Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gM8PD5QWCxS7wXNeTb2XW6GQwjA.roa
File: gM8PD5QWCxS7wXNeTb2XW6GQwjA.roa (raw, json)
Hash identifier: 5wFtQKTqLlgY18Z9b3tKYM+ay6rN9L8yz4SDQ8bFBIc=
Subject key identifier: 80:CF:0F:0F:94:16:0B:14:BB:C1:73:5E:4D:BD:97:5B:A1:90:C2:30
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 03B1CD5D
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gM8PD5QWCxS7wXNeTb2XW6GQwjA.roa
Signing time: Mon 06 Jun 2022 22:05:20 +0000
ROA not before: Mon 06 Jun 2022 22:05:20 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3257
IP address blocks: 95.164.216.0/21 maxlen: 24
94.131.48.0/20 maxlen: 24
94.131.64.0/20 maxlen: 24
95.164.128.0/20 maxlen: 24
94.131.96.0/21 maxlen: 24
94.131.104.0/21 maxlen: 24
193.218.156.0/22 maxlen: 22
95.164.192.0/21 maxlen: 21
149.154.176.0/20 maxlen: 24
95.164.208.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 61984093 (0x3b1cd5d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jun 6 22:05:20 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=80cf0f0f94160b14bbc1735e4dbd975ba190c230
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:6b:5d:42:6d:d7:95:10:86:6a:b7:2c:39:a3:
e8:4c:ee:c9:74:44:2f:13:29:51:98:b4:6d:09:28:
1f:bb:f2:7d:d7:f1:0a:54:60:98:5c:b5:cb:54:1b:
28:4c:7d:fe:18:d6:85:1f:06:5e:3a:94:f8:19:75:
d3:bc:e9:ff:ed:57:ae:8b:d5:02:45:2a:e6:5f:c9:
1f:6b:9c:50:8c:40:01:07:1f:45:38:db:d5:11:dd:
d9:cf:21:9e:fa:e4:83:61:d1:dd:fc:01:51:98:ca:
e9:51:70:b0:d7:ef:ee:b7:38:31:fd:03:5a:4c:0d:
a2:3f:ad:da:76:0b:85:74:65:2d:b2:af:fb:c1:f0:
e2:c9:42:81:00:94:7e:73:6f:43:7b:5f:70:d2:d2:
56:02:f9:98:b1:55:f7:78:c7:d0:ac:88:56:fe:49:
26:82:6f:6d:3a:1b:c6:2c:1f:af:a7:77:35:70:4a:
a0:18:e4:de:9a:aa:82:bd:5a:78:74:1f:4d:50:09:
0f:9f:1e:f0:64:9c:ea:70:51:d0:67:13:63:89:c9:
cc:61:7a:e4:40:59:22:e4:4c:66:f2:a1:ab:e2:2d:
77:05:1f:04:49:c6:f9:72:1c:c4:d8:0f:33:ab:9b:
ca:10:94:90:c6:40:69:1f:7d:5b:82:19:60:dd:bf:
c2:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:CF:0F:0F:94:16:0B:14:BB:C1:73:5E:4D:BD:97:5B:A1:90:C2:30
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gM8PD5QWCxS7wXNeTb2XW6GQwjA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.48.0-94.131.79.255
94.131.96.0/20
95.164.128.0/20
95.164.192.0/21
95.164.208.0/20
149.154.176.0/20
193.218.156.0/22
Signature Algorithm: sha256WithRSAEncryption
35:9a:86:69:02:99:7b:4f:5f:da:7f:3b:17:22:8d:58:97:19:
8c:a2:34:97:bc:65:61:ef:42:a4:1b:dd:56:f6:d7:ce:5f:ee:
