Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/GDFPiRc8PICe39CmkjBScIUi1CQ.roa
File: GDFPiRc8PICe39CmkjBScIUi1CQ.roa (raw, json)
Hash identifier: OAtwM+1yTt3knVGL47pDD+0Y/P6XwObhMctXsycxNVc=
Subject key identifier: 18:31:4F:89:17:3C:3C:80:9E:DF:D0:A6:92:30:52:70:85:22:D4:24
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018722501F7C991C54CF4DCB097400AAADCC
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/GDFPiRc8PICe39CmkjBScIUi1CQ.roa
Signing time: Mon 27 Mar 2023 09:04:48 +0000
ROA not before: Mon 27 Mar 2023 09:04:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 95.82.8.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:22:50:1f:7c:99:1c:54:cf:4d:cb:09:74:00:aa:ad:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Mar 27 09:04:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=18314f89173c3c809edfd0a6923052708522d424
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:2d:4e:60:d4:f5:a0:1b:4c:a4:87:a7:88:27:
ae:f6:ab:10:d5:07:3a:20:67:2d:88:f5:d1:e4:da:
63:26:d8:98:4b:26:03:4d:bb:5c:9d:c5:58:d5:7d:
39:5c:51:b3:01:9a:6a:4a:e2:51:2f:77:3e:cc:54:
9a:40:37:d0:36:34:9f:01:11:ff:36:9c:11:fe:9f:
e2:18:89:e0:a1:44:40:2a:af:c0:57:55:1f:d1:52:
2e:6e:96:f9:4a:25:ee:c7:3c:41:4b:d4:2e:a5:2d:
a5:bf:1e:28:1b:01:a7:c6:47:29:4b:80:28:a2:ea:
b1:c5:e7:b9:1e:02:5c:05:93:16:db:86:80:47:15:
4d:6a:36:12:90:bb:72:f6:a0:3f:ea:72:17:db:2c:
61:3d:8f:4c:92:67:4e:51:74:e2:bc:31:b4:9c:7c:
6c:25:c2:ac:0e:9f:98:14:e4:19:99:c7:97:9c:ce:
4f:5f:93:b8:4c:5c:fe:3f:31:39:a3:7a:cf:e0:07:
49:12:70:66:ec:5a:50:99:fa:ef:8d:5d:86:19:85:
6e:2f:c9:89:90:6f:72:14:60:b7:46:d8:7c:2d:a3:
40:66:fc:b1:d6:d8:10:3f:f7:32:bf:ae:69:cd:8a:
8c:c3:81:33:5c:26:cd:7b:d4:dd:2d:12:89:6c:da:
a8:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:31:4F:89:17:3C:3C:80:9E:DF:D0:A6:92:30:52:70:85:22:D4:24
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/GDFPiRc8PICe39CmkjBScIUi1CQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.8.0/21
Signature Algorithm: sha256WithRSAEncryption
64:0b:bf:ed:d2:03:df:f6:34:ff:68:ba:c9:d6:ca:20:38:df:
22:f9:51:43:87:dd:b3:19:1a:d8:b3:68:da:1b:04:96:7a:24:
45:08:7a:04:57:33:d8:5c:c3:de:65:9e:8a:31:c2:13:f0:b4:
95:d8:31:d0:ba:18:42:8b:e8:ba:68:77:84:61:3a:19:ca:a8:
d3:98:14:2a:5c:1d:c8:20:00:72:9f:ad:22:3a:71:af:fb:7e:
5f:65:8c:73:ab:0a:d2:da:d3:c3:12:c6:a5:32:83:67:e6:b4:
86:7a:13:20:d3:fd:0c:60:ce:ab:b5:79:4e:f6:74:b1:3f:43:
f4:65:f6:01:a6:69:ee:a6:9c:cb:49:49:33:7f:e8:0e:7e:3e:
91:47:71:5a:8a:06:c5:bc:78:35:e1:86:78:8c:b2:e5:e6:8a:
27:42:db:e0:e9:fd:59:bc:06:33:ea:b4:0b:de:05:5d:19:74:
c9:d3:4a:27:2e:da:e8:39:25:ef:5f:56:8c:6c:ff:50:ef:c5:
a5:94:86:4a:18:84:59:bc:b9:c5:68:f1:a1:45:cb:8a:7d:c8:
5a:da:42:db:e8:e6:b6:90:91:88:c3:f2:d4:be:be:15:f1:2c:
de:d2:cd:41:fc:82:83:6b:30:7e:f9:05:7f:bf:da:c9:4c:3c:
39:ff:c4:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYciUB98mRxUz03LCXQAqq3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwMzI3MDkwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODMxNGY4OTE3M2MzYzgwOWVkZmQwYTY5MjMwNTI3MDg1MjJkNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArS1OYNT1oBtMpIeniCeu9qsQ1Qc6
IGctiPXR5NpjJtiYSyYDTbtcncVY1X05XFGzAZpqSuJRL3c+zFSaQDfQNjSfARH/
NpwR/p/iGIngoURAKq/AV1Uf0VIubpb5SiXuxzxBS9QupS2lvx4oGwGnxkcpS4Ao
ouqxxee5HgJcBZMW24aARxVNajYSkLty9qA/6nIX2yxhPY9MkmdOUXTivDG0nHxs
JcKsDp+YFOQZmceXnM5PX5O4TFz+PzE5o3rP4AdJEnBm7FpQmfrvjV2GGYVuL8mJ
kG9yFGC3Rth8LaNAZvyx1tgQP/cyv65pzYqMw4EzXCbNe9TdLRKJbNqo7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgxT4kXPDyAnt/QppIwUnCFItQkMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvR0RGUGlSYzhQSUNlMzlDbWtqQlNjSVVpMUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX1IIMA0G
CSqGSIb3DQEBCwUAA4IBAQBkC7/t0gPf9jT/aLrJ1sogON8i+VFDh92zGRrYs2ja
GwSWeiRFCHoEVzPYXMPeZZ6KMcIT8LSV2DHQuhhCi+i6aHeEYToZyqjTmBQqXB3I
IAByn60iOnGv+35fZYxzqwrS2tPDEsalMoNn5rSGehMg0/0MYM6rtXlO9nSxP0P0
ZfYBpmnuppzLSUkzf+gOfj6RR3FaigbFvHg14YZ4jLLl5oonQtvg6f1ZvAYz6rQL
3gVdGXTJ00onLtroOSXvX1aMbP9Q78WllIZKGIRZvLnFaPGhRcuKfcha2kLb6Oa2
kJGIw/LUvr4V8Sze0s1B/IKDazB++QV/v9rJTDw5/8SZ
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:25:42 2025 by rpki-client