Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/HCC23A2A2_PzncSs9H56RDMycWY.roa
File: HCC23A2A2_PzncSs9H56RDMycWY.roa (raw, json)
Hash identifier: VExK/Rpn3fxg7gQZLdgOsjXd1rF6c9ZKkpnJ+uKc8zE=
Subject key identifier: 1C:20:B6:DC:0D:80:DB:F3:F3:9D:C4:AC:F4:7E:7A:44:33:32:71:66
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018A212AFE20596792869C2E6CDDC4AB89F4
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/HCC23A2A2_PzncSs9H56RDMycWY.roa
Signing time: Wed 23 Aug 2023 06:53:00 +0000
ROA not before: Wed 23 Aug 2023 06:53:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
176.221.24.0/21 maxlen: 24
37.128.252.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
37.128.254.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:21:2a:fe:20:59:67:92:86:9c:2e:6c:dd:c4:ab:89:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Aug 23 06:53:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1c20b6dc0d80dbf3f39dc4acf47e7a4433327166
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:22:4e:bc:5e:f7:4e:34:20:f7:d7:1d:5f:4b:
4b:52:64:54:e2:57:d5:d9:57:d4:36:ca:1d:21:9c:
bc:cd:32:18:fc:de:e1:d8:b0:8c:64:e7:d7:da:51:
53:f4:43:e0:08:ee:f7:02:e3:a7:f3:af:ff:5f:ed:
01:84:71:01:88:09:46:39:13:a7:ec:79:1d:a4:b7:
bc:c6:50:e9:8a:1b:1f:71:90:1f:fd:9f:06:5a:0b:
37:98:b0:64:92:61:29:a4:cb:bd:ec:70:39:15:2e:
19:0e:72:52:b6:22:bf:98:17:e2:c0:3f:fe:b9:52:
f7:3d:40:4c:a3:bc:3f:65:a4:1b:d8:d8:10:a8:4d:
c0:04:c7:3e:77:38:f1:b5:89:e0:67:82:f5:6f:ab:
cb:6c:30:e6:55:9a:f4:8b:49:bd:99:43:89:0f:29:
7b:06:01:8f:a7:dc:b3:dc:5a:91:65:4e:f5:39:e7:
48:4a:b5:2b:90:b8:d9:2d:e9:2f:f3:31:44:f6:31:
5e:e6:62:75:38:2e:58:fc:c1:3f:72:b1:3c:4e:fd:
a8:20:da:8f:af:b1:b1:0b:3b:c0:47:45:44:64:43:
23:f2:60:91:7b:b2:1b:a1:76:bd:75:b7:7e:ea:1d:
c4:75:79:a0:e4:9d:9d:37:31:4c:fd:a6:40:76:5b:
2d:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:20:B6:DC:0D:80:DB:F3:F3:9D:C4:AC:F4:7E:7A:44:33:32:71:66
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/HCC23A2A2_PzncSs9H56RDMycWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/21
95.82.0.0/21
176.221.24.0/21
Signature Algorithm: sha256WithRSAEncryption
46:03:28:dd:60:64:6b:95:66:7f:b0:d4:ff:28:81:87:fb:35:
57:14:25:93:f8:80:28:20:e8:db:4d:69:54:f1:ab:f7:a9:f7:
dc:eb:27:6d:bb:8c:46:85:91:6c:d7:f1:06:4a:46:72:40:be:
78:53:96:27:64:ca:e7:f2:aa:11:af:c2:ca:69:96:55:46:9f:
a1:f4:1e:e5:63:5b:6b:f1:cc:c1:e3:02:2a:18:b3:14:87:d6:
5d:0e:e9:de:79:73:51:08:bc:bd:11:22:54:3a:47:7f:34:f7:
59:f3:9e:8e:e7:57:d7:97:9b:e0:1d:44:1d:ae:37:7b:df:fd:
4f:38:f0:54:de:aa:59:33:95:9e:17:fd:d6:f3:66:f4:2f:b0:
20:35:36:0a:66:ca:5a:e1:99:56:b0:5f:51:f7:6f:c4:d3:76:
5e:71:d8:9c:d9:24:15:cb:89:6b:94:3b:46:b2:ab:49:ae:07:
4c:e5:ce:d4:78:70:08:0b:15:b1:a7:0a:ed:a1:12:ef:3a:46:
5c:65:e1:e2:ec:03:d3:3f:ef:e9:78:5a:76:03:14:dc:5d:c9:
1a:0b:89:a2:18:e4:22:1a:e0:cb:70:73:99:ca:3e:b8:71:56:
c7:92:16:ae:a4:32:6d:01:87:5e:f1:b3:46:5f:69:96:a7:87:
22:c9:59:59
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYohKv4gWWeShpwubN3Eq4n0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwODIzMDY1MzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzIwYjZkYzBkODBkYmYzZjM5ZGM0YWNmNDdlN2E0NDMzMzI3MTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSJOvF73TjQg99cdX0tLUmRU4lfV
2VfUNsodIZy8zTIY/N7h2LCMZOfX2lFT9EPgCO73AuOn86//X+0BhHEBiAlGOROn
7HkdpLe8xlDpihsfcZAf/Z8GWgs3mLBkkmEppMu97HA5FS4ZDnJStiK/mBfiwD/+
uVL3PUBMo7w/ZaQb2NgQqE3ABMc+dzjxtYngZ4L1b6vLbDDmVZr0i0m9mUOJDyl7
BgGPp9yz3FqRZU71OedISrUrkLjZLekv8zFE9jFe5mJ1OC5Y/ME/crE8Tv2oINqP
r7GxCzvAR0VEZEMj8mCRe7IboXa9dbd+6h3EdXmg5J2dNzFM/aZAdlst7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBwgttwNgNvz853ErPR+ekQzMnFmMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvSENDMjNBMkEyX1B6bmNTczlINTZSRE15Y1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJYD4AwQD
X1IAAwQDsN0YMA0GCSqGSIb3DQEBCwUAA4IBAQBGAyjdYGRrlWZ/sNT/KIGH+zVX
FCWT+IAoIOjbTWlU8av3qffc6ydtu4xGhZFs1/EGSkZyQL54U5YnZMrn8qoRr8LK
aZZVRp+h9B7lY1tr8czB4wIqGLMUh9ZdDuneeXNRCLy9ESJUOkd/NPdZ856O51fX
l5vgHUQdrjd73/1POPBU3qpZM5WeF/3W82b0L7AgNTYKZspa4ZlWsF9R92/E03Ze
cdic2SQVy4lrlDtGsqtJrgdM5c7UeHAICxWxpwrtoRLvOkZcZeHi7APTP+/peFp2
AxTcXckaC4miGOQiGuDLcHOZyj64cVbHkhaupDJtAYde8bNGX2mWp4ciyVlZ
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:17:52 2025 by rpki-client