Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/8uh5dCRPKnxdaDSYN0DKZIvHrh4.roa
File: 8uh5dCRPKnxdaDSYN0DKZIvHrh4.roa (raw, json)
Hash identifier: kysxF8X5rQXzlUMEfsFlxYZg+C4csjvEvNcy0uNLUmg=
Subject key identifier: F2:E8:79:74:24:4F:2A:7C:5D:68:34:98:37:40:CA:64:8B:C7:AE:1E
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 02B063A9
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/8uh5dCRPKnxdaDSYN0DKZIvHrh4.roa
Signing time: Mon 14 Feb 2022 22:53:09 +0000
ROA not before: Mon 14 Feb 2022 22:53:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3257
IP address blocks: 95.164.216.0/21 maxlen: 24
94.131.48.0/20 maxlen: 24
94.131.64.0/20 maxlen: 24
95.164.128.0/20 maxlen: 24
94.131.176.0/21 maxlen: 24
94.131.96.0/21 maxlen: 24
94.131.104.0/21 maxlen: 24
193.218.156.0/22 maxlen: 22
95.164.192.0/21 maxlen: 21
149.154.176.0/20 maxlen: 24
95.164.208.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 45114281 (0x2b063a9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Feb 14 22:53:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f2e87974244f2a7c5d6834983740ca648bc7ae1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:89:ef:2b:95:3d:c4:bb:33:80:ee:a4:88:1f:
e6:49:03:26:a7:a7:d3:6b:1e:8a:ab:4d:30:86:85:
a5:56:aa:93:e3:7e:a4:21:aa:03:c1:bf:bf:6c:ce:
12:be:ec:b1:1c:8a:c5:1b:25:90:35:d8:b4:03:23:
6b:c3:8f:ec:45:19:a2:2b:dc:da:d5:7a:4c:34:ed:
37:e5:ae:9c:da:ab:e5:14:ea:1b:dc:59:bd:eb:8b:
d8:d6:1d:f6:3d:0a:51:21:ea:1e:ef:88:8a:48:0e:
aa:66:15:1e:d9:4c:ac:0c:71:db:31:dc:28:48:9f:
0f:f1:69:f2:49:8d:73:d6:2b:01:01:4b:f1:ed:cb:
d1:d3:79:53:ce:af:a8:f9:19:d4:7f:1a:75:c6:14:
ba:96:ac:35:1e:d0:86:11:69:be:7b:52:db:d3:ba:
21:33:6e:46:3f:3a:8a:2b:3b:36:38:f6:a1:34:2b:
07:68:bc:1a:e2:67:5f:a9:94:2e:74:7d:10:96:63:
c2:0c:7f:67:66:bd:7c:19:c3:5e:47:16:16:21:8a:
2e:70:0e:89:72:7c:ea:df:7b:13:a9:76:c4:1f:b2:
82:6b:c6:d2:b5:06:56:2c:93:0d:b4:24:2b:f2:b1:
a5:c6:97:92:80:3d:e4:85:0f:96:d3:ee:5b:dd:e4:
68:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:E8:79:74:24:4F:2A:7C:5D:68:34:98:37:40:CA:64:8B:C7:AE:1E
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/8uh5dCRPKnxdaDSYN0DKZIvHrh4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.48.0-94.131.79.255
94.131.96.0/20
94.131.176.0/21
95.164.128.0/20
95.164.192.0/21
95.164.208.0/20
149.154.176.0/20
193.218.156.0/22
Signature Algorithm: sha256WithRSAEncryption
12:3f:fd:ea:41:aa:e8:ac:f9:bc:e6:84:8e:17:3c:0c:af:9e:
ef:22:d0:83:0c:da:d8:cd:4b:55:fa:f2:9d:42:e2:19:8f:d1:
