Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/A2H0F-ND7_C_PgTZ5bSbLIUx0X4.roa
File: A2H0F-ND7_C_PgTZ5bSbLIUx0X4.roa (raw, json)
Hash identifier: tOq2raIk9w/kT5K64FI115do4egqUwEUPASfCfPhQHI=
Subject key identifier: 03:61:F4:17:E3:43:EF:F0:BF:3E:04:D9:E5:B4:9B:2C:85:31:D1:7E
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01941FFA81CDF77139AFF2CC05B5985B05D8
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/A2H0F-ND7_C_PgTZ5bSbLIUx0X4.roa
Signing time: Wed 01 Jan 2025 03:48:18 +0000
ROA not before: Wed 01 Jan 2025 03:48:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.42.0/23 maxlen: 24
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:81:cd:f7:71:39:af:f2:cc:05:b5:98:5b:05:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 1 03:48:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0361f417e343eff0bf3e04d9e5b49b2c8531d17e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:91:5e:a7:16:f4:28:21:96:a8:51:6a:1e:14:
75:29:bb:44:da:86:b6:40:ca:7c:27:bd:e4:42:42:
96:08:02:63:a5:e5:ac:78:8a:29:20:36:32:5c:dc:
cd:96:38:50:ed:a6:dd:c3:b3:81:ef:82:52:e7:3e:
fa:79:05:71:28:f5:ee:3d:61:26:ed:93:68:a8:c2:
02:55:e1:f7:3d:2e:dc:cc:85:71:c1:d5:f6:b2:3c:
cb:9c:a1:69:95:5b:5a:e7:ec:14:56:33:e5:31:71:
ef:cd:b6:4a:e1:38:3f:c9:27:10:e1:45:95:57:44:
02:da:f0:7a:5a:c8:d8:55:04:b6:eb:c4:ec:df:09:
fa:6f:1d:e3:67:e3:65:42:76:61:66:31:04:43:69:
40:2d:49:f6:ef:b5:dc:8f:2d:14:42:61:78:e8:32:
a7:d6:3e:3f:9f:b2:39:3c:98:a0:af:51:5c:4a:9c:
fe:a9:7d:14:44:85:a6:36:85:1e:7a:c8:75:e8:44:
ef:51:3f:04:ea:3a:d9:7b:cd:a6:92:9e:39:45:ec:
3a:54:cd:34:4a:ea:f0:9d:1b:8f:5a:e6:05:92:cf:
13:83:75:cf:51:d4:c3:5f:9a:3b:2c:4d:54:62:7e:
3c:bc:04:8b:56:1c:61:ac:06:d4:c7:57:97:15:9f:
e1:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:61:F4:17:E3:43:EF:F0:BF:3E:04:D9:E5:B4:9B:2C:85:31:D1:7E
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/A2H0F-ND7_C_PgTZ5bSbLIUx0X4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/20
109.111.32.0/20
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
86:28:39:a1:27:18:d6:0a:c3:36:5b:8e:d6:b6:34:a3:a8:b3:
66:5e:3a:c0:2d:09:6a:00:15:80:32:fe:b7:61:92:ad:a4:33:
ea:dd:c1:23:a2:f8:81:5b:0a:92:1d:4e:70:83:7a:50:2f:3d:
96:54:36:e0:dc:26:5e:b2:b3:d0:cc:e3:a5:6e:2e:90:05:e2:
2e:b2:ae:75:f1:95:47:ae:8e:67:c0:2b:71:93:b2:fd:f2:56:
85:04:06:8d:1f:a1:0e:d0:56:d4:27:1b:ea:55:30:ac:81:b0:
c6:d7:ed:ac:cf:3d:94:f6:cd:21:73:79:a5:1f:72:20:47:a5:
32:00:7d:2d:50:f9:a8:8d:5c:17:46:5e:24:8d:f5:26:60:fd:
66:48:88:42:52:b4:2d:ee:18:67:ff:a4:26:70:b6:af:29:6f:
6e:7a:87:36:3e:04:45:fa:87:6a:3b:5d:19:cb:e4:f1:49:67:
51:67:8d:09:74:02:fa:3c:79:38:36:2d:81:73:ce:09:76:f5:
85:35:9a:58:02:f1:b9:45:d4:62:b4:e7:71:e2:b9:4d:59:a2:
f8:82:69:41:c4:b2:ef:31:72:28:1f:81:c3:dc:25:b5:55:02:
ab:2e:d7:3d:50:85:cc:e1:cf:c6:6f:bf:0f:d8:6a:83:80:d1:
b9:33:6c:57
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQf+oHN93E5r/LMBbWYWwXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzYxZjQxN2UzNDNlZmYwYmYzZTA0ZDllNWI0OWIyYzg1MzFkMTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65Fepxb0KCGWqFFqHhR1KbtE2oa2
QMp8J73kQkKWCAJjpeWseIopIDYyXNzNljhQ7abdw7OB74JS5z76eQVxKPXuPWEm
7ZNoqMICVeH3PS7czIVxwdX2sjzLnKFplVta5+wUVjPlMXHvzbZK4Tg/yScQ4UWV
V0QC2vB6WsjYVQS268Ts3wn6bx3jZ+NlQnZhZjEEQ2lALUn277Xcjy0UQmF46DKn
1j4/n7I5PJigr1FcSpz+qX0URIWmNoUeesh16ETvUT8E6jrZe82mkp45Rew6VM00
SurwnRuPWuYFks8Tg3XPUdTDX5o7LE1UYn48vASLVhxhrAbUx1eXFZ/hVQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFANh9BfjQ+/wvz4E2eW0myyFMdF+MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvQTJIMEYtTkQ3X0NfUGdUWjViU2JMSVV4MFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEX1IAAwQE
bW8gMAwDBAKw3RQDBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAIYoOaEnGNYKwzZb
jta2NKOos2ZeOsAtCWoAFYAy/rdhkq2kM+rdwSOi+IFbCpIdTnCDelAvPZZUNuDc
Jl6ys9DM46VuLpAF4i6yrnXxlUeujmfAK3GTsv3yVoUEBo0foQ7QVtQnG+pVMKyB
sMbX7azPPZT2zSFzeaUfciBHpTIAfS1Q+aiNXBdGXiSN9SZg/WZIiEJStC3uGGf/
pCZwtq8pb256hzY+BEX6h2o7XRnL5PFJZ1FnjQl0Avo8eTg2LYFzzgl29YU1mlgC
8blF1GK053HiuU1ZoviCaUHEsu8xcigfgcPcJbVVAqsu1z1Qhczhz8Zvvw/YaoOA
0bkzbFc=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:16:24 2025 by rpki-client