Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/hki4NSQrJt3iE5ovSRQT7hGBzOo.roa
File: hki4NSQrJt3iE5ovSRQT7hGBzOo.roa (raw, json)
Hash identifier: x79m5CrnD/D78JiE0E9mbOJdcSBP14755GVAt5x2cgs=
Subject key identifier: 86:48:B8:35:24:2B:26:DD:E2:13:9A:2F:49:14:13:EE:11:81:CC:EA
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 0182E4F442D33D581994E0D116DE8AADCA0C
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/hki4NSQrJt3iE5ovSRQT7hGBzOo.roa
Signing time: Sun 28 Aug 2022 14:56:29 +0000
ROA not before: Sun 28 Aug 2022 14:56:29 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3257
IP address blocks: 94.131.48.0/20 maxlen: 24
95.164.16.0/22 maxlen: 22
94.131.64.0/20 maxlen: 24
95.164.128.0/20 maxlen: 24
95.164.240.0/21 maxlen: 21
95.164.44.0/22 maxlen: 22
94.131.24.0/22 maxlen: 24
149.154.176.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:e4:f4:42:d3:3d:58:19:94:e0:d1:16:de:8a:ad:ca:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Aug 28 14:56:29 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8648b835242b26dde2139a2f491413ee1181ccea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ed:62:ad:f4:21:04:40:3b:cd:ed:85:e9:52:
f6:37:fd:0a:ba:35:05:c0:c0:91:9a:b0:e9:1e:5c:
02:bc:41:e3:5a:f3:08:3d:0a:4e:b6:7d:19:6d:dd:
49:22:8e:5c:9d:eb:5a:ae:33:0d:ab:04:50:87:c4:
4a:46:08:84:51:4a:8c:c4:6a:81:24:d4:d6:2c:a4:
8b:db:d3:4e:1a:4c:06:8f:2f:a9:ec:44:04:45:f3:
cd:64:d2:86:07:a2:ba:65:4e:2b:51:6c:f7:4a:e3:
f1:fd:e1:75:c6:d3:b8:c6:71:62:40:1f:d6:e5:7a:
1c:07:46:66:86:45:4b:77:49:f4:2d:65:f2:5e:cf:
55:01:2f:f1:2f:09:70:90:7f:d0:45:37:4c:f2:0e:
e9:2c:38:c5:b7:4d:e9:ac:9d:ae:35:71:0c:b2:13:
18:76:f0:33:da:32:32:1f:04:0f:f9:ea:b1:39:c3:
ae:cb:1e:4f:a6:98:bc:b0:46:93:a0:7b:34:b3:93:
ba:71:0b:94:e8:05:39:f2:23:56:e3:74:32:71:81:
63:77:69:57:a1:15:0f:50:be:9b:dd:18:9e:f9:88:
a8:e5:95:0a:17:92:81:b3:7b:d5:ba:8b:9e:c3:0a:
42:b4:aa:8e:6c:e3:a5:dc:74:63:91:ff:c0:3e:22:
af:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:48:B8:35:24:2B:26:DD:E2:13:9A:2F:49:14:13:EE:11:81:CC:EA
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/hki4NSQrJt3iE5ovSRQT7hGBzOo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.24.0/22
94.131.48.0-94.131.79.255
95.164.16.0/22
95.164.44.0/22
95.164.128.0/20
95.164.240.0/21
149.154.176.0/20
Signature Algorithm: sha256WithRSAEncryption
14:87:0d:9a:c1:d2:1f:cf:0b:39:44:72:58:bc:8f:58:a8:95:
ff:55:61:fc:8a:54:56:ad:90:49:34:c8:7f:6c:a5:f7:9b:21:
1c:f0:71:c1:da:14:5a:0d:da:65:14:36:35:37:a4:04:4c:ae:
41:41:22:b2:6d:4c:bd:b0:1e:03:12:60:75:5c:37:e8:99:8c:
e5:80:34:2b:79:03:e7:c3:e0:8f:8a:6e:b8:77:b8:55:9a:8b:
9b:75:4f:57:2b:a2:6b:dc:a6:80:0d:f2:df:fa:6f:6f:18:3f:
d3:b6:50:6a:45:b6:13:3e:0f:6e:77:10:37:a3:e7:ed:ba:f1:
5c:6c:5c:d7:46:45:0a:f8:d5:bd:b1:b3:78:52:96:8a:fe:36:
2c:39:cb:26:2c:95:c8:e8:1f:de:ed:00:d0:4b:57:c2:89:f0:
30:cf:a2:07:46:4d:ed:5f:9a:97:6e:7f:56:17:ed:d1:1a:64:
7a:0d:ce:d5:e1:54:5f:e3:a7:b4:32:8f:4f:98:c3:af:b2:c7:
9d:a6:92:48:a1:d7:fd:ac:c4:dd:7e:cc:23:ae:52:8b:a4:78:
60:f4:af:d8:ec:d0:b5:6e:95:91:7b:bd:e5:8f:5b:78:b1:9f:
92:0d:29:07:c6:f1:57:0e:c1:34:58:60:1d:71:b7:bf:06:51:
e6:64:7e:9e
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYLk9ELTPVgZlODRFt6KrcoMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjIwODI4MTQ1NjI5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ4YjgzNTI0MmIyNmRkZTIxMzlhMmY0OTE0MTNlZTExODFjY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe1irfQhBEA7ze2F6VL2N/0KujUF
wMCRmrDpHlwCvEHjWvMIPQpOtn0Zbd1JIo5cnetarjMNqwRQh8RKRgiEUUqMxGqB
JNTWLKSL29NOGkwGjy+p7EQERfPNZNKGB6K6ZU4rUWz3SuPx/eF1xtO4xnFiQB/W
5XocB0ZmhkVLd0n0LWXyXs9VAS/xLwlwkH/QRTdM8g7pLDjFt03prJ2uNXEMshMY
dvAz2jIyHwQP+eqxOcOuyx5Pppi8sEaToHs0s5O6cQuU6AU58iNW43QycYFjd2lX
oRUPUL6b3Rie+Yio5ZUKF5KBs3vVuouewwpCtKqObOOl3HRjkf/APiKvqwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFIZIuDUkKybd4hOaL0kUE+4RgczqMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvaGtpNE5TUXJKdDNpRTVvdlNSUVQ3aEdCek9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCXoMYMAwD
BARegzADBAReg0ADBAJfpBADBAJfpCwDBARfpIADBANfpPADBASVmrAwDQYJKoZI
hvcNAQELBQADggEBABSHDZrB0h/PCzlEcli8j1iolf9VYfyKVFatkEk0yH9spfeb
IRzwccHaFFoN2mUUNjU3pARMrkFBIrJtTL2wHgMSYHVcN+iZjOWANCt5A+fD4I+K
brh3uFWai5t1T1cromvcpoAN8t/6b28YP9O2UGpFthM+D253EDej5+268VxsXNdG
RQr41b2xs3hSlor+Niw5yyYslcjoH97tANBLV8KJ8DDPogdGTe1fmpduf1YX7dEa
ZHoNztXhVF/jp7Qyj0+Yw6+yx52mkkih1/2sxN1+zCOuUoukeGD0r9js0LVulZF7
veWPW3ixn5INKQfG8VcOwTRYYB1xt78GUeZkfp4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:58 2024 by rpki-client on console-fra.rpki-client.org