Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Cn58if76tvXKUHP5L2qcvhLNpjw.roa
File: Cn58if76tvXKUHP5L2qcvhLNpjw.roa (raw, json)
Hash identifier: 36E4p3SKQh8inTZKM4ys067oIhknXTLrGBGlZi1qbMg=
Subject key identifier: 0A:7E:7C:89:FE:FA:B6:F5:CA:50:73:F9:2F:6A:9C:BE:12:CD:A6:3C
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018ED1D0843E4C262A7E01842B1C4AA0E478
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Cn58if76tvXKUHP5L2qcvhLNpjw.roa
Signing time: Fri 12 Apr 2024 10:18:07 +0000
ROA not before: Fri 12 Apr 2024 10:18:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
176.221.20.0/23 maxlen: 24
176.221.24.0/22 maxlen: 24
185.65.62.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:d1:d0:84:3e:4c:26:2a:7e:01:84:2b:1c:4a:a0:e4:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Apr 12 10:18:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0a7e7c89fefab6f5ca5073f92f6a9cbe12cda63c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:14:f2:bc:2b:ee:09:d5:1d:da:76:e4:0a:01:
ff:d7:3b:a2:fe:c7:0a:d3:f2:85:01:61:62:ad:fc:
96:d3:06:9b:67:ee:a2:98:28:a8:13:fe:bb:16:c1:
15:4b:ce:6a:80:a6:94:7b:9c:81:9f:f9:aa:74:a1:
37:8f:b2:67:68:4d:72:f7:21:79:35:5e:47:40:25:
48:e3:77:0b:cb:d2:38:02:5e:6e:0b:64:42:74:95:
4b:29:76:53:0c:e7:d7:42:8a:a0:5d:1b:a6:15:34:
32:a1:63:9b:96:23:90:35:5e:b3:b0:a9:d1:31:c6:
79:de:21:79:f0:12:ed:ab:ff:63:df:0d:19:1e:f6:
b6:2e:c8:cc:2d:a7:32:4e:d5:8c:88:6c:dc:a6:1a:
a7:e0:eb:d8:d8:96:38:d6:b3:c0:42:03:d6:77:e9:
d6:49:8d:8c:70:89:00:40:37:88:ce:af:fd:8a:b7:
35:38:78:ac:bb:35:bd:bc:7e:55:e6:15:a7:b8:6f:
5b:66:15:6d:bd:ed:0d:c3:26:96:75:ae:6f:d5:df:
38:07:66:3f:42:d2:dc:b2:0b:0f:ae:f1:65:22:ba:
84:ca:4b:04:b7:02:ee:d4:90:87:5a:b2:89:2e:82:
c4:8c:1e:08:75:71:78:88:37:a3:15:7d:6e:29:bb:
6d:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:7E:7C:89:FE:FA:B6:F5:CA:50:73:F9:2F:6A:9C:BE:12:CD:A6:3C
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Cn58if76tvXKUHP5L2qcvhLNpjw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
109.111.32.0/20
176.221.16.0-176.221.27.255
185.65.62.0/24
Signature Algorithm: sha256WithRSAEncryption
54:b7:03:60:1a:f6:8d:1e:16:b3:f8:b8:ed:38:db:70:75:d2:
c7:4d:e8:6e:ad:97:12:4e:2f:04:71:79:c0:c3:88:10:71:cb:
b7:f8:00:dd:d1:55:1d:6e:de:39:0a:55:8e:7a:68:94:2a:36:
d0:77:ac:5f:97:84:2e:63:ad:7f:43:c1:97:68:47:81:82:dd:
57:20:2b:6b:d9:93:79:da:38:d2:e2:19:ce:7f:8c:33:4e:e7:
24:ec:a3:14:9f:a8:00:1e:27:8e:2a:26:e6:4f:fd:be:72:96:
12:9c:21:97:31:12:20:28:5b:d4:60:92:80:fa:45:aa:c0:fe:
bb:75:17:3e:13:00:f5:95:e0:11:d5:42:f5:e7:02:22:d9:71:
3e:74:6f:10:07:87:55:7d:99:19:f2:2f:d3:5e:19:0c:93:56:
15:36:a2:b2:5a:86:16:24:72:b9:1a:5b:ce:b7:c0:82:74:ee:
41:e2:0c:f6:7a:65:49:92:4e:cf:5b:b0:e7:48:c5:70:eb:55:
25:26:e2:f8:84:76:25:20:f0:d9:55:a2:bd:46:3f:97:4e:b4:
ca:1e:a7:b3:7b:8e:34:b6:cc:5d:15:d6:0f:a6:c3:8b:48:2a:
53:ff:38:ab:78:8d:4d:de:4b:2b:b8:48:cb:dd:7d:85:15:08:
37:e4:4e:af
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAY7R0IQ+TCYqfgGEKxxKoOR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNDEyMTAxODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTdlN2M4OWZlZmFiNmY1Y2E1MDczZjkyZjZhOWNiZTEyY2RhNjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRTyvCvuCdUd2nbkCgH/1zui/scK
0/KFAWFirfyW0wabZ+6imCioE/67FsEVS85qgKaUe5yBn/mqdKE3j7JnaE1y9yF5
NV5HQCVI43cLy9I4Al5uC2RCdJVLKXZTDOfXQoqgXRumFTQyoWObliOQNV6zsKnR
McZ53iF58BLtq/9j3w0ZHva2LsjMLacyTtWMiGzcphqn4OvY2JY41rPAQgPWd+nW
SY2McIkAQDeIzq/9irc1OHisuzW9vH5V5hWnuG9bZhVtve0NwyaWda5v1d84B2Y/
QtLcsgsPrvFlIrqEyksEtwLu1JCHWrKJLoLEjB4IdXF4iDejFX1uKbttvwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFAp+fIn++rb1ylBz+S9qnL4SzaY8MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvQ241OGlmNzZ0dlhLVUhQNUwycWN2aExOcGp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCJYD4AwQE
X1IAAwQEbW8gMAwDBASw3RADBAKw3RgDBAC5QT4wDQYJKoZIhvcNAQELBQADggEB
AFS3A2Aa9o0eFrP4uO0423B10sdN6G6tlxJOLwRxecDDiBBxy7f4AN3RVR1u3jkK
VY56aJQqNtB3rF+XhC5jrX9DwZdoR4GC3VcgK2vZk3naONLiGc5/jDNO5yTsoxSf
qAAeJ44qJuZP/b5ylhKcIZcxEiAoW9RgkoD6RarA/rt1Fz4TAPWV4BHVQvXnAiLZ
cT50bxAHh1V9mRnyL9NeGQyTVhU2orJahhYkcrkaW863wIJ07kHiDPZ6ZUmSTs9b
sOdIxXDrVSUm4viEdiUg8NlVor1GP5dOtMoep7N7jjS2zF0V1g+mw4tIKlP/OKt4
jU3eSyu4SMvdfYUVCDfkTq8=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:16:35 2025 by rpki-client