Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/QOqP9ohbrDjFd_0ywLJqZ1MZaC8.roa
File: QOqP9ohbrDjFd_0ywLJqZ1MZaC8.roa (raw, json)
Hash identifier: AdbCPv4+GcQlmDNSboPIEqd2QVe3ZPjPC5JzX60DjRU=
Subject key identifier: 40:EA:8F:F6:88:5B:AC:38:C5:77:FD:32:C0:B2:6A:67:53:19:68:2F
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 018CC64AD59485F5DD0E8C0F5884E63A614F
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/QOqP9ohbrDjFd_0ywLJqZ1MZaC8.roa
Signing time: Mon 01 Jan 2024 18:30:42 +0000
ROA not before: Mon 01 Jan 2024 18:30:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44477
IP address blocks: 95.164.60.0/22 maxlen: 24
95.164.69.0/24 maxlen: 24
95.164.68.0/24 maxlen: 24
95.164.84.0/22 maxlen: 24
95.164.89.0/24 maxlen: 24
95.164.88.0/24 maxlen: 24
94.131.2.0/24 maxlen: 24
94.131.3.0/24 maxlen: 24
94.131.8.0/21 maxlen: 24
94.131.96.0/24 maxlen: 24
94.131.98.0/24 maxlen: 24
94.131.97.0/24 maxlen: 24
94.131.99.0/24 maxlen: 24
94.131.103.0/24 maxlen: 24
94.131.102.0/24 maxlen: 24
94.131.101.0/24 maxlen: 24
94.131.100.0/24 maxlen: 24
94.131.105.0/24 maxlen: 24
94.131.104.0/24 maxlen: 24
94.131.106.0/24 maxlen: 24
94.131.110.0/24 maxlen: 24
94.131.109.0/24 maxlen: 24
94.131.108.0/24 maxlen: 24
94.131.107.0/24 maxlen: 24
94.131.112.0/24 maxlen: 24
94.131.111.0/24 maxlen: 24
94.131.113.0/24 maxlen: 24
94.131.116.0/24 maxlen: 24
94.131.115.0/24 maxlen: 24
94.131.114.0/24 maxlen: 24
94.131.118.0/24 maxlen: 24
94.131.117.0/24 maxlen: 24
94.131.119.0/24 maxlen: 24
95.164.8.0/22 maxlen: 24
95.164.16.0/22 maxlen: 24
95.164.23.0/24 maxlen: 24
95.164.22.0/24 maxlen: 24
95.164.21.0/24 maxlen: 24
95.164.32.0/21 maxlen: 24
95.164.44.0/22 maxlen: 24
95.164.51.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4a:d5:94:85:f5:dd:0e:8c:0f:58:84:e6:3a:61:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jan 1 18:30:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=40ea8ff6885bac38c577fd32c0b26a675319682f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:8f:ad:2a:f2:76:07:37:f4:03:d1:d6:a3:b9:
60:7d:f2:0e:6f:56:e9:d1:19:76:24:98:0c:af:32:
a6:d5:b5:46:47:a1:9c:73:c8:47:b5:e9:8d:29:98:
a8:97:9e:28:76:b1:87:10:11:31:e3:34:15:c6:31:
c6:4c:b2:db:7a:70:81:28:43:6c:76:e2:83:ee:af:
49:8f:b0:3d:93:ee:3f:f9:44:51:0b:f0:78:90:93:
a5:96:dc:9c:76:18:1a:c6:78:e5:c3:50:22:63:c4:
79:e0:bf:8f:9f:04:cd:21:b3:5e:90:0f:6b:8d:51:
b3:2a:f5:94:8e:c3:a3:87:19:1d:28:a1:11:69:2c:
e2:aa:c0:ee:54:fd:9b:14:ed:b2:9a:e1:6a:f4:d4:
f2:1f:30:c9:7b:32:ee:85:78:d8:f5:64:43:d3:6c:
69:fd:6a:9e:0c:5b:1f:d3:e3:cc:09:56:bd:4d:02:
c0:8b:4c:54:01:05:ea:85:e0:cd:df:91:d9:44:85:
1b:e7:73:c7:b0:f4:f5:c5:17:8d:eb:20:2a:e0:4f:
c1:8b:5e:ac:41:d7:80:b3:04:aa:c5:bc:23:bd:ec:
ba:35:f7:90:a7:a6:29:d3:85:62:07:6a:53:29:5b:
