 01 Jan 2023 09:34:43 +0000
ROA not before: Sun 01 Jan 2023 09:34:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8849
IP address blocks: 95.174.71.0/24 maxlen: 24
95.174.68.0/24 maxlen: 24
95.174.69.0/24 maxlen: 24
95.174.70.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ae:f4:ac:e4:65:47:16:82:07:e0:83:7e:0a:19:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Validity
Not Before: Jan 1 09:34:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ddf5fd843bcbfb19b908281d0788d64d2ad4fbde
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:4b:1c:1a:33:b1:d7:42:f4:0b:e1:e3:ea:ab:
a2:d1:cc:22:ac:76:30:81:c7:77:c7:60:01:08:12:
7e:fb:ea:c5:7d:5b:39:fb:84:6f:96:d0:7b:9b:85:
bf:15:3a:4b:db:c8:75:dc:eb:45:5f:7e:e1:f0:ee:
31:3d:81:d9:8c:d4:87:95:55:54:64:8f:2b:e4:71:
48:e3:35:73:07:60:15:3f:3e:e1:16:c6:62:aa:3b:
47:ad:a6:36:e8:83:7d:4d:f4:f8:2a:c0:18:ca:0f:
ac:25:d3:9f:1d:4c:74:08:03:44:2a:10:b7:ba:94:
11:5c:b4:65:9a:cc:e9:71:5d:60:c6:75:c8:74:26:
c9:39:7b:79:ea:0b:a2:23:8c:81:6e:04:76:38:6c:
9c:a2:a0:0b:dc:e9:77:0c:8b:d5:05:8c:a5:83:40:
17:25:43:7e:e5:3b:5e:53:db:7b:73:95:37:1b:0f:
1b:7f:6e:50:38:d9:0d:67:eb:ab:25:89:cd:ce:b0:
0a:4b:f2:df:9d:af:24:a0:6b:88:71:e0:de:46:cd:
0d:89:e0:1c:9d:fe:ec:9d:61:69:cc:06:42:82:61:
29:f3:7c:3f:9b:a7:03:5b:80:d7:06:1d:c1:57:ed:
00:5c:8c:13:f6:88:64:66:45:28:ec:4a:3b:de:94:
28:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:F5:FD:84:3B:CB:FB:19:B9:08:28:1D:07:88:D6:4D:2A:D4:FB:DE
X509v3 Authority Key Identifier:
keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/3fX9hDvL-xm5CCgdB4jWTSrU-94.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.174.68.0/22
Signature Algorithm: sha256WithRSAEncryption
b2:3d:6c:8b:a7:d8:bd:cb:c7:93:f8:83:4a:c7:a7:6c:b0:58:
af:bc:5b:28:56:b0:32:ae:a2:17:b8:bb:4b:5e:f9:30:8f:10:
1e:2c:ea:58:31:18:2a:27:2c:4c:9b:d0:6a:98:11:14:9d:8a:
db:c6:47:01:29:68:e9:8a:e2:4d:a0:d8:e1:79:cc:11:5d:bb:
ee:e8:4e:80:8f:88:08:06:cb:5b:33:94:78:84:c7:7b:6b:f4:
9a:d4:46:69:d8:a3:ba:ae:7a:d2:90:1b:c2:b4:cf:01:4a:9d:
8f:ed:e9:53:bc:7b:e4:88:ec:ef:9a:a6:87:68:30:ff:6f:3f:
da:1e:a5:85:fb:50:00:53:0d:93:a3:04:0d:78:8d:cf:7f:03:
d2:8c:82:27:87:98:d3:32:6d:0e:b9:57:a3:c7:07:4b:07:fc:
6d:e5:d5:fc:df:f1:77:35:08:38:2c:94:9b:ba:58:35:79:66:
05:56:5e:a6:10:53:e3:77:7d:90:df:c0:7b:d7:53:12:e5:c2:
f0:d0:f2:c7:1e:a8:6b:02:a2:69:51:96:65:2c:1e:02:d4:46:
e8:6c:eb:f0:51:d2:82:be:26:ee:81:04:a5:04:f2:a3:42:4b:
87:69:91:b9:65:ca:03:07:ba:15:d9:72:ac:f3:c4:5a:6b:60:
9a:80:68:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsrvSs5GVHFoIH4IN+ChlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjMwMTAxMDkzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGY1ZmQ4NDNiY2JmYjE5YjkwODI4MWQwNzg4ZDY0ZDJhZDRmYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkscGjOx10L0C+Hj6qui0cwirHYw
gcd3x2ABCBJ+++rFfVs5+4RvltB7m4W/FTpL28h13OtFX37h8O4xPYHZjNSHlVVU
ZI8r5HFI4zVzB2AVPz7hFsZiqjtHraY26IN9TfT4KsAYyg+sJdOfHUx0CANEKhC3
upQRXLRlmszpcV1gxnXIdCbJOXt56guiI4yBbgR2OGycoqAL3Ol3DIvVBYylg0AX
JUN+5TteU9t7c5U3Gw8bf25QONkNZ+urJYnNzrAKS/Lfna8koGuIceDeRs0NieAc
nf7snWFpzAZCgmEp83w/m6cDW4DXBh3BV+0AXIwT9ohkZkUo7Eo73pQoxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN31/YQ7y/sZuQgoHQeI1k0q1PveMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvM2ZYOWhEdkwteG01Q0NnZEI0aldUU3JVLTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX65EMA0G
CSqGSIb3DQEBCwUAA4IBAQCyPWyLp9i9y8eT+INKx6dssFivvFsoVrAyrqIXuLtL
XvkwjxAeLOpYMRgqJyxMm9BqmBEUnYrbxkcBKWjpiuJNoNjhecwRXbvu6E6Aj4gI
BstbM5R4hMd7a/Sa1EZp2KO6rnrSkBvCtM8BSp2P7elTvHvkiOzvmqaHaDD/bz/a
HqWF+1AAUw2TowQNeI3PfwPSjIInh5jTMm0OuVejxwdLB/xt5dX83/F3NQg4LJSb
ulg1eWYFVl6mEFPjd32Q38B711MS5cLw0PLHHqhrAqJpUZZlLB4C1EbobOvwUdKC
vibugQSlBPKjQkuHaZG5ZcoDB7oV2XKs88Raa2CagGiz
-----END CERTIFICATE-----
Generated at Thu Aug 17 09:31:40 2023 by rpki-client on console-ams.rpki-client.org