Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/B9zizlU8AeJ6OoL5XKH5pxn6Tb0.roa
File: B9zizlU8AeJ6OoL5XKH5pxn6Tb0.roa (raw, json)
Hash identifier: ecOpir4ETmW4nsf0LfHuH5sRXNFEI2Jk/OQPkosPk9s=
Subject key identifier: 07:DC:E2:CE:55:3C:01:E2:7A:3A:82:F9:5C:A1:F9:A7:19:FA:4D:BD
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0192B1453B5C215123F1B07E556B837C4CB2
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/B9zizlU8AeJ6OoL5XKH5pxn6Tb0.roa
Signing time: Mon 21 Oct 2024 22:49:17 +0000
ROA not before: Mon 21 Oct 2024 22:49:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 95.82.8.0/21 maxlen: 24
95.82.16.0/20 maxlen: 24
109.111.52.0/22 maxlen: 24
176.221.20.0/23 maxlen: 24
176.221.22.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:b1:45:3b:5c:21:51:23:f1:b0:7e:55:6b:83:7c:4c:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Oct 21 22:49:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=07dce2ce553c01e27a3a82f95ca1f9a719fa4dbd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:10:9c:ea:46:ea:ff:85:5d:37:3d:4f:c8:f7:
8c:9d:e2:0b:91:12:9f:a4:59:c7:b0:f9:fa:e7:bb:
95:04:d3:63:56:54:4e:9c:c7:a2:cc:47:c1:05:26:
75:fc:c3:06:4a:98:cf:13:3f:cf:90:c3:a5:c8:65:
29:2f:97:02:4a:10:f7:48:fc:f4:aa:0e:6e:f6:3b:
6b:7a:59:f4:35:84:4c:19:af:ad:35:4e:0e:e6:cb:
9a:ff:06:d3:01:52:bd:6d:d8:df:05:cc:56:1a:74:
03:95:02:c4:3b:b2:5e:bd:8b:88:52:29:da:18:08:
62:97:d7:24:a4:10:7b:c3:53:48:1b:e3:8b:cb:ea:
f0:70:e5:a0:7e:e2:c5:da:77:aa:05:88:0b:da:ad:
b2:43:d6:81:08:56:eb:d7:52:7c:10:7e:7e:4c:9d:
51:45:94:0f:ad:ef:27:c1:0a:df:46:59:e4:76:ab:
df:3a:a3:89:38:4e:c1:27:eb:17:c3:f5:85:8d:ff:
a1:d9:3d:68:e4:37:92:09:d0:15:41:f2:65:5f:e7:
70:56:1c:43:95:f2:90:9b:20:42:70:9c:8e:01:f5:
14:a4:69:27:9c:3b:5d:3a:1e:86:36:a5:ce:01:de:
81:a7:b4:47:bc:06:9d:84:93:37:c9:00:bb:43:52:
13:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:DC:E2:CE:55:3C:01:E2:7A:3A:82:F9:5C:A1:F9:A7:19:FA:4D:BD
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/B9zizlU8AeJ6OoL5XKH5pxn6Tb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.8.0-95.82.31.255
109.111.52.0/22
176.221.20.0/22
Signature Algorithm: sha256WithRSAEncryption
4c:11:39:0a:ed:f6:4a:3f:b2:e2:d5:f9:06:d5:93:15:3b:23:
5d:93:68:43:ef:75:ba:ef:37:2d:8d:6d:4e:4e:ae:0d:2f:3a:
93:15:9f:d7:30:1e:fc:c2:58:19:e5:de:1b:26:9f:13:e0:b2:
90:94:41:5c:44:c6:2c:7e:97:e9:97:56:25:4e:cf:65:0d:a5:
58:dc:30:f0:09:d0:82:01:1f:6b:08:52:d3:57:f8:5a:9f:97:
ce:b7:56:66:a2:e1:00:50:e3:75:f2:53:95:40:c9:7f:3f:5c:
6b:5e:de:c8:c3:87:d9:4c:8e:eb:d7:11:05:e3:b3:95:80:61:
5b:23:ac:67:c2:a4:7f:dd:cf:c8:59:dd:5d:2a:f4:ca:4a:cb:
9b:e9:39:25:01:76:75:5b:ce:ef:40:c2:ef:2a:1e:35:ea:0d:
72:df:78:69:ef:51:09:53:b6:78:40:f3:d4:95:db:1c:b7:bd:
a2:42:a2:da:97:72:04:5b:34:b0:b9:3a:6b:c0:62:0d:e1:02:
8e:c5:97:b4:94:bc:f9:97:5d:d3:7d:75:c7:4c:c4:93:1d:55:
0d:02:f8:c0:cc:18:e2:f3:a9:c6:10:d3:b2:e5:1b:9e:fd:5f:
28:8b:9a:6e:35:72:da:e8:e7:09:ec:04:2e:c5:0f:87:03:0e:
86:3a:eb:02
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZKxRTtcIVEj8bB+VWuDfEyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQxMDIxMjI0OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2RjZTJjZTU1M2MwMWUyN2EzYTgyZjk1Y2ExZjlhNzE5ZmE0ZGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RCc6kbq/4VdNz1PyPeMneILkRKf
pFnHsPn657uVBNNjVlROnMeizEfBBSZ1/MMGSpjPEz/PkMOlyGUpL5cCShD3SPz0
qg5u9jtreln0NYRMGa+tNU4O5sua/wbTAVK9bdjfBcxWGnQDlQLEO7JevYuIUina
GAhil9ckpBB7w1NIG+OLy+rwcOWgfuLF2neqBYgL2q2yQ9aBCFbr11J8EH5+TJ1R
RZQPre8nwQrfRlnkdqvfOqOJOE7BJ+sXw/WFjf+h2T1o5DeSCdAVQfJlX+dwVhxD
lfKQmyBCcJyOAfUUpGknnDtdOh6GNqXOAd6Bp7RHvAadhJM3yQC7Q1ITFwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAfc4s5VPAHiejqC+Vyh+acZ+k29MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvQjl6aXpsVThBZUo2T29MNVhLSDVweG42VGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBANfUggD
BAVfUgADBAJtbzQDBAKw3RQwDQYJKoZIhvcNAQELBQADggEBAEwROQrt9ko/suLV
+QbVkxU7I12TaEPvdbrvNy2NbU5Org0vOpMVn9cwHvzCWBnl3hsmnxPgspCUQVxE
xix+l+mXViVOz2UNpVjcMPAJ0IIBH2sIUtNX+Fqfl863Vmai4QBQ43XyU5VAyX8/
XGte3sjDh9lMjuvXEQXjs5WAYVsjrGfCpH/dz8hZ3V0q9MpKy5vpOSUBdnVbzu9A
wu8qHjXqDXLfeGnvUQlTtnhA89SV2xy3vaJCotqXcgRbNLC5OmvAYg3hAo7Fl7SU
vPmXXdN9dcdMxJMdVQ0C+MDMGOLzqcYQ07LlG579XyiLmm41ctro5wnsBC7FD4cD
DoY66wI=
-----END CERTIFICATE-----
Generated at Thu Mar 13 21:26:18 2025 by rpki-client