70:1b:46:a4:c2:eb:47:bb:23:dc:b2:9c:9b:a1:c6:
a3:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:EA:8F:F6:88:5B:AC:38:C5:77:FD:32:C0:B2:6A:67:53:19:68:2F
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/QOqP9ohbrDjFd_0ywLJqZ1MZaC8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.2.0/23
94.131.8.0/21
94.131.96.0-94.131.119.255
95.164.8.0/22
95.164.16.0/22
95.164.21.0-95.164.23.255
95.164.32.0/21
95.164.44.0/22
95.164.51.0/24
95.164.60.0/22
95.164.68.0/23
95.164.84.0-95.164.89.255
Signature Algorithm: sha256WithRSAEncryption
6a:8e:34:8c:f4:a3:c1:d7:6a:df:73:d3:7a:d1:78:2f:20:e7:
9b:fa:b6:96:f0:36:24:02:47:de:a1:47:43:c8:ef:4f:42:ac:
90:0c:25:5a:72:eb:cd:eb:48:24:e4:5f:c8:8f:85:97:d1:c5:
70:c4:cb:1f:42:3b:68:7d:b8:79:90:bb:9a:78:90:ca:5f:1b:
48:3a:42:b5:85:bf:58:51:66:d2:83:c6:8d:c1:51:4e:30:f6:
0e:10:4a:de:57:df:7a:ff:8e:80:a2:4d:06:dc:04:a6:24:2e:
c0:6b:ff:59:01:26:5a:f3:f7:75:e4:fb:6a:f9:79:55:8d:1f:
e2:4d:92:f2:72:b8:36:6c:f2:a8:89:b5:63:ad:57:4c:58:fd:
16:b2:11:ed:9a:2a:69:77:58:85:e0:2b:58:be:6c:d1:5e:d1:
32:52:e9:df:87:8f:be:3f:7b:81:4c:db:f1:8a:af:de:49:4c:
81:43:06:73:91:ac:d6:08:f9:92:c1:bc:01:7d:70:3b:5e:2f:
a3:59:4c:9b:1e:73:75:58:9b:9f:89:d9:a7:bb:20:f4:c2:64:
95:88:2c:b1:60:14:28:a9:5d:a4:23:78:fc:a1:07:ea:e5:5e:
4b:63:f4:09:4c:d3:50:1f:3c:de:8e:90:ac:84:50:4a:1f:c7:
32:3b:a7:51
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYzGStWUhfXdDowPWITmOmFPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGVhOGZmNjg4NWJhYzM4YzU3N2ZkMzJjMGIyNmE2NzUzMTk2ODJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsI+tKvJ2Bzf0A9HWo7lgffIOb1bp
0Rl2JJgMrzKm1bVGR6Gcc8hHtemNKZiol54odrGHEBEx4zQVxjHGTLLbenCBKENs
duKD7q9Jj7A9k+4/+URRC/B4kJOlltycdhgaxnjlw1AiY8R54L+PnwTNIbNekA9r
jVGzKvWUjsOjhxkdKKERaSziqsDuVP2bFO2ymuFq9NTyHzDJezLuhXjY9WRD02xp
/WqeDFsf0+PMCVa9TQLAi0xUAQXqheDN35HZRIUb53PHsPT1xReN6yAq4E/Bi16s
QdeAswSqxbwjvey6NfeQp6Yp04ViB2pTKVtwG0akwutHuyPcspybocajtwIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFEDqj/aIW6w4xXf9MsCyamdTGWgvMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvUU9xUDlvaGJyRGpGZF8weXdMSnFaMU1aYUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQBXoMCAwQD
XoMIMAwDBAVeg2ADBANeg3ADBAJfpAgDBAJfpBAwDAMEAF+kFQMEA1+kEAMEA1+k
IAMEAl+kLAMEAF+kMwMEAl+kPAMEAV+kRDAMAwQCX6RUAwQBX6RYMA0GCSqGSIb3
DQEBCwUAA4IBAQBqjjSM9KPB12rfc9N60XgvIOeb+raW8DYkAkfeoUdDyO9PQqyQ
DCVacuvN60gk5F/Ij4WX0cVwxMsfQjtofbh5kLuaeJDKXxtIOkK1hb9YUWbSg8aN
wVFOMPYOEEreV996/46Aok0G3ASmJC7Aa/9ZASZa8/d15Ptq+XlVjR/iTZLycrg2
bPKoibVjrVdMWP0WshHtmippd1iF4CtYvmzRXtEyUunfh4++P3uBTNvxiq/eSUyB
QwZzkazWCPmSwbwBfXA7Xi+jWUybHnN1WJufidmnuyD0wmSViCyxYBQoqV2kI3j8
oQfq5V5LY/QJTNNQHzzejpCshFBKH8cyO6dR
-----END CERTIFICATE-----
Generated at Sun Feb 16 22:15:47 2025 by rpki-client