Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/S1t5aXpU1VJLEdiP6tY03RbeCE0.roa
File: S1t5aXpU1VJLEdiP6tY03RbeCE0.roa (raw, json)
Hash identifier: DKSs1X2BsbOOOes2Op2UpuBNd1f6aqkkrsS04MrDMIE=
Subject key identifier: 4B:5B:79:69:7A:54:D5:52:4B:11:D8:8F:EA:D6:34:DD:16:DE:08:4D
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 03E9BA63
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/S1t5aXpU1VJLEdiP6tY03RbeCE0.roa
Signing time: Thu 30 Jun 2022 12:03:03 +0000
ROA not before: Thu 30 Jun 2022 12:03:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3257
IP address blocks: 95.164.216.0/21 maxlen: 24
94.131.48.0/20 maxlen: 24
94.131.64.0/20 maxlen: 24
95.164.128.0/20 maxlen: 24
94.131.96.0/21 maxlen: 24
94.131.104.0/21 maxlen: 24
193.218.156.0/22 maxlen: 22
95.164.192.0/21 maxlen: 21
94.131.24.0/22 maxlen: 24
149.154.176.0/20 maxlen: 24
95.164.208.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 65649251 (0x3e9ba63)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jun 30 12:03:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4b5b79697a54d5524b11d88fead634dd16de084d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:f1:ef:fb:58:b6:a5:a2:09:31:a9:17:13:e6:
39:30:a4:4e:08:ae:40:47:25:3c:0c:97:4e:df:7e:
c7:fd:5c:46:66:14:84:b0:eb:6f:22:b2:b6:cd:6f:
55:6b:72:21:2e:40:4b:84:b4:f5:1b:be:a7:ad:62:
a8:68:4e:1e:5e:8d:53:66:f5:a6:c4:8d:20:99:19:
ee:34:6b:4b:b3:dd:10:39:75:63:6b:af:fb:a4:6e:
d6:67:1e:33:41:f3:de:d9:2c:50:c7:b0:80:01:a5:
87:d8:2b:41:86:46:64:14:8e:3b:7d:5a:b8:25:88:
e8:8a:80:01:31:35:a4:e9:29:20:c9:02:90:a8:83:
50:73:79:e3:ed:0e:33:8f:5d:3c:28:5d:3d:77:10:
29:03:02:1d:bf:6f:2b:2b:74:1a:8c:ad:3e:a8:3d:
df:f8:eb:7f:27:01:f5:85:bd:a2:c1:5d:3b:6c:a3:
41:5d:e9:cd:ac:9f:ab:b9:12:e3:eb:aa:26:c2:0c:
06:c0:2a:72:7a:a8:b0:4c:28:3f:60:91:3d:2d:ca:
97:f6:c3:2f:55:20:ed:0d:e7:65:0a:c8:20:81:d1:
99:00:10:20:0f:ec:b3:7f:bb:9a:82:62:2a:61:99:
4e:e4:60:cf:04:f1:3e:13:a9:fc:81:84:8d:0c:5c:
dd:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:5B:79:69:7A:54:D5:52:4B:11:D8:8F:EA:D6:34:DD:16:DE:08:4D
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/S1t5aXpU1VJLEdiP6tY03RbeCE0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.24.0/22
94.131.48.0-94.131.79.255
94.131.96.0/20
95.164.128.0/20
95.164.192.0/21
95.164.208.0/20
149.154.176.0/20
193.218.156.0/22
Signature Algorithm: sha256WithRSAEncryption
8d:9e:cb:a2:53:de:3f:f5:27:69:6f:96:ed:58:07:d6:7f:64:
e1:05:16:4e:3d:bf:b2:41:45:85:04:66:2a:8c:7c:8b:8a:f5:
