Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/1B2qpRix2-kSoetQdWpkHGMt-IQ.roa
File: 1B2qpRix2-kSoetQdWpkHGMt-IQ.roa (raw, json)
Hash identifier: F85fC1xO4mHu+KoDv+6V6IB0ed397K4DZ+GffK3e5Hw=
Subject key identifier: D4:1D:AA:A5:18:B1:DB:E9:12:A1:EB:50:75:6A:64:1C:63:2D:F8:84
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018D057884C88142EC7F08EAA2B311B86C7D
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/1B2qpRix2-kSoetQdWpkHGMt-IQ.roa
Signing time: Sun 14 Jan 2024 00:56:40 +0000
ROA not before: Sun 14 Jan 2024 00:56:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.8.0/21 maxlen: 24
185.65.62.0/24 maxlen: 24
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:05:78:84:c8:81:42:ec:7f:08:ea:a2:b3:11:b8:6c:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 14 00:56:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d41daaa518b1dbe912a1eb50756a641c632df884
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:34:cc:a9:58:90:20:94:7c:b3:a1:ce:6b:a7:
89:8a:53:b6:fb:9e:1f:bf:28:1a:8d:d0:f2:33:10:
37:8b:15:2d:33:d9:10:2b:58:40:96:07:f4:86:d6:
74:73:6e:e1:9b:c8:5a:8c:73:5a:7b:5d:f1:20:6b:
9a:60:f2:52:57:f8:d9:f4:6e:d7:89:b1:06:3a:d6:
be:71:06:bc:07:b6:99:8e:0f:97:11:04:51:64:7f:
b6:f2:3a:61:d4:dd:45:d8:65:46:65:18:ae:ac:14:
41:dc:7e:11:ab:66:d6:d2:7f:0c:c1:95:57:09:a5:
b3:01:80:f3:82:3c:e3:37:68:89:89:28:b0:5c:b0:
de:ba:d8:be:7a:f7:1a:8a:43:0e:71:ae:ce:6c:9c:
26:27:0f:bd:53:6f:11:b9:7a:12:60:98:1b:b6:b5:
b4:34:dd:5e:03:5e:d6:ee:5d:9c:4d:6a:b7:f1:24:
0f:16:68:97:35:b5:0e:b2:24:06:dc:9d:ab:79:8c:
0b:97:d4:f6:ce:7b:84:c1:0d:52:55:14:b9:91:b3:
27:0b:ce:2e:36:95:14:9d:f1:b8:ad:5c:a7:f0:dd:
03:0b:85:08:ff:a1:35:d5:37:1b:dc:39:d5:c1:73:
26:a4:15:94:77:e5:c0:c9:6d:bb:f7:67:db:f1:8e:
8d:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:1D:AA:A5:18:B1:DB:E9:12:A1:EB:50:75:6A:64:1C:63:2D:F8:84
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/1B2qpRix2-kSoetQdWpkHGMt-IQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.8.0/21
109.111.32.0/20
176.221.16.0/21
185.65.62.0/24
Signature Algorithm: sha256WithRSAEncryption
01:6e:7f:10:91:ac:3b:7b:e7:03:33:fe:f0:8c:34:60:42:c1:
d4:bf:cc:df:d4:dd:9a:1d:be:40:2f:13:24:ff:db:d7:51:91:
6d:73:65:a0:6d:65:12:0a:ab:c9:dd:b7:6c:54:43:5e:bb:59:
15:c9:16:be:2e:57:fb:94:7a:60:a3:15:63:6a:40:3f:83:6d:
ba:b2:85:a3:ff:20:71:62:60:05:df:3f:9f:dc:25:b7:64:87:
57:50:72:3d:cb:69:8d:31:a7:17:8b:75:52:c9:9a:dd:02:91:
99:37:d9:d1:ca:31:7c:bc:23:9b:18:95:32:99:bd:df:24:46:
dd:e0:9d:4d:86:ea:c9:7b:dd:42:13:32:09:90:bb:9a:11:2f:
24:a9:d1:72:b7:cd:2d:62:9c:8c:05:a2:b6:45:4f:79:87:4f:
f4:dc:60:71:bf:25:44:e2:8c:77:33:06:cb:4f:98:06:8b:38:
af:65:93:1f:67:13:4c:d1:c0:1e:39:5a:9f:fe:e3:57:0d:00:
8e:88:11:0c:cf:e1:d1:07:a3:dd:58:66:09:8e:d3:83:08:f2:
4e:b1:93:e2:4e:1e:a0:14:a6:ed:db:cf:7b:6a:59:31:04:d5:
e1:2c:82:5f:d6:13:dd:ba:19:5d:4e:6e:1d:e2:e4:c3:f3:4f:
7f:22:ce:c0
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY0FeITIgULsfwjqorMRuGx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTE0MDA1NjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDFkYWFhNTE4YjFkYmU5MTJhMWViNTA3NTZhNjQxYzYzMmRmODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DTMqViQIJR8s6HOa6eJilO2+54f
vygajdDyMxA3ixUtM9kQK1hAlgf0htZ0c27hm8hajHNae13xIGuaYPJSV/jZ9G7X
ibEGOta+cQa8B7aZjg+XEQRRZH+28jph1N1F2GVGZRiurBRB3H4Rq2bW0n8MwZVX
CaWzAYDzgjzjN2iJiSiwXLDeuti+evcaikMOca7ObJwmJw+9U28RuXoSYJgbtrW0
NN1eA17W7l2cTWq38SQPFmiXNbUOsiQG3J2reYwLl9T2znuEwQ1SVRS5kbMnC84u
NpUUnfG4rVyn8N0DC4UI/6E11Tcb3DnVwXMmpBWUd+XAyW2792fb8Y6NGwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNQdqqUYsdvpEqHrUHVqZBxjLfiEMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvMUIycXBSaXgyLWtTb2V0UWRXcGtIR010LUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCJYD4AwQD
X1IIAwQEbW8gAwQDsN0QAwQAuUE+MA0GCSqGSIb3DQEBCwUAA4IBAQABbn8Qkaw7
e+cDM/7wjDRgQsHUv8zf1N2aHb5ALxMk/9vXUZFtc2WgbWUSCqvJ3bdsVENeu1kV
yRa+Llf7lHpgoxVjakA/g226soWj/yBxYmAF3z+f3CW3ZIdXUHI9y2mNMacXi3VS
yZrdApGZN9nRyjF8vCObGJUymb3fJEbd4J1NhurJe91CEzIJkLuaES8kqdFyt80t
YpyMBaK2RU95h0/03GBxvyVE4ox3MwbLT5gGizivZZMfZxNM0cAeOVqf/uNXDQCO
iBEMz+HRB6PdWGYJjtODCPJOsZPiTh6gFKbt2897alkxBNXhLIJf1hPduhldTm4d
4uTD809/Is7A
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:19:03 2025 by rpki-client