Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/UTi2EydWXDHHBCjgXa5gd7hb1cw.roa
File: UTi2EydWXDHHBCjgXa5gd7hb1cw.roa (raw, json)
Hash identifier: bspqEmWugB6DK+0g5mPfetQAB7//q+omiS2Zl5D158U=
Subject key identifier: 51:38:B6:13:27:56:5C:31:C7:04:28:E0:5D:AE:60:77:B8:5B:D5:CC
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 03EB38D2
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/UTi2EydWXDHHBCjgXa5gd7hb1cw.roa
Signing time: Thu 30 Jun 2022 21:31:03 +0000
ROA not before: Thu 30 Jun 2022 21:31:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3257
IP address blocks: 95.164.216.0/21 maxlen: 24
94.131.48.0/20 maxlen: 24
94.131.64.0/20 maxlen: 24
95.164.128.0/20 maxlen: 24
94.131.96.0/21 maxlen: 24
94.131.104.0/21 maxlen: 24
193.218.156.0/22 maxlen: 22
95.164.192.0/21 maxlen: 21
94.131.24.0/22 maxlen: 24
149.154.176.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 65747154 (0x3eb38d2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jun 30 21:31:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5138b61327565c31c70428e05dae6077b85bd5cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:42:83:b2:82:6b:27:09:07:59:b5:53:42:da:
46:08:4f:8a:dc:48:44:5e:91:da:4f:4f:f7:04:cc:
69:a2:79:41:1b:62:bb:3b:72:0e:d9:86:22:e8:ac:
65:e0:2d:63:93:b8:f6:7b:8f:e5:8d:de:c0:96:96:
28:d7:42:3f:41:e3:dd:3a:cf:43:fd:bd:49:05:63:
f2:97:30:dd:47:a0:4c:5b:a6:0c:77:41:3f:b5:a8:
9d:e9:f4:37:8a:33:f6:b3:0f:3d:1f:e8:2a:51:c0:
0c:ef:f9:88:c1:b7:49:df:a1:1e:de:17:1b:44:ce:
16:96:80:ec:9c:9e:69:66:b2:9e:0d:8e:7e:f0:22:
f5:8c:ce:9a:06:12:72:04:d0:22:22:e5:f1:08:33:
1c:6e:35:aa:05:bf:ee:1c:b1:b2:d9:f0:22:f1:72:
16:9a:a5:57:60:e9:eb:72:f0:fd:8c:f3:32:f4:23:
06:16:34:3e:b9:e5:a2:82:fa:9e:2a:35:c8:01:a2:
93:3f:15:f1:7a:28:91:8e:c2:53:4e:c0:0e:b0:99:
44:2f:de:8c:f3:14:70:73:a7:a1:63:85:58:64:37:
a1:fe:5a:99:c9:49:ea:61:ac:a1:a1:2c:59:8b:27:
be:f7:bb:91:4b:c4:c3:2f:28:6d:c6:57:cf:00:c1:
79:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:38:B6:13:27:56:5C:31:C7:04:28:E0:5D:AE:60:77:B8:5B:D5:CC
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/UTi2EydWXDHHBCjgXa5gd7hb1cw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.24.0/22
94.131.48.0-94.131.79.255
94.131.96.0/20
95.164.128.0/20
95.164.192.0/21
95.164.216.0/21
149.154.176.0/20
193.218.156.0/22
Signature Algorithm: sha256WithRSAEncryption
99:6c:5e:af:3a:8c:cc:d2:f8:4d:c3:c1:49:86:25:96:cb:07:
bb:01:7f:03:ab:11:a7:56:85:a8:ac:6a:7a:cf:66:e8:e4:36:
26:9b:5c:65:5a:8d:1a:a5:dd:37:cc:a1:e0:9c:a5:4b:fd:a5:
f0:97:62:86:cf:50:69:91:e9:d9:c2:94:f0:17:2b:9b:ce:72:
2f:15:db:9e:ac:47:c7:57:0d:c9:f8:ca:21:b3:9b:59:65:9d:
77:19:14:14:d0:6d:ee:b6:f5:0e:d3:73:ab:5c:3c:36:54:a7:
0b:da:31:8f:ac:c3:dd:ff:fd:93:a9:a0:3c:7b:53:21:d1:85:
49:54:14:9c:5d:85:67:6a:f5:7a:3e:59:46:03:1a:e9:f0:45:
df:21:4e:54:7c:a7:39:c7:2d:d9:f2:41:32:31:aa:b3:84:97:
38:19:f6:15:f6:e7:86:ee:6e:15:db:42:ca:4b:4f:86:f5:94:
0e:a2:09:19:b4:71:07:93:9e:9e:dc:80:06:1c:a4:25:07:01:
50:9c:28:1d:16:bb:a3:0d:fe:d0:a2:85:83:e6:b1:19:c3:eb:
9d:78:ca:b3:bb:e2:51:ae:82:57:05:1f:8e:1b:c9:14:04:20:
72:55:c9:ae:e6:f2:bb:a1:68:4f:94:3c:6b:ce:8c:3f:a5:ea:
37:f9:cc:a1
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEA+s40jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDc0M2VkNjNlODY4ZWY1MGY2ZDg0YzAwMDNhODM0ODNmYzYyYTAzMB4XDTIyMDYz
MDIxMzEwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTEzOGI2MTMyNzU2
NWMzMWM3MDQyOGUwNWRhZTYwNzdiODViZDVjYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAORCg7KCaycJB1m1U0LaRghPitxIRF6R2k9P9wTMaaJ5QRti
uztyDtmGIuisZeAtY5O49nuP5Y3ewJaWKNdCP0Hj3TrPQ/29SQVj8pcw3UegTFum
DHdBP7Wonen0N4oz9rMPPR/oKlHADO/5iMG3Sd+hHt4XG0TOFpaA7JyeaWayng2O
fvAi9YzOmgYScgTQIiLl8QgzHG41qgW/7hyxstnwIvFyFpqlV2Dp63Lw/YzzMvQj
BhY0PrnlooL6nio1yAGikz8V8XookY7CU07ADrCZRC/ejPMUcHOnoWOFWGQ3of5a
mclJ6mGsoaEsWYsnvve7kUvEwy8obcZXzwDBeQMCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBRROLYTJ1ZcMccEKOBdrmB3uFvVzDAfBgNVHSMEGDAWgBRtdD7WPoaO9Q9t
hMAAOoNIP8YqAzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JYUS0xajZHanZVUGJZVEFBRHFEU0RfR0tnTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8x
L1VUaTJFeWRXWERISEJDamdYYTVnZDdoYjFjdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
ZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8xL2JYUS0xajZHanZV
UGJZVEFBRHFEU0RfR0tnTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEAl6DGDAMAwQEXoMwAwQEXoNAAwQE
XoNgAwQEX6SAAwQDX6TAAwQDX6TYAwQElZqwAwQCwdqcMA0GCSqGSIb3DQEBCwUA
A4IBAQCZbF6vOozM0vhNw8FJhiWWywe7AX8DqxGnVoWorGp6z2bo5DYmm1xlWo0a
pd03zKHgnKVL/aXwl2KGz1BpkenZwpTwFyubznIvFduerEfHVw3J+Mohs5tZZZ13
GRQU0G3utvUO03OrXDw2VKcL2jGPrMPd//2TqaA8e1Mh0YVJVBScXYVnavV6PllG
Axrp8EXfIU5UfKc5xy3Z8kEyMaqzhJc4GfYV9ueG7m4V20LKS0+G9ZQOogkZtHEH
k56e3IAGHKQlBwFQnCgdFrujDf7QooWD5rEZw+udeMqzu+JRroJXBR+OG8kUBCBy
Vcmu5vK7oWhPlDxrzow/peo3+cyh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:58 2024 by rpki-client on console-fra.rpki-client.org