Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/1-urTEHEexcT6blbBm72kNeOUtEI.roa
File: 1-urTEHEexcT6blbBm72kNeOUtEI.roa (raw, json)
Hash identifier: aqTbABu6YdKmCd1KCWgk3uMAFdC8kyHTPEVJgIAdg+4=
Subject key identifier: FA:EA:D3:10:71:1E:C5:C4:FA:6E:56:C1:9B:BD:A4:35:E3:94:B4:42
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0190B111D5BAC1777BF061A9B898FB782CB4
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/1-urTEHEexcT6blbBm72kNeOUtEI.roa
Signing time: Sun 14 Jul 2024 11:47:34 +0000
ROA not before: Sun 14 Jul 2024 11:47:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.40.0/22 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
176.221.26.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:b1:11:d5:ba:c1:77:7b:f0:61:a9:b8:98:fb:78:2c:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jul 14 11:47:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=faead310711ec5c4fa6e56c19bbda435e394b442
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:16:31:59:ad:08:e9:60:93:ef:ff:4d:dd:91:
01:86:63:46:6c:54:73:10:f5:54:b6:4b:85:82:a8:
e9:3c:72:13:bf:08:3f:78:28:dc:ef:2f:fb:2c:f2:
b2:ec:2e:4f:12:4c:b5:1c:c1:93:9b:c6:e8:4a:58:
6e:db:ba:91:1c:6d:7e:a9:e8:fd:58:d8:e8:3f:53:
17:50:bf:50:2d:4f:b4:1d:9a:2f:bc:6e:fb:59:5b:
fb:53:5e:4a:6d:21:ad:60:93:9b:9c:0e:95:ef:24:
e2:16:ff:67:52:f0:a5:9d:e4:8a:33:9f:51:90:0f:
d6:07:f1:59:f2:a4:78:3e:fa:49:c9:e9:ca:7c:2c:
a1:ba:aa:76:b9:9d:af:83:75:57:25:0d:d7:62:54:
24:6b:2d:b3:d0:17:a8:68:3a:79:25:8f:1b:ac:43:
3e:53:f5:ef:ad:f9:bb:22:fd:ad:a2:2e:ae:93:25:
a0:1a:fa:7a:6c:4c:92:0c:66:db:3f:74:53:a5:4c:
e7:a7:02:2f:72:8c:d4:59:e8:00:10:d1:91:f0:88:
35:bc:b1:5e:7c:1a:7a:da:0a:08:55:e0:bc:a4:b1:
9c:6f:56:b1:61:bb:38:4a:1c:24:a6:23:12:8d:71:
71:c0:ea:23:15:98:04:a5:a0:c3:77:f9:aa:3f:ad:
fc:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:EA:D3:10:71:1E:C5:C4:FA:6E:56:C1:9B:BD:A4:35:E3:94:B4:42
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/1-urTEHEexcT6blbBm72kNeOUtEI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
109.111.32.0/20
176.221.16.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
95:17:8c:6e:fe:aa:01:9b:73:00:47:6a:41:fc:32:0e:f5:f6:
d0:db:d4:32:3b:20:5b:91:d8:6d:d3:d2:68:19:7f:fa:e2:24:
5b:29:8c:8a:e1:cc:fd:88:17:f4:11:b0:35:58:f9:c5:5c:59:
5b:8c:5a:44:48:e3:40:64:2c:5b:b6:eb:f9:21:07:0a:3d:96:
78:83:90:2e:3b:4b:ef:42:ec:13:b7:9d:e2:35:f8:24:84:0e:
b0:8e:99:49:16:d4:d1:e4:ed:d2:d2:2a:96:5c:5e:cc:74:1d:
f2:56:b8:db:a3:92:1b:6a:e8:63:27:9a:bc:d1:62:33:d5:da:
df:c4:1b:a6:ef:ef:5e:c6:7d:53:01:1e:06:77:e5:04:14:47:
0d:a9:7d:02:d2:3d:e9:00:9d:cb:8c:fd:3a:94:a6:30:3e:09:
0c:b1:a9:88:b3:66:6c:3b:39:64:6f:52:e6:c4:2f:1d:bf:84:
d1:e5:72:62:0a:56:24:a2:4f:bc:27:af:5a:b4:cc:b7:0a:ee:
58:59:77:68:c0:5b:08:00:52:a0:8c:21:5f:03:16:6f:ea:5f:
13:8d:6c:90:c6:6b:2e:60:2e:c6:67:3b:52:cf:f7:c3:af:33:
3f:4c:92:df:27:f2:6c:ce:fc:1d:b7:bf:43:f0:c7:ec:b0:50:
7f:0a:3a:0d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZCxEdW6wXd78GGpuJj7eCy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNzE0MTE0NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWVhZDMxMDcxMWVjNWM0ZmE2ZTU2YzE5YmJkYTQzNWUzOTRiNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BYxWa0I6WCT7/9N3ZEBhmNGbFRz
EPVUtkuFgqjpPHITvwg/eCjc7y/7LPKy7C5PEky1HMGTm8boSlhu27qRHG1+qej9
WNjoP1MXUL9QLU+0HZovvG77WVv7U15KbSGtYJObnA6V7yTiFv9nUvClneSKM59R
kA/WB/FZ8qR4PvpJyenKfCyhuqp2uZ2vg3VXJQ3XYlQkay2z0BeoaDp5JY8brEM+
U/Xvrfm7Iv2toi6ukyWgGvp6bEySDGbbP3RTpUznpwIvcozUWegAENGR8Ig1vLFe
fBp62goIVeC8pLGcb1axYbs4ShwkpiMSjXFxwOojFZgEpaDDd/mqP638BQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPrq0xBxHsXE+m5WwZu9pDXjlLRCMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvMS11clRFSEVleGNUNmJsYkJtNzJrTmVPVXRFSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDIvNTdhMzRmLWUzM2ItNGUxNy1iYzMyLTY2NDU3NzI0YzJk
My8xL2IzWGs2VXRjdDBVWHQ3QVZhQUZkcWVidXpiWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA5BggrBgEFBQcBBwEB/wQqMCgwJgQCAAEwIAMEAiWA+AME
BF9SAAMEBG1vIDAMAwQEsN0QAwQCsN0YMA0GCSqGSIb3DQEBCwUAA4IBAQCVF4xu
/qoBm3MAR2pB/DIO9fbQ29QyOyBbkdht09JoGX/64iRbKYyK4cz9iBf0EbA1WPnF
XFlbjFpESONAZCxbtuv5IQcKPZZ4g5AuO0vvQuwTt53iNfgkhA6wjplJFtTR5O3S
0iqWXF7MdB3yVrjbo5IbauhjJ5q80WIz1drfxBum7+9exn1TAR4Gd+UEFEcNqX0C
0j3pAJ3LjP06lKYwPgkMsamIs2ZsOzlkb1LmxC8dv4TR5XJiClYkok+8J69atMy3
Cu5YWXdowFsIAFKgjCFfAxZv6l8TjWyQxmsuYC7GZztSz/fDrzM/TJLfJ/Jszvwd
t79D8MfssFB/CjoN
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:16:05 2025 by rpki-client