Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/L1O8jueWQqXBIhsV7amsgbOXpV0.roa
File: L1O8jueWQqXBIhsV7amsgbOXpV0.roa (raw, json)
Hash identifier: oXdEn6bttM9yzsxPdDPnUs5mQZxJ/Ek4LDSl54gyXAM=
Subject key identifier: 2F:53:BC:8E:E7:96:42:A5:C1:22:1B:15:ED:A9:AC:81:B3:97:A5:5D
Certificate issuer: /CN=97cca0952db8aa9fe5e5703c6f189a06a57f4bb1
Certificate serial: 018FF2A764C69C58D0AA70CC410CAD0F0C3F
Authority key identifier: 97:CC:A0:95:2D:B8:AA:9F:E5:E5:70:3C:6F:18:9A:06:A5:7F:4B:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/l8yglS24qp_l5XA8bxiaBqV_S7E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/L1O8jueWQqXBIhsV7amsgbOXpV0.roa
Signing time: Fri 07 Jun 2024 12:23:27 +0000
ROA not before: Fri 07 Jun 2024 12:23:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49025
IP address blocks: 95.173.200.0/22 maxlen: 22
95.173.201.0/24 maxlen: 24
95.173.202.0/23 maxlen: 23
95.173.204.0/22 maxlen: 22
95.173.208.0/21 maxlen: 21
95.173.216.0/21 maxlen: 21
185.2.40.0/22 maxlen: 22
185.111.108.0/24 maxlen: 24
185.111.109.0/24 maxlen: 24
185.111.111.0/24 maxlen: 24
2a02:a48:f000::/36 maxlen: 36
2a06:5d80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:f2:a7:64:c6:9c:58:d0:aa:70:cc:41:0c:ad:0f:0c:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=97cca0952db8aa9fe5e5703c6f189a06a57f4bb1
Validity
Not Before: Jun 7 12:23:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2f53bc8ee79642a5c1221b15eda9ac81b397a55d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:44:fa:7d:96:29:6e:ec:c8:e1:1c:08:c4:79:
5f:52:70:b3:68:87:d2:0e:e7:eb:ba:94:78:66:8d:
ae:22:ec:16:50:98:81:8c:a7:6b:cd:46:9d:24:af:
af:4e:c3:ce:89:61:b9:17:52:be:46:a4:47:5a:c4:
37:93:47:01:84:7b:78:95:b0:4e:f1:17:d9:75:36:
82:ad:d2:5c:cf:1f:a2:2e:90:3f:ca:33:29:66:06:
ff:bb:28:d6:51:b1:cd:4a:2a:60:31:bd:26:1d:7e:
c7:80:dc:a4:0e:23:d4:08:94:3f:a1:bf:90:13:d6:
46:e7:18:c1:11:82:cb:27:48:a8:c4:c0:52:2b:8f:
94:3d:d6:d0:10:cb:70:d8:08:bc:be:9f:d0:3f:9b:
0a:e0:a7:ba:3d:7d:5b:66:44:16:9b:c7:80:10:47:
f9:88:6d:75:15:e2:be:69:0c:54:8e:ad:87:8a:f5:
11:b7:92:fc:b7:22:95:5e:7d:d5:30:b5:bd:1f:88:
79:ce:0e:b3:dd:8e:7d:a6:6d:58:fc:04:5d:4c:b5:
88:15:cb:5a:24:94:d0:b6:d1:2f:8c:2c:93:9d:6e:
58:3c:b5:26:80:84:ba:a9:79:a6:3d:11:f2:72:65:
74:b8:4e:a4:98:b7:ac:1c:85:9a:4e:1e:ce:25:26:
96:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:53:BC:8E:E7:96:42:A5:C1:22:1B:15:ED:A9:AC:81:B3:97:A5:5D
X509v3 Authority Key Identifier:
keyid:97:CC:A0:95:2D:B8:AA:9F:E5:E5:70:3C:6F:18:9A:06:A5:7F:4B:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8yglS24qp_l5XA8bxiaBqV_S7E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/L1O8jueWQqXBIhsV7amsgbOXpV0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/9a0eb2-e994-4719-a166-5d6dd0ba52cf/1/l8yglS24qp_l5XA8bxiaBqV_S7E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.173.200.0-95.173.223.255
