Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/oTZGAUC7Z0MzAZvfnP2fVERFN4Q.roa
File: oTZGAUC7Z0MzAZvfnP2fVERFN4Q.roa (raw, json)
Hash identifier: 34X0H9O/Ld1xYbWQcrRYt8gMfvxu9XTPP4qQ5LZVC9w=
Subject key identifier: A1:36:46:01:40:BB:67:43:33:01:9B:DF:9C:FD:9F:54:44:45:37:84
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 0183C80D4905B8892CC81C92FCF17D369B40
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/oTZGAUC7Z0MzAZvfnP2fVERFN4Q.roa
Signing time: Tue 11 Oct 2022 17:17:37 +0000
ROA not before: Tue 11 Oct 2022 17:17:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 394814
IP address blocks: 95.164.112.0/20 maxlen: 24
95.164.248.0/22 maxlen: 24
95.164.144.0/20 maxlen: 24
94.131.80.0/20 maxlen: 24
95.164.176.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:c8:0d:49:05:b8:89:2c:c8:1c:92:fc:f1:7d:36:9b:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Oct 11 17:17:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a136460140bb674333019bdf9cfd9f5444453784
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:a1:b4:8b:ac:44:5e:53:a6:74:98:32:4b:9a:
1d:20:9d:41:47:99:1b:52:cb:bb:21:c7:93:6f:8f:
e7:95:5e:96:11:43:6c:74:f5:23:68:5e:e8:b9:bc:
65:04:97:ee:87:3c:bf:81:4c:3b:3f:1e:45:0a:b9:
8e:bf:e8:ac:e9:e2:46:2b:68:31:99:b2:45:be:15:
c2:a2:e3:1f:9c:e4:98:6a:6e:df:a5:ff:34:88:eb:
5d:06:0d:77:87:93:07:e2:0c:b0:39:e3:61:de:df:
e6:04:d2:cd:a0:64:c9:0a:db:9f:e0:44:94:7d:fe:
23:86:bc:b1:2b:6b:f2:48:fa:d5:7b:a4:c0:a7:df:
cd:ca:43:87:d0:4a:6d:69:85:1c:86:da:ca:b6:0a:
e5:04:64:64:09:a1:2a:35:a1:f5:35:84:4d:9b:df:
f2:5d:19:61:80:fa:cf:ae:5d:03:4c:38:ee:0a:9d:
4f:86:30:6f:c6:3c:ad:20:90:b2:ab:57:ba:db:d9:
f4:5c:67:66:d2:d0:48:d8:e1:86:e3:0b:2c:2c:0b:
be:b7:74:37:c1:aa:18:5c:65:cf:61:95:51:73:6e:
3b:6a:65:e4:54:2c:d7:72:a1:f7:f9:cb:5b:86:80:
43:a9:9e:db:de:67:88:3d:8d:b2:8b:fa:d7:ce:a3:
27:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:36:46:01:40:BB:67:43:33:01:9B:DF:9C:FD:9F:54:44:45:37:84
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/oTZGAUC7Z0MzAZvfnP2fVERFN4Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.80.0/20
95.164.112.0/20
95.164.144.0/20
95.164.176.0/20
95.164.248.0/22
Signature Algorithm: sha256WithRSAEncryption
2c:5b:eb:2e:d8:c3:7a:6a:21:64:47:a6:52:95:ee:14:d3:ab:
11:1f:cc:5a:11:77:dd:3f:dd:db:19:e2:cf:ae:13:37:56:0a:
9e:f1:b0:4d:1c:ab:87:4c:90:b4:74:95:10:4f:47:80:65:63:
d7:12:03:c5:33:79:93:34:96:4e:8f:a7:02:84:2b:d2:fb:ca:
49:c6:f0:11:12:d0:99:b9:2e:18:40:b1:87:9c:4f:ef:9a:67:
00:ae:b1:d6:0a:d4:9e:cd:96:c0:11:f6:08:17:dc:1a:35:2b:
88:ab:8d:45:6c:70:87:7a:9d:33:f4:9a:df:09:a1:aa:4f:7a:
29:41:a3:6f:8e:aa:19:ae:7a:bc:39:f2:25:a7:6f:ca:de:a5:
b6:df:c9:51:09:ee:c5:90:84:c0:75:bb:d9:04:9b:83:17:fe:
53:fb:03:35:19:f6:25:23:42:56:28:12:d0:1a:94:d5:fb:02:
5d:d5:6c:7a:55:ff:08:7f:eb:48:54:41:21:f4:3a:b7:78:77:
69:4f:5e:a2:1b:95:58:b3:c5:99:12:46:ae:bd:51:03:9a:c3:
e6:5a:be:65:35:64:f3:43:e6:31:27:33:10:3c:8d:a5:cb:08:
2c:75:40:c4:dd:67:61:e8:a8:3c:8e:a7:ab:41:8f:ca:39:96:
2a:0e:8d:01
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYPIDUkFuIksyByS/PF9NptAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjIxMDExMTcxNzM3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTM2NDYwMTQwYmI2NzQzMzMwMTliZGY5Y2ZkOWY1NDQ0NDUzNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqG0i6xEXlOmdJgyS5odIJ1BR5kb
Usu7IceTb4/nlV6WEUNsdPUjaF7oubxlBJfuhzy/gUw7Px5FCrmOv+is6eJGK2gx
mbJFvhXCouMfnOSYam7fpf80iOtdBg13h5MH4gywOeNh3t/mBNLNoGTJCtuf4ESU
ff4jhryxK2vySPrVe6TAp9/NykOH0EptaYUchtrKtgrlBGRkCaEqNaH1NYRNm9/y
XRlhgPrPrl0DTDjuCp1PhjBvxjytIJCyq1e629n0XGdm0tBI2OGG4wssLAu+t3Q3
waoYXGXPYZVRc247amXkVCzXcqH3+ctbhoBDqZ7b3meIPY2yi/rXzqMnkQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFKE2RgFAu2dDMwGb35z9n1RERTeEMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvb1RaR0FVQzdaME16QVp2Zm5QMmZWRVJGTjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQEXoNQAwQE
X6RwAwQEX6SQAwQEX6SwAwQCX6T4MA0GCSqGSIb3DQEBCwUAA4IBAQAsW+su2MN6
aiFkR6ZSle4U06sRH8xaEXfdP93bGeLPrhM3Vgqe8bBNHKuHTJC0dJUQT0eAZWPX
EgPFM3mTNJZOj6cChCvS+8pJxvAREtCZuS4YQLGHnE/vmmcArrHWCtSezZbAEfYI
F9waNSuIq41FbHCHep0z9JrfCaGqT3opQaNvjqoZrnq8OfIlp2/K3qW238lRCe7F
kITAdbvZBJuDF/5T+wM1GfYlI0JWKBLQGpTV+wJd1Wx6Vf8If+tIVEEh9Dq3eHdp
T16iG5VYs8WZEkauvVEDmsPmWr5lNWTzQ+YxJzMQPI2lywgsdUDE3Wdh6Kg8jqer
QY/KOZYqDo0B
-----END CERTIFICATE-----
Generated at Sat Apr 5 17:52:10 2025 by rpki-client