ce:f2:36:fd:11:bf:16:24:f1:d9:90:17:e9:4d:0b:c1:d0:37:
a2:02:68:26:24:25:dc:f0:04:9f:37:55:c7:c8:6a:c7:8a:b6:
62:c0:f5:a1:84:08:53:df:77:67:b3:9e:42:82:2c:e1:e1:2b:
7f:ae:9b:5a:fc:6a:29:c6:01:44:3e:d1:ea:d2:8a:f3:bb:e2:
ed:f4:63:0e:dd:fb:31:68:b7:a0:d2:1f:f7:67:7d:ac:94:16:
56:ea:85:f1:72:8d:27:52:6d:38:8c:16:cb:cb:60:b2:da:b7:
8b:88:0b:bc:08:0f:dd:2f:f9:3a:17:86:c9:d6:c6:ff:cd:58:
85:01:13:b4:ff:f7:36:cc:06:c3:be:05:a7:69:79:1f:8b:5c:
ee:62:5c:79:73:9e:a8:96:96:52:45:fe:7b:ca:7c:ac:9f:8d:
6a:f8:b1:d1:22:bd:39:ac:63:04:b0:05:4d:ba:bb:ed:dd:89:
db:f7:7e:b4:08:d0:9c:8d:e9:3b:36:d0:ef:e4:83:ff:a9:15:
01:f7:40:0d:b2:cd:07:ba:fd:e1:f9:c4:a2:5b:58:2d:13:58:
87:34:23:67
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIEA7HNXTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDc0M2VkNjNlODY4ZWY1MGY2ZDg0YzAwMDNhODM0ODNmYzYyYTAzMB4XDTIyMDYw
NjIyMDUyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODBjZjBmMGY5NDE2
MGIxNGJiYzE3MzVlNGRiZDk3NWJhMTkwYzIzMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANdrXUJt15UQhmq3LDmj6EzuyXRELxMpUZi0bQkoH7vyfdfx
ClRgmFy1y1QbKEx9/hjWhR8GXjqU+Bl107zp/+1XrovVAkUq5l/JH2ucUIxAAQcf
RTjb1RHd2c8hnvrkg2HR3fwBUZjK6VFwsNfv7rc4Mf0DWkwNoj+t2nYLhXRlLbKv
+8Hw4slCgQCUfnNvQ3tfcNLSVgL5mLFV93jH0KyIVv5JJoJvbTobxiwfr6d3NXBK
oBjk3pqqgr1aeHQfTVAJD58e8GSc6nBR0GcTY4nJzGF65EBZIuRMZvKhq+ItdwUf
BEnG+XIcxNgPM6ubyhCUkMZAaR99W4IZYN2/wmUCAwEAAaOCAjUwggIxMB0GA1Ud
DgQWBBSAzw8PlBYLFLvBc15NvZdboZDCMDAfBgNVHSMEGDAWgBRtdD7WPoaO9Q9t
hMAAOoNIP8YqAzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JYUS0xajZHanZVUGJZVEFBRHFEU0RfR0tnTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmQvZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8x
L2dNOFBENVFXQ3hTN3dYTmVUYjJYVzZHUXdqQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQv
ZTA1MzUyLWYxNDgtNDBhMC04N2E0LWU5NzI0YTdhNmJjOC8xL2JYUS0xajZHanZV
UGJZVEFBRHFEU0RfR0tnTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBL
BggrBgEFBQcBBwEB/wQ8MDowOAQCAAEwMjAMAwQEXoMwAwQEXoNAAwQEXoNgAwQE
X6SAAwQDX6TAAwQEX6TQAwQElZqwAwQCwdqcMA0GCSqGSIb3DQEBCwUAA4IBAQA1
moZpApl7T1/afzsXIo1YlxmMojSXvGVh70KkG91W9tfOX+7O8jb9Eb8WJPHZkBfp
TQvB0DeiAmgmJCXc8ASfN1XHyGrHirZiwPWhhAhT33dns55Cgizh4St/rpta/Gop
xgFEPtHq0orzu+Lt9GMO3fsxaLeg0h/3Z32slBZW6oXxco0nUm04jBbLy2Cy2reL
iAu8CA/dL/k6F4bJ1sb/zViFARO0//c2zAbDvgWnaXkfi1zuYlx5c56olpZSRf57
ynysn41q+LHRIr05rGMEsAVNurvt3Ynb9360CNCcjek7NtDv5IP/qRUB90ANss0H
uv3h+cSiW1gtE1iHNCNn
-----END CERTIFICATE-----
Generated at Sun Feb 16 22:29:52 2025 by rpki-client