185.2.40.0/22
185.111.108.0/23
185.111.111.0/24
IPv6:
2a02:a48:f000::/36
2a06:5d80::/32
Signature Algorithm: sha256WithRSAEncryption
8d:a1:1a:36:55:87:36:8e:ba:83:e8:f5:cd:21:f1:1c:a0:78:
3f:34:4b:9a:3f:dc:37:81:1d:b3:f6:b0:87:9f:e8:cf:ae:32:
06:0c:57:1b:5e:6b:de:87:a3:c0:9c:6a:c2:81:77:6d:68:ba:
82:2e:13:9e:38:cf:a9:e4:da:39:c9:29:1e:c8:8c:07:e5:6b:
81:d6:72:ea:f5:12:62:80:36:3c:a1:ec:c0:71:49:ff:c0:41:
ac:8e:04:16:5c:4a:70:83:4e:ff:d1:97:8e:88:f8:19:71:53:
ed:77:62:b6:9e:9b:0e:c0:0c:79:41:2a:71:85:ce:52:85:3c:
01:2e:cf:2a:64:f1:6c:3c:38:85:40:54:1c:40:f7:f5:de:c3:
cb:7a:f7:54:ff:2c:40:8c:d4:19:f3:20:c6:10:95:c0:b1:a1:
4c:2a:c3:fc:6a:79:52:c2:e3:9e:d7:c6:1a:58:5d:87:3a:76:
e6:c0:74:7a:7b:64:50:c5:3d:5b:57:64:4a:63:14:8e:bf:2d:
96:af:25:32:e3:78:89:6f:18:60:2b:8e:4a:2d:b6:55:ea:76:
02:43:e8:89:10:dc:86:09:9b:0c:ac:48:26:d7:d9:91:b4:4f:
ab:3b:ca:69:79:e6:8e:16:d2:ca:52:9c:f9:28:d4:a6:4f:50:
c9:a3:46:71
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAY/yp2TGnFjQqnDMQQytDww/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3Y2NhMDk1MmRiOGFhOWZlNWU1NzAzYzZmMTg5YTA2YTU3
ZjRiYjEwHhcNMjQwNjA3MTIyMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjUzYmM4ZWU3OTY0MmE1YzEyMjFiMTVlZGE5YWM4MWIzOTdhNTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUT6fZYpbuzI4RwIxHlfUnCzaIfS
DufrupR4Zo2uIuwWUJiBjKdrzUadJK+vTsPOiWG5F1K+RqRHWsQ3k0cBhHt4lbBO
8RfZdTaCrdJczx+iLpA/yjMpZgb/uyjWUbHNSipgMb0mHX7HgNykDiPUCJQ/ob+Q
E9ZG5xjBEYLLJ0ioxMBSK4+UPdbQEMtw2Ai8vp/QP5sK4Ke6PX1bZkQWm8eAEEf5
iG11FeK+aQxUjq2HivURt5L8tyKVXn3VMLW9H4h5zg6z3Y59pm1Y/ARdTLWIFcta
JJTQttEvjCyTnW5YPLUmgIS6qXmmPRHycmV0uE6kmLesHIWaTh7OJSaWLwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFC9TvI7nlkKlwSIbFe2prIGzl6VdMB8GA1UdIwQY
MBaAFJfMoJUtuKqf5eVwPG8Ymgalf0uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDh5Z2xTMjRxcF9sNVhBOGJ4aWFCcVZfUzdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy85YTBlYjItZTk5NC00NzE5LWExNjYt
NWQ2ZGQwYmE1MmNmLzEvTDFPOGp1ZVdRcVhCSWhzVjdhbXNnYk9YcFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy85YTBlYjItZTk5NC00NzE5LWExNjYtNWQ2ZGQwYmE1MmNm
LzEvbDh5Z2xTMjRxcF9sNVhBOGJ4aWFCcVZfUzdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAmBAIAATAgMAwDBANfrcgD
BAVfrcADBAK5AigDBAG5b2wDBAC5b28wFQQCAAIwDwMGBCoCCkjwAwUAKgZdgDAN
BgkqhkiG9w0BAQsFAAOCAQEAjaEaNlWHNo66g+j1zSHxHKB4PzRLmj/cN4Eds/aw
h5/oz64yBgxXG15r3oejwJxqwoF3bWi6gi4TnjjPqeTaOckpHsiMB+VrgdZy6vUS
YoA2PKHswHFJ/8BBrI4EFlxKcINO/9GXjoj4GXFT7Xditp6bDsAMeUEqcYXOUoU8
AS7PKmTxbDw4hUBUHED39d7Dy3r3VP8sQIzUGfMgxhCVwLGhTCrD/Gp5UsLjntfG
Glhdhzp25sB0entkUMU9W1dkSmMUjr8tlq8lMuN4iW8YYCuOSi22Vep2AkPoiRDc
hgmbDKxIJtfZkbRPqzvKaXnmjhbSylKc+SjUpk9QyaNGcQ==
-----END CERTIFICATE-----
Generated at Mon Jun 10 14:02:07 2024 by rpki-client on console-fra.rpki-client.org