Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/h0q7kMPEsfodik_tdyH7FZxvgrw.roa
File: h0q7kMPEsfodik_tdyH7FZxvgrw.roa (raw, json)
Hash identifier: 68dAq0R8WJN++T+7b5t2fycvQrJ4LmaTTnL/IK7Q51A=
Subject key identifier: 87:4A:BB:90:C3:C4:B1:FA:1D:8A:4F:ED:77:21:FB:15:9C:6F:82:BC
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 01882BD360E1CEB34C18FA55117D1D3C68CB
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/h0q7kMPEsfodik_tdyH7FZxvgrw.roa
Signing time: Wed 17 May 2023 22:27:33 +0000
ROA not before: Wed 17 May 2023 22:27:33 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29632
IP address blocks: 95.164.52.0/22 maxlen: 22
95.164.56.0/22 maxlen: 22
195.214.212.0/22 maxlen: 22
195.214.210.0/24 maxlen: 24
195.214.208.0/21 maxlen: 21
195.214.208.0/22 maxlen: 22
95.164.76.0/24 maxlen: 24
95.164.72.0/22 maxlen: 22
95.164.80.0/22 maxlen: 22
95.164.92.0/22 maxlen: 22
95.164.172.0/22 maxlen: 22
95.164.170.0/23 maxlen: 23
94.131.4.0/24 maxlen: 24
62.205.128.0/20 maxlen: 20
62.205.132.0/24 maxlen: 24
62.205.128.0/19 maxlen: 19
62.205.134.0/24 maxlen: 24
62.205.144.0/20 maxlen: 20
62.205.152.0/24 maxlen: 24
62.205.159.0/24 maxlen: 24
95.164.40.0/22 maxlen: 22
95.164.50.0/24 maxlen: 24
95.164.49.0/24 maxlen: 24
2a01:d0:8000::/33 maxlen: 33
2a01:d0::/32 maxlen: 32
2a01:d0:ffff::/48 maxlen: 48
2a01:d0:7fff::/48 maxlen: 48
2a01:d0:317::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:2b:d3:60:e1:ce:b3:4c:18:fa:55:11:7d:1d:3c:68:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: May 17 22:27:33 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=874abb90c3c4b1fa1d8a4fed7721fb159c6f82bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:3d:cd:b5:a5:ac:35:6c:8d:ee:0d:e5:ca:27:
5e:8f:1d:72:47:d5:c3:5c:d2:48:a9:c7:50:77:28:
a7:1b:3e:ca:d6:b6:b2:69:d7:3b:c1:54:60:c5:2e:
45:41:93:e3:fe:e8:3d:0d:d5:48:2a:b0:a5:f6:a1:
0f:72:90:fd:af:27:e8:01:fe:84:7b:83:bf:0f:59:
ea:3c:20:27:ff:db:f9:16:53:d0:8b:bb:10:5e:c3:
91:d5:f8:5a:bc:ff:80:a4:33:81:ad:1f:7a:78:e1:
5a:78:3d:5b:5d:b8:4b:20:6c:33:46:55:48:22:03:
bd:9a:9e:1b:14:b8:29:71:33:ed:26:2f:21:3e:3b:
84:32:4e:b6:cd:a3:7d:b7:37:c0:b1:87:31:d5:10:
cf:ce:7c:4f:35:ea:a5:9a:72:56:7d:61:e7:db:8f:
9c:bd:55:1c:f3:99:fa:69:d5:3e:83:5b:7e:07:65:
4f:12:e4:9b:2e:49:63:b6:71:b1:61:ea:1d:ad:26:
43:9e:e3:97:67:f0:8e:51:ca:1e:6c:b6:2c:8e:4b:
ca:6c:87:31:36:6d:96:8f:48:4d:1c:3a:00:18:e5:
ea:94:69:25:15:4f:53:15:df:c8:5b:af:b4:0b:c7:
b6:23:d5:dd:7a:24:40:c7:b3:5b:8b:45:ca:1f:dc:
87:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:4A:BB:90:C3:C4:B1:FA:1D:8A:4F:ED:77:21:FB:15:9C:6F:82:BC
