Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/OiiGSJm2cOYJ-I8BVmFTYxy1l4I.roa
File: OiiGSJm2cOYJ-I8BVmFTYxy1l4I.roa (raw, json)
Hash identifier: PoUo8a0HXQDL7XRzTnXO4vJNUvGH3XlBqMM2/agLWek=
Subject key identifier: 3A:28:86:48:99:B6:70:E6:09:F8:8F:01:56:61:53:63:1C:B5:97:82
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 0399C8A0
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/OiiGSJm2cOYJ-I8BVmFTYxy1l4I.roa
Signing time: Thu 26 May 2022 22:31:13 +0000
ROA not before: Thu 26 May 2022 22:31:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 6461
IP address blocks: 95.164.0.0/21 maxlen: 24
95.164.24.0/21 maxlen: 24
95.164.32.0/21 maxlen: 24
94.131.112.0/20 maxlen: 24
95.164.96.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 60410016 (0x399c8a0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: May 26 22:31:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3a28864899b670e609f88f01566153631cb59782
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:e6:04:8a:7d:1e:a6:4f:c0:37:aa:22:d6:4c:
64:86:aa:ac:57:3d:83:63:87:34:7a:50:08:4b:c7:
f7:52:a2:95:e3:e6:81:f4:8a:11:63:f7:a1:06:34:
43:bc:6b:6a:1a:a1:90:cd:fd:48:ef:6c:2e:09:0d:
e9:3d:4d:23:02:8a:76:36:18:2d:40:18:11:63:17:
1a:a7:da:67:61:09:8b:7b:35:0c:b4:15:55:7e:cd:
84:6d:0e:7c:40:91:27:84:40:fb:e6:ea:77:ba:38:
00:63:db:a8:a5:e8:e1:e2:04:cf:5a:2a:74:2a:10:
f9:6f:9e:ec:58:e2:b6:72:85:2d:3e:88:b7:57:e0:
6e:c7:42:1a:12:11:8f:b2:33:ef:4a:2b:e9:31:a1:
3c:c9:c9:c4:ce:9b:ef:ef:94:6d:63:67:0e:46:f1:
36:9d:f3:5e:65:93:97:03:5d:8f:2b:5a:c4:5a:57:
5a:fd:4d:9a:3a:e1:d5:45:68:4f:0f:89:a5:08:49:
9f:00:42:88:3c:a4:56:81:82:c6:57:6e:ce:2b:40:
1a:68:35:cc:1a:78:c9:97:7a:ee:7e:75:29:ee:96:
0d:ca:5d:de:f0:8c:94:48:04:3f:6e:36:54:c2:d3:
b1:11:56:89:43:17:39:2d:6b:b5:fb:a7:b2:67:a8:
15:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:28:86:48:99:B6:70:E6:09:F8:8F:01:56:61:53:63:1C:B5:97:82
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/OiiGSJm2cOYJ-I8BVmFTYxy1l4I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.112.0/20
95.164.0.0/21
95.164.24.0-95.164.39.255
95.164.96.0/20
Signature Algorithm: sha256WithRSAEncryption
97:b1:24:71:0c:83:3b:65:d0:1c:53:fb:7c:14:76:77:27:0d:
f6:83:1f:71:32:03:20:33:90:2a:50:14:89:04:48:18:69:cf:
2d:6b:1c:b9:23:46:ca:6f:df:8e:2e:ee:69:f2:25:7b:2d:46:
c8:35:ee:00:15:c7:88:ed:15:0c:b6:02:7d:79:79:3d:5b:31:
79:de:c4:4f:97:5f:66:9f:6e:e8:15:30:70:5e:38:bc:98:96:
78:4a:32:bd:14:f9:c2:45:79:c8:73:2a:ed:4d:a4:0f:89:2e:
df:98:8a:d8:ce:18:a0:4e:4d:4e:41:62:4e:2b:19:f9:60:3f:
53:c4:af:da:cf:d2:9f:7c:af:cb:c8:c8:7c:26:9d:3d:4f:75:
5c:29:ef:fb:21:f9:2d:f1:3c:98:e8:8b:9b:9d:f9:2e:1a:ee:
52:b1:35:40:77:d0:24:e4:25:16:db:70:eb:2e:4b:91:2b:ad:
fe:71:51:48:99:8e:88:1b:82:30:52:45:b6:70:1c:cf:1d:16:
2a:63:71:91:a9:8b:5e:c5:49:89:8d:81:57:35:46:21:df:16:
c9:b8:1d:61:84:82:6b:76:ea:cc:e3:fa:70:de:ae:a9:6c:12:
81:83:ea:45:18:fd:f7:29:5f:14:bb:40:64:d1:f0:b8:e1:f6:
d0:99:7c:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgIEA5nIoDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDc0M2VkNjNlODY4ZWY1MGY2ZDg0YzAwMDNhODM0ODNmYzYyYTAzMB4XDTIyMDUy
NjIyMzExM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2EyODg2NDg5OWI2
NzBlNjA5Zjg4ZjAxNTY2MTUzNjMxY2I1OTc4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKfmBIp9HqZPwDeqItZMZIaqrFc9g2OHNHpQCEvH91KilePm
gfSKEWP3oQY0Q7xrahqhkM39SO9sLgkN6T1NIwKKdjYYLUAYEWMXGqfaZ2EJi3s1
DLQVVX7NhG0OfECRJ4RA++bqd7o4AGPbqKXo4eIEz1oqdCoQ+W+e7FjitnKFLT6I
t1fgbsdCGhIRj7Iz70or6TGhPMnJxM6b7++UbWNnDkbxNp3zXmWTlwNdjytaxFpX
Wv1Nmjrh1UVoTw+JpQhJnwBCiDykVoGCxlduzitAGmg1zBp4yZd67n51Ke6WDcpd
3vCMlEgEP242VMLTsRFWiUMXOS1rtfunsmeoFdkCAwEAAaOCAiMwggIfMB0GA1Ud
DgQWBBQ6KIZImbZw5gn4jwFWYVNjHLWXgjAfBgNVHSMEGDAWgBRtdD7WPoaO9Q9t
hMAAOoNIP8YqAzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JYUS0xajZHanZVUGJZVEFBRHFEU0RfR0tnTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8x
L09paUdTSm0yY09ZSi1JOEJWbUZUWXh5MWw0SS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
ZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8xL2JYUS0xajZHanZV
UGJZVEFBRHFEU0RfR0tnTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA5
BggrBgEFBQcBBwEB/wQqMCgwJgQCAAEwIAMEBF6DcAMEA1+kADAMAwQDX6QYAwQD
X6QgAwQEX6RgMA0GCSqGSIb3DQEBCwUAA4IBAQCXsSRxDIM7ZdAcU/t8FHZ3Jw32
gx9xMgMgM5AqUBSJBEgYac8taxy5I0bKb9+OLu5p8iV7LUbINe4AFceI7RUMtgJ9
eXk9WzF53sRPl19mn27oFTBwXji8mJZ4SjK9FPnCRXnIcyrtTaQPiS7fmIrYzhig
Tk1OQWJOKxn5YD9TxK/az9KffK/LyMh8Jp09T3VcKe/7Ifkt8TyY6IubnfkuGu5S
sTVAd9Ak5CUW23DrLkuRK63+cVFImY6IG4IwUkW2cBzPHRYqY3GRqYtexUmJjYFX
NUYh3xbJuB1hhIJrdurM4/pw3q6pbBKBg+pFGP33KV8Uu0Bk0fC44fbQmXwc
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:54:33 2025 by rpki-client