Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/GkBtu2L5_pzf2q6w5AKUWVid6lM.roa
File: GkBtu2L5_pzf2q6w5AKUWVid6lM.roa (raw, json)
Hash identifier: aYFWW9/M7rlKq3UMAk55N3DCXgiKt/SnJD+CyNFU9ks=
Subject key identifier: 1A:40:6D:BB:62:F9:FE:9C:DF:DA:AE:B0:E4:02:94:59:58:9D:EA:53
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018D65F7D21448AA44D0274CC75F1AE0E2E1
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/GkBtu2L5_pzf2q6w5AKUWVid6lM.roa
Signing time: Thu 01 Feb 2024 18:39:16 +0000
ROA not before: Thu 01 Feb 2024 18:39:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.8.0/21 maxlen: 24
95.82.32.0/21 maxlen: 21
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:65:f7:d2:14:48:aa:44:d0:27:4c:c7:5f:1a:e0:e2:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Feb 1 18:39:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1a406dbb62f9fe9cdfdaaeb0e4029459589dea53
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:12:f4:2c:d2:0e:e2:e1:87:dd:2c:44:3f:9d:
63:0b:e6:55:e7:1e:35:a3:ee:19:6e:b0:c1:0d:58:
bc:09:b2:b3:66:0e:6c:88:cf:87:68:ef:c9:10:8a:
06:b7:df:c3:16:b7:d0:97:78:b3:f8:4a:7e:34:81:
34:e6:2c:f0:ab:93:74:8d:c6:7c:60:49:bd:95:21:
14:2f:c4:27:38:97:e1:2b:36:6f:02:66:0e:28:15:
48:88:77:52:55:14:cf:3b:e3:81:83:40:8a:1d:e1:
b6:b9:b3:46:ec:0a:93:9b:38:6a:8b:c6:01:a4:12:
0a:e4:de:13:b0:ce:0d:f8:46:2d:bb:d8:28:fa:1c:
04:8d:32:04:23:42:72:3c:6e:ef:ca:2b:0f:3c:af:
32:3b:9b:91:ce:1e:3c:e6:6c:2c:be:41:b3:05:1c:
b9:1f:fd:fe:80:d3:c2:d6:08:d7:51:e3:96:d6:78:
1a:de:28:ed:f2:81:00:77:50:4f:c4:b8:bb:9e:73:
ce:46:cb:ea:01:27:d2:b0:1b:37:91:f4:c5:71:25:
4a:7f:c4:80:ae:72:f0:93:24:1d:f7:6c:b6:d7:b0:
48:f8:35:d6:66:f0:b4:83:81:47:c9:86:4c:b6:f2:
6d:ac:3e:a3:0a:8d:59:7c:38:da:0d:79:ff:1a:f0:
a5:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:40:6D:BB:62:F9:FE:9C:DF:DA:AE:B0:E4:02:94:59:58:9D:EA:53
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/GkBtu2L5_pzf2q6w5AKUWVid6lM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.8.0/21
95.82.32.0/21
109.111.32.0/20
176.221.16.0/21
Signature Algorithm: sha256WithRSAEncryption
98:53:d2:58:00:42:e9:69:67:b2:b2:62:71:94:0f:f8:d9:f0:
60:ed:2f:cd:d7:22:31:18:8c:c4:59:cd:38:32:db:f9:ad:83:
e2:8f:a5:13:f0:1e:2b:9a:b9:05:70:02:50:d5:96:e8:07:f2:
ca:f8:b8:1d:6d:59:57:1f:26:8e:0c:64:14:48:22:71:fa:13:
41:35:41:ae:c9:fa:5e:d3:3c:af:fa:4a:bb:f5:a0:e0:9e:87:
9f:a3:0a:78:ca:fc:21:b2:63:4d:b7:ae:f2:27:c9:f4:2c:4f:
de:36:87:15:cb:03:0d:f2:2f:01:49:d6:84:b6:3b:81:ca:7b:
2b:dd:f3:2c:7e:fe:97:72:f1:b8:2e:c5:19:32:c7:c2:94:89:
e1:e1:6c:65:27:51:19:63:8e:41:90:6b:68:16:46:60:ae:ec:
82:69:8b:ba:ac:0a:8b:98:27:4a:79:8c:e6:4c:eb:39:a5:82:
42:8e:e8:b8:06:e2:49:d5:23:38:b8:d3:fa:8a:2b:a8:0c:43:
48:3f:04:34:83:54:0a:da:43:a1:8f:5d:17:fd:59:61:8e:35:
11:4b:36:e9:03:b8:2a:9c:52:d6:a3:76:5c:0f:00:2f:cf:b0:
f4:37:80:55:b2:3f:13:e1:79:c5:7d:cd:a1:e6:38:33:75:37:
1b:72:42:b5
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY1l99IUSKpE0CdMx18a4OLhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMjAxMTgzOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQwNmRiYjYyZjlmZTljZGZkYWFlYjBlNDAyOTQ1OTU4OWRlYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhL0LNIO4uGH3SxEP51jC+ZV5x41
o+4ZbrDBDVi8CbKzZg5siM+HaO/JEIoGt9/DFrfQl3iz+Ep+NIE05izwq5N0jcZ8
YEm9lSEUL8QnOJfhKzZvAmYOKBVIiHdSVRTPO+OBg0CKHeG2ubNG7AqTmzhqi8YB
pBIK5N4TsM4N+EYtu9go+hwEjTIEI0JyPG7vyisPPK8yO5uRzh485mwsvkGzBRy5
H/3+gNPC1gjXUeOW1nga3ijt8oEAd1BPxLi7nnPORsvqASfSsBs3kfTFcSVKf8SA
rnLwkyQd92y217BI+DXWZvC0g4FHyYZMtvJtrD6jCo1ZfDjaDXn/GvClzwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBpAbbti+f6c39qusOQClFlYnepTMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvR2tCdHUyTDVfcHpmMnE2dzVBS1VXVmlkNmxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCJYD4AwQD
X1IIAwQDX1IgAwQEbW8gAwQDsN0QMA0GCSqGSIb3DQEBCwUAA4IBAQCYU9JYAELp
aWeysmJxlA/42fBg7S/N1yIxGIzEWc04Mtv5rYPij6UT8B4rmrkFcAJQ1ZboB/LK
+LgdbVlXHyaODGQUSCJx+hNBNUGuyfpe0zyv+kq79aDgnoefowp4yvwhsmNNt67y
J8n0LE/eNocVywMN8i8BSdaEtjuBynsr3fMsfv6XcvG4LsUZMsfClInh4WxlJ1EZ
Y45BkGtoFkZgruyCaYu6rAqLmCdKeYzmTOs5pYJCjui4BuJJ1SM4uNP6iiuoDENI
PwQ0g1QK2kOhj10X/VlhjjURSzbpA7gqnFLWo3ZcDwAvz7D0N4BVsj8T4XnFfc2h
5jgzdTcbckK1
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:22:20 2025 by rpki-client