fb:ca:9b:fc:98:ac:7b:4e:0d:c0:d6:ad:05:32:6d:cd:c6:1b:
7f:17:7d:36:42:49:72:1c:90:d5:b0:0a:78:83:b1:9f:df:07:
dc:10:8f:7f:68:7d:4c:54:e0:e0:74:61:d4:8d:b2:74:08:30:
ab:21:3e:f5:78:2a:b4:99:d0:c9:13:87:e8:22:d0:68:85:d9:
e1:f7:3a:40:04:b8:90:cc:00:a6:66:c4:1a:cf:30:78:d9:24:
55:79:22:2d:69:e9:05:34:a2:94:20:0c:f5:cb:39:b4:bf:5c:
5e:b1:e8:e6:05:e0:11:5f:97:77:0a:54:4f:58:cf:19:cd:fd:
72:d7:6a:53:ec:45:5d:cb:64:fd:1e:54:97:a5:c6:aa:11:67:
d7:4d:55:b7:71:9a:f5:47:bd:7e:d3:85:6a:11:45:f5:1a:47:
3d:24:ce:8e:22:c7:69:13:50:ff:b7:2f:af:95:38:43:49:d5:
fb:20:23:3c:c3:73:40:5c:69:fc:a2:1d:8b:89:2c:f5:f5:74:
3a:e5:4b:75:6c:dc:9b:a6:7e:f2:38:c3:be:58:d9:b4:c4:82:
1e:41:46:82
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEA+m6YzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDc0M2VkNjNlODY4ZWY1MGY2ZDg0YzAwMDNhODM0ODNmYzYyYTAzMB4XDTIyMDYz
MDEyMDMwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGI1Yjc5Njk3YTU0
ZDU1MjRiMTFkODhmZWFkNjM0ZGQxNmRlMDg0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIbx7/tYtqWiCTGpFxPmOTCkTgiuQEclPAyXTt9+x/1cRmYU
hLDrbyKyts1vVWtyIS5AS4S09Ru+p61iqGhOHl6NU2b1psSNIJkZ7jRrS7PdEDl1
Y2uv+6Ru1mceM0Hz3tksUMewgAGlh9grQYZGZBSOO31auCWI6IqAATE1pOkpIMkC
kKiDUHN54+0OM49dPChdPXcQKQMCHb9vKyt0GoytPqg93/jrfycB9YW9osFdO2yj
QV3pzayfq7kS4+uqJsIMBsAqcnqosEwoP2CRPS3Kl/bDL1Ug7Q3nZQrIIIHRmQAQ
IA/ss3+7moJiKmGZTuRgzwTxPhOp/IGEjQxc3UECAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBRLW3lpelTVUksR2I/q1jTdFt4ITTAfBgNVHSMEGDAWgBRtdD7WPoaO9Q9t
hMAAOoNIP8YqAzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JYUS0xajZHanZVUGJZVEFBRHFEU0RfR0tnTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8x
L1MxdDVhWHBVMVZKTEVkaVA2dFkwM1JiZUNFMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
ZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8xL2JYUS0xajZHanZV
UGJZVEFBRHFEU0RfR0tnTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEAl6DGDAMAwQEXoMwAwQEXoNAAwQE
XoNgAwQEX6SAAwQDX6TAAwQEX6TQAwQElZqwAwQCwdqcMA0GCSqGSIb3DQEBCwUA
A4IBAQCNnsuiU94/9Sdpb5btWAfWf2ThBRZOPb+yQUWFBGYqjHyLivX7ypv8mKx7
Tg3A1q0FMm3Nxht/F302QklyHJDVsAp4g7Gf3wfcEI9/aH1MVODgdGHUjbJ0CDCr
IT71eCq0mdDJE4foItBohdnh9zpABLiQzACmZsQazzB42SRVeSItaekFNKKUIAz1
yzm0v1xesejmBeARX5d3ClRPWM8Zzf1y12pT7EVdy2T9HlSXpcaqEWfXTVW3cZr1
R71+04VqEUX1Gkc9JM6OIsdpE1D/ty+vlThDSdX7ICM8w3NAXGn8oh2LiSz19XQ6
5Ut1bNybpn7yOMO+WNm0xIIeQUaC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:58 2024 by rpki-client on console-fra.rpki-client.org