0e:7a:e5:69:f7:06:1c:3b:f1:6f:2c:89:89:60:b3:4b:95:38:
34:a9:3e:15:a9:6b:80:4f:4c:b8:a9:5d:8f:45:e7:9c:64:58:
c4:7a:54:3c:eb:a8:36:32:d2:4a:7b:b6:06:fc:26:7f:b2:cb:
14:7e:a8:22:5e:20:ee:30:0b:37:3f:ad:0f:53:2c:30:25:0f:
eb:3a:a8:ee:6c:0a:ba:27:04:8c:da:8d:64:fa:ab:07:b7:ae:
3c:fe:76:50:9f:7a:02:8b:f8:fb:d0:dd:07:c5:8a:71:58:71:
6f:6f:bb:36:e7:09:e3:f7:80:21:eb:f7:d9:1d:ae:ad:de:58:
0e:4a:39:9f:fe:d4:90:fe:c7:9e:28:6d:f2:d2:42:5d:03:67:
48:30:51:51:f2:e2:b8:3b:93:2b:48:57:2f:56:d9:4d:8c:a2:
a9:7f:2f:da:62:45:46:f4:23:cb:47:83:a2:cb:76:8a:dc:2a:
58:2e:8f:9a:42:2a:8d:b4:d8:77:9a:7c:ca:de:00:a1:b3:02:
86:52:57:7d:6e:a4:22:36:27:d3:86:03:f0:84:45:e8:c7:b7:
29:ff:ef:f8
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEArBjqTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDc0M2VkNjNlODY4ZWY1MGY2ZDg0YzAwMDNhODM0ODNmYzYyYTAzMB4XDTIyMDIx
NDIyNTMwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjJlODc5NzQyNDRm
MmE3YzVkNjgzNDk4Mzc0MGNhNjQ4YmM3YWUxZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMaJ7yuVPcS7M4DupIgf5kkDJqen02seiqtNMIaFpVaqk+N+
pCGqA8G/v2zOEr7ssRyKxRslkDXYtAMja8OP7EUZoivc2tV6TDTtN+WunNqr5RTq
G9xZveuL2NYd9j0KUSHqHu+IikgOqmYVHtlMrAxx2zHcKEifD/Fp8kmNc9YrAQFL
8e3L0dN5U86vqPkZ1H8adcYUupasNR7QhhFpvntS29O6ITNuRj86iis7Njj2oTQr
B2i8GuJnX6mULnR9EJZjwgx/Z2a9fBnDXkcWFiGKLnAOiXJ86t97E6l2xB+ygmvG
0rUGViyTDbQkK/KxpcaXkoA95IUPltPuW93kaF0CAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBTy6Hl0JE8qfF1oNJg3QMpki8euHjAfBgNVHSMEGDAWgBRtdD7WPoaO9Q9t
hMAAOoNIP8YqAzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JYUS0xajZHanZVUGJZVEFBRHFEU0RfR0tnTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8x
Lzh1aDVkQ1JQS254ZGFEU1lOMERLWkl2SHJoNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
ZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8xL2JYUS0xajZHanZV
UGJZVEFBRHFEU0RfR0tnTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwODAMAwQEXoMwAwQEXoNAAwQEXoNgAwQD
XoOwAwQEX6SAAwQDX6TAAwQEX6TQAwQElZqwAwQCwdqcMA0GCSqGSIb3DQEBCwUA
A4IBAQASP/3qQarorPm85oSOFzwMr57vItCDDNrYzUtV+vKdQuIZj9EOeuVp9wYc
O/FvLImJYLNLlTg0qT4VqWuAT0y4qV2PReecZFjEelQ866g2MtJKe7YG/CZ/sssU
fqgiXiDuMAs3P60PUywwJQ/rOqjubAq6JwSM2o1k+qsHt648/nZQn3oCi/j70N0H
xYpxWHFvb7s25wnj94Ah6/fZHa6t3lgOSjmf/tSQ/seeKG3y0kJdA2dIMFFR8uK4
O5MrSFcvVtlNjKKpfy/aYkVG9CPLR4Oiy3aK3CpYLo+aQiqNtNh3mnzK3gChswKG
Uld9bqQiNifThgPwhEXox7cp/+/4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:49 2024 by rpki-client on console-ams.rpki-client.org