Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Hve0SBijv8cPwnX0TQyPLTmHes0.roa
File: Hve0SBijv8cPwnX0TQyPLTmHes0.roa (raw, json)
Hash identifier: dfdxfGhdmGJ33xHoIgz9Rb8ZJYdGBykeHJCxEziueEU=
Subject key identifier: 1E:F7:B4:48:18:A3:BF:C7:0F:C2:75:F4:4D:0C:8F:2D:39:87:7A:CD
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018D65F7D290553D58DC571875D3AB035008
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Hve0SBijv8cPwnX0TQyPLTmHes0.roa
Signing time: Thu 01 Feb 2024 18:39:16 +0000
ROA not before: Thu 01 Feb 2024 18:39:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 21859
IP address blocks: 95.82.0.0/21 maxlen: 24
185.65.62.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:65:f7:d2:90:55:3d:58:dc:57:18:75:d3:ab:03:50:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Feb 1 18:39:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1ef7b44818a3bfc70fc275f44d0c8f2d39877acd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:90:86:e4:b0:1c:bd:32:f4:af:b2:47:5a:8d:
10:b7:49:c2:f7:e0:5a:06:84:59:a8:c9:cf:3d:ed:
f8:5c:7b:e8:0f:a5:20:b1:b2:3f:a8:d6:57:6a:e1:
52:08:62:20:6c:1f:59:82:b4:f7:a2:57:3f:0f:f4:
15:70:da:91:93:6b:99:e0:fb:e3:78:fb:7f:36:51:
9f:81:d5:eb:75:49:ea:a9:35:c6:2f:4e:84:bf:95:
03:7d:5d:36:ba:1f:58:63:ed:89:2b:e6:70:cb:de:
b6:a7:b4:97:51:d8:86:4d:32:7d:88:a1:74:6c:17:
89:5b:31:fd:9b:51:be:1f:98:f0:af:d4:48:4d:12:
06:7b:4d:d6:d3:ac:54:a5:49:7d:47:67:a6:b4:21:
88:47:0f:1d:56:e8:b0:93:81:40:34:d6:fc:30:b1:
da:53:88:cb:d5:fc:0a:1b:27:7c:8d:2f:91:ba:57:
62:c6:82:be:f9:61:7d:ab:3d:63:94:38:0e:13:24:
c9:ce:ee:4f:01:4b:dc:39:d0:4d:c5:1e:b5:11:95:
b6:cd:3d:18:93:22:55:a6:a6:6a:fb:92:b3:99:ae:
cf:0f:6a:f9:69:01:74:77:99:db:f4:4a:36:1f:23:
d0:ed:f7:09:db:c0:19:13:db:e6:c9:fe:78:42:01:
08:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:F7:B4:48:18:A3:BF:C7:0F:C2:75:F4:4D:0C:8F:2D:39:87:7A:CD
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Hve0SBijv8cPwnX0TQyPLTmHes0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/21
185.65.62.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:44:20:2b:22:a2:5c:9d:f8:32:13:ab:05:ee:07:a8:31:70:
05:4e:1e:be:26:45:ed:04:0e:5d:fb:a8:3f:4a:d4:18:8a:1c:
0a:46:57:51:94:85:7b:5a:bf:dd:fd:c8:61:44:c1:53:3f:92:
bd:f6:3a:ba:2e:c5:68:31:3f:27:51:9b:6c:ae:74:f2:d6:b3:
db:15:75:1a:98:eb:30:de:a5:92:27:2f:e1:82:ca:b8:44:f3:
8c:7c:ad:4a:aa:c9:f2:85:bc:93:b8:16:53:62:0b:bc:3f:0c:
19:e9:4d:c6:0f:3d:00:12:85:e3:04:6c:04:72:30:84:50:1e:
e2:f5:6b:69:ea:b5:ba:a7:fb:a9:36:c3:95:ca:b4:bc:de:a1:
13:30:ee:c5:47:4d:e3:8a:36:b3:23:f9:4c:3b:56:05:d8:66:
f1:12:5f:74:06:b3:4a:ad:8d:4a:8a:3a:69:40:40:0f:eb:d8:
c7:20:9f:a9:67:68:ac:ce:12:db:6e:20:34:8e:a8:74:e3:e4:
40:2e:fe:84:88:9b:d4:b7:c6:74:03:06:9c:1d:9e:46:a1:2f:
0d:c7:65:28:b3:6d:53:90:b7:7b:15:c9:c1:00:f5:fc:b1:aa:
4a:97:c9:a2:de:81:1e:77:df:99:e0:c0:f8:76:34:cc:1f:bd:
49:8c:8b:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1l99KQVT1Y3FcYddOrA1AIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMjAxMTgzOTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWY3YjQ0ODE4YTNiZmM3MGZjMjc1ZjQ0ZDBjOGYyZDM5ODc3YWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppCG5LAcvTL0r7JHWo0Qt0nC9+Ba
BoRZqMnPPe34XHvoD6UgsbI/qNZXauFSCGIgbB9ZgrT3olc/D/QVcNqRk2uZ4Pvj
ePt/NlGfgdXrdUnqqTXGL06Ev5UDfV02uh9YY+2JK+Zwy962p7SXUdiGTTJ9iKF0
bBeJWzH9m1G+H5jwr9RITRIGe03W06xUpUl9R2emtCGIRw8dVuiwk4FANNb8MLHa
U4jL1fwKGyd8jS+RuldixoK++WF9qz1jlDgOEyTJzu5PAUvcOdBNxR61EZW2zT0Y
kyJVpqZq+5Kzma7PD2r5aQF0d5nb9Eo2HyPQ7fcJ28AZE9vmyf54QgEIIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB73tEgYo7/HD8J19E0Mjy05h3rNMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvSHZlMFNCaWp2OGNQd25YMFRReVBMVG1IZXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX1IAAwQA
uUE+MA0GCSqGSIb3DQEBCwUAA4IBAQAaRCArIqJcnfgyE6sF7geoMXAFTh6+JkXt
BA5d+6g/StQYihwKRldRlIV7Wr/d/chhRMFTP5K99jq6LsVoMT8nUZtsrnTy1rPb
FXUamOsw3qWSJy/hgsq4RPOMfK1KqsnyhbyTuBZTYgu8PwwZ6U3GDz0AEoXjBGwE
cjCEUB7i9Wtp6rW6p/upNsOVyrS83qETMO7FR03jijazI/lMO1YF2GbxEl90BrNK
rY1KijppQEAP69jHIJ+pZ2iszhLbbiA0jqh04+RALv6EiJvUt8Z0AwacHZ5GoS8N
x2Uos21TkLd7FcnBAPX8sapKl8mi3oEed9+Z4MD4djTMH71JjIuF
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:17:52 2025 by rpki-client