Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/KjCaEp9G_80h0aagD311AMGRVpQ.roa
File: KjCaEp9G_80h0aagD311AMGRVpQ.roa (raw, json)
Hash identifier: HWXXkgzix8R+F9aklE4ra7gx7zZ6Blcgd2IYgXNbECs=
Subject key identifier: 2A:30:9A:12:9F:46:FF:CD:21:D1:A6:A0:0F:7D:75:00:C1:91:56:94
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018C1026B5F67557B024ABD1DB8A83591BCA
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/KjCaEp9G_80h0aagD311AMGRVpQ.roa
Signing time: Mon 27 Nov 2023 09:40:21 +0000
ROA not before: Mon 27 Nov 2023 09:40:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
95.82.8.0/21 maxlen: 24
185.65.62.0/24 maxlen: 24
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
95.82.32.0/21 maxlen: 24
176.221.24.0/21 maxlen: 21
176.221.30.0/23 maxlen: 24
109.111.56.0/22 maxlen: 24
176.221.28.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:10:26:b5:f6:75:57:b0:24:ab:d1:db:8a:83:59:1b:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Nov 27 09:40:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a309a129f46ffcd21d1a6a00f7d7500c1915694
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:fa:3c:a9:5f:14:0d:27:9d:64:19:ac:b7:e9:
c7:91:3b:4b:24:99:4a:02:16:4c:21:06:a8:47:93:
13:99:e4:0f:7d:59:7c:50:da:81:ce:fd:42:6a:7e:
cd:fa:30:45:14:c2:80:55:34:a6:cb:d8:42:4b:a9:
29:2d:c3:db:81:22:1d:4b:3e:1f:9f:f9:77:52:bf:
77:d0:14:5a:3c:fd:47:cf:8c:30:0f:ac:03:ff:f1:
2e:42:7e:62:3a:a6:b8:4e:31:29:c3:81:36:41:c1:
99:5c:98:79:9a:7c:27:f5:f8:87:23:40:09:62:bb:
e2:fd:e2:c4:27:6a:b0:3c:c5:82:ca:6f:00:e0:75:
f8:f0:27:a8:fa:73:15:73:29:99:63:97:02:dd:bc:
2f:d1:de:b5:b4:80:f7:41:62:75:0c:db:fa:f6:17:
e8:77:95:06:1b:64:c9:ab:c3:be:60:ba:f4:cc:5f:
3f:ac:f3:d8:e4:b8:c5:3c:88:97:81:f8:ed:ad:92:
75:85:c1:cf:57:0d:90:36:76:1d:40:6f:b5:d1:97:
db:da:e0:3d:12:50:e0:76:3d:92:b7:7c:d6:f6:5b:
9b:7a:d3:c1:47:87:b7:ff:e2:f4:6f:dd:a3:e4:3f:
3f:6d:a1:74:8e:04:67:f1:76:77:fe:23:b5:6b:40:
d4:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:30:9A:12:9F:46:FF:CD:21:D1:A6:A0:0F:7D:75:00:C1:91:56:94
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/KjCaEp9G_80h0aagD311AMGRVpQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
95.82.32.0/21
109.111.32.0/20
109.111.56.0/22
176.221.16.0/20
185.65.62.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:77:32:59:f5:fb:82:00:1c:59:bf:d1:66:d1:5b:ab:c9:d3:
e2:23:ac:90:0b:1b:70:89:e7:ea:f1:08:0f:d6:26:0e:64:92:
43:19:2c:50:b9:0e:14:8d:72:84:0d:a8:3e:d9:88:de:26:73:
41:37:24:79:f9:fb:e8:21:ea:bf:44:9f:44:19:06:e9:99:3b:
f0:bc:7f:fa:04:2a:ee:74:2b:c0:51:5d:ff:54:30:37:6c:c8:
dc:3c:9a:c1:44:a8:a4:19:28:c5:f7:37:d2:5c:9b:bd:44:e6:
fa:4f:5d:62:bc:16:aa:56:ab:0e:42:b0:1c:39:67:49:a2:1f:
70:9f:94:d4:c2:4e:32:20:63:52:ae:e5:2f:91:1e:28:2e:5c:
51:67:65:93:37:12:af:e3:8a:d7:c7:c0:5c:43:16:ce:43:a1:
dd:e0:cc:7f:bb:b3:38:53:11:be:d5:db:7f:12:69:62:86:94:
3c:ad:d9:9e:7a:a5:24:ed:af:ae:88:77:c3:d4:e5:07:dc:96:
f8:42:c8:e7:5a:b7:f1:ac:2e:2a:60:70:16:a3:94:06:91:aa:
49:dd:84:95:85:47:8b:5b:14:1d:da:c2:69:3b:7c:84:5a:56:
b0:70:95:82:b9:32:13:3a:9c:b4:6e:10:7d:14:bf:25:1e:f8:
f2:19:e6:f8
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYwQJrX2dVewJKvR24qDWRvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMxMTI3MDk0MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTMwOWExMjlmNDZmZmNkMjFkMWE2YTAwZjdkNzUwMGMxOTE1Njk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/o8qV8UDSedZBmst+nHkTtLJJlK
AhZMIQaoR5MTmeQPfVl8UNqBzv1Can7N+jBFFMKAVTSmy9hCS6kpLcPbgSIdSz4f
n/l3Ur930BRaPP1Hz4wwD6wD//EuQn5iOqa4TjEpw4E2QcGZXJh5mnwn9fiHI0AJ
Yrvi/eLEJ2qwPMWCym8A4HX48Ceo+nMVcymZY5cC3bwv0d61tID3QWJ1DNv69hfo
d5UGG2TJq8O+YLr0zF8/rPPY5LjFPIiXgfjtrZJ1hcHPVw2QNnYdQG+10Zfb2uA9
ElDgdj2St3zW9lubetPBR4e3/+L0b92j5D8/baF0jgRn8XZ3/iO1a0DUrQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCowmhKfRv/NIdGmoA99dQDBkVaUMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvS2pDYUVwOUdfODBoMGFhZ0QzMTFBTUdSVnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCJYD4AwQE
X1IAAwQDX1IgAwQEbW8gAwQCbW84AwQEsN0QAwQAuUE+MA0GCSqGSIb3DQEBCwUA
A4IBAQCsdzJZ9fuCABxZv9Fm0VurydPiI6yQCxtwiefq8QgP1iYOZJJDGSxQuQ4U
jXKEDag+2YjeJnNBNyR5+fvoIeq/RJ9EGQbpmTvwvH/6BCