Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bHGibC9ckp4t2XtS5IytW3sJlVw.roa
File: bHGibC9ckp4t2XtS5IytW3sJlVw.roa (raw, json)
Hash identifier: 092FFWh6LMQtOQfUV7ScEdYIf+HEUewywoLCIIxOUFE=
Subject key identifier: 6C:71:A2:6C:2F:5C:92:9E:2D:D9:7B:52:E4:8C:AD:5B:7B:09:95:5C
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 019424B3BA6DFC1DC340794842E6399CE49E
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bHGibC9ckp4t2XtS5IytW3sJlVw.roa
Signing time: Thu 02 Jan 2025 01:49:05 +0000
ROA not before: Thu 02 Jan 2025 01:49:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 394814
IP address blocks: 94.131.80.0/20 maxlen: 24
94.131.182.0/23 maxlen: 24
94.131.184.0/22 maxlen: 22
95.164.144.0/20 maxlen: 24
95.164.200.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:ba:6d:fc:1d:c3:40:79:48:42:e6:39:9c:e4:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jan 2 01:49:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6c71a26c2f5c929e2dd97b52e48cad5b7b09955c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:a0:f3:e4:e1:58:44:ec:1f:1c:45:b8:47:10:
b9:c2:5c:d2:95:89:87:fb:e8:9e:f5:af:fa:fa:19:
dc:8a:1f:58:48:34:ea:5a:e2:4e:0b:9d:ba:35:96:
3c:fa:ed:7c:3e:2a:e6:57:69:bb:eb:91:e9:8c:5e:
5b:8d:29:90:ed:bf:5d:65:39:ff:76:8f:f2:61:9e:
fb:b6:f6:53:37:1a:25:97:17:d1:5c:10:15:66:8b:
be:58:37:5d:54:6a:c4:2e:44:98:f2:07:7f:b6:75:
5b:c6:97:c4:26:2b:1c:34:5b:e2:bd:a2:29:a1:de:
7b:08:7b:63:79:d4:f3:bb:8c:37:7d:78:5b:3d:c5:
db:8f:dd:61:96:4c:6c:c7:d3:56:23:c3:1a:cf:ea:
a4:dd:ff:e3:42:89:1b:46:de:5c:25:ad:ab:9e:e1:
bb:bf:b4:40:0d:24:c2:96:11:a0:56:7d:86:ed:6b:
ec:76:e2:03:41:92:9e:fb:cb:85:f7:49:00:fd:6a:
c9:6c:17:c9:55:93:35:ff:ee:08:ad:8e:14:bc:14:
ae:96:a9:0c:25:eb:a5:51:30:57:28:7d:c4:50:56:
33:d0:01:2b:6d:33:0e:f2:d8:13:0b:1f:7e:e5:7a:
db:8f:3a:3f:39:3f:74:01:d8:63:8d:c7:35:e1:7b:
3a:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:71:A2:6C:2F:5C:92:9E:2D:D9:7B:52:E4:8C:AD:5B:7B:09:95:5C
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bHGibC9ckp4t2XtS5IytW3sJlVw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.80.0/20
94.131.182.0-94.131.187.255
95.164.144.0/20
95.164.200.0/22
Signature Algorithm: sha256WithRSAEncryption
35:db:cd:f6:2c:50:26:19:6c:14:4b:0a:d4:13:e8:85:06:b7:
59:fc:41:34:5e:72:99:68:e3:22:23:51:14:9d:3a:f3:76:fd:
8c:e9:af:7b:02:d8:7a:3f:32:e1:42:c4:ed:97:95:1f:99:59:
f1:db:5c:bc:da:6c:6e:00:6a:3f:96:ad:47:79:22:9f:2a:64:
5b:43:4d:64:a0:43:b8:5b:24:6a:6f:da:65:06:2a:76:57:84:
f2:4b:e7:88:ac:58:c4:71:6d:ee:b5:89:48:48:0e:ea:89:7c:
20:d9:3e:d1:12:39:3f:6a:ab:7f:d8:46:e2:3e:35:ab:0d:99:
32:8c:94:c1:0d:0d:23:11:5d:15:d9:30:74:e6:21:38:b1:c6:
f2:a8:0b:10:11:08:ab:f1:7b:fe:ca:f7:0a:23:15:e1:3c:75:
c7:70:82:72:1e:ea:6e:f3:a0:a6:00:e5:71:8a:57:05:f6:d4:
0c:10:36:e0:d1:15:f0:25:9a:da:29:c0:29:91:10:a0:b5:87:
92:ae:93:fd:23:70:fc:21:c0:3d:09:1b:4c:cc:4f:91:d9:f0:
5b:b6:37:3e:d7:94:d5:f5:bf:d7:83:52:0d:d1:89:b8:70:73:
d7:cf:14:a1:56:fc:57:e0:55:39:cd:bb:4a:ff:59:ed:81:84:
97:4f:f3:3c
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQks7pt/B3DQHlIQuY5nOSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzcxYTI2YzJmNWM5MjllMmRkOTdiNTJlNDhjYWQ1YjdiMDk5NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aDz5OFYROwfHEW4RxC5wlzSlYmH
++ie9a/6+hncih9YSDTqWuJOC526NZY8+u18PirmV2m765HpjF5bjSmQ7b9dZTn/
do/yYZ77tvZTNxollxfRXBAVZou+WDddVGrELkSY8gd/tnVbxpfEJiscNFvivaIp
od57CHtjedTzu4w3fXhbPcXbj91hlkxsx9NWI8Maz+qk3f/jQokbRt5cJa2rnuG7
v7RADSTClhGgVn2G7WvsduIDQZKe+8uF90kA/WrJbBfJVZM1/+4IrY4UvBSulqkM
JeulUTBXKH3EUFYz0AErbTMO8tgTCx9+5Xrbjzo/OT90Adhjjcc14Xs6LQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGxxomwvXJKeLdl7UuSMrVt7CZVcMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvYkhHaWJDOWNrcDR0Mlh0UzVJeXRXM3NKbFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQEXoNQMAwD
BAFeg7YDBAJeg7gDBARfpJADBAJfpMgwDQYJKoZIhvcNAQELBQADggEBADXbzfYs
UCYZbBRLCtQT6IUGt1n8QTRecplo4yIjURSdOvN2/Yzpr3sC2Ho/MuFCxO2XlR+Z
WfHbXLzabG4Aaj+WrUd5Ip8qZFtDTWSgQ7hbJGpv2mUGKnZXhPJL54isWMRxbe61
iUhIDuqJfCDZPtESOT9qq3/YRuI+NasNmTKMlMENDSMRXRXZMHTmITixxvKoCxAR
CKvxe/7K9wojFeE8dcdwgnIe6m7zoKYA5XGKVwX21AwQNuDRFfAlmtopwCmREKC1
h5Kuk/0jcPwhwD0JG0zMT5HZ8Fu2Nz7XlNX1v9eDUg3Ribhwc9fPFKFW/FfgVTnN
u0r/We2BhJdP8zw=
-----END CERTIFICATE-----
Generated at Sat Apr 5 23:17:53 2025 by rpki-client