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/h0q7kMPEsfodik_tdyH7FZxvgrw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.205.128.0/19
94.131.4.0/24
95.164.40.0/22
95.164.49.0-95.164.50.255
95.164.52.0-95.164.59.255
95.164.72.0-95.164.76.255
95.164.80.0/22
95.164.92.0/22
95.164.170.0-95.164.175.255
195.214.208.0/21
IPv6:
2a01:d0::/32
Signature Algorithm: sha256WithRSAEncryption
1d:74:7b:7e:4d:06:8c:4b:ba:f3:98:6e:49:f4:3c:2b:b7:01:
b1:03:23:fe:0d:c1:fd:08:18:68:9e:34:a3:76:3a:57:3c:10:
a8:5d:c8:8a:34:a7:b1:8e:ae:ad:c0:df:47:3a:c0:1e:28:da:
34:c7:7f:fd:9b:60:e5:77:4c:1c:77:0d:bb:d2:53:b7:28:f3:
11:31:6e:8b:19:a2:ec:65:b7:b7:ec:80:57:4e:f2:a0:57:c1:
9b:fe:0f:e6:fa:d6:e8:73:c1:9b:55:db:1d:eb:2c:4a:88:ab:
25:a3:14:df:2a:8f:72:08:bf:24:8b:0f:e3:e8:0c:d8:29:c6:
d7:6f:4d:c5:5b:66:41:21:0d:67:c5:ce:37:ac:df:3f:3a:d2:
ba:ac:01:5e:e3:38:b7:18:6c:cf:6a:19:28:2a:30:94:b8:10:
bc:5c:1c:10:78:80:79:5d:7c:e1:e6:00:e3:16:82:2b:8b:2c:
08:08:e2:0b:a5:5c:f7:20:af:40:17:76:2e:3a:8e:2e:9a:c8:
44:53:00:1b:f2:49:6e:de:54:ac:62:5a:54:31:2a:60:24:17:
8b:5c:98:04:2b:32:38:34:5d:6e:af:ee:ba:cc:3d:0c:4c:bf:
fe:88:03:d9:0f:10:94:7f:1b:46:bd:96:c3:81:8f:ed:2f:9a:
cd:fd:4c:a8
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYgr02DhzrNMGPpVEX0dPGjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjMwNTE3MjIyNzMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzRhYmI5MGMzYzRiMWZhMWQ4YTRmZWQ3NzIxZmIxNTljNmY4MmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj3NtaWsNWyN7g3lyidejx1yR9XD
XNJIqcdQdyinGz7K1rayadc7wVRgxS5FQZPj/ug9DdVIKrCl9qEPcpD9ryfoAf6E
e4O/D1nqPCAn/9v5FlPQi7sQXsOR1fhavP+ApDOBrR96eOFaeD1bXbhLIGwzRlVI
IgO9mp4bFLgpcTPtJi8hPjuEMk62zaN9tzfAsYcx1RDPznxPNeqlmnJWfWHn24+c
vVUc85n6adU+g1t+B2VPEuSbLkljtnGxYeodrSZDnuOXZ/COUcoebLYsjkvKbIcx
Nm2Wj0hNHDoAGOXqlGklFU9TFd/IW6+0C8e2I9XdeiRAx7Nbi0XKH9yHEQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFIdKu5DDxLH6HYpP7Xch+xWcb4K8MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvaDBxN2tNUEVzZm9kaWtfdGR5SDdGWnh2Z3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXAMEBT7NgAME
AF6DBAMEAl+kKDAMAwQAX6QxAwQAX6QyMAwDBAJfpDQDBAJfpDgwDAMEA1+kSAME
AF+kTAMEAl+kUAMEAl+kXDAMAwQBX6SqAwQEX6SgAwQDw9bQMA0EAgACMAcDBQAq
AQDQMA0GCSqGSIb3DQEBCwUAA4IBAQAddHt+TQaMS7rzmG5J9DwrtwGxAyP+DcH9
CBhonjSjdjpXPBCoXciKNKexjq6twN9HOsAeKNo0x3/9m2Dld0wcdw270lO3KPMR
MW6LGaLsZbe37IBXTvKgV8Gb/g/m+tboc8GbVdsd6yxKiKsloxTfKo9yCL8kiw/j
6AzYKcbXb03FW2ZBIQ1nxc43rN8/OtK6rAFe4zi3GGzPahkoKjCUuBC8XBwQeIB5
XXzh5gDjFoIriywICOILpVz3IK9AF3YuOo4umshEUwAb8klu3lSsYlpUMSpgJBeL
XJgEKzI4NF1ur+66zD0MTL/+iAPZDxCUfxtGvZbDgY/tL5rN/Uyo
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:54:11 2025 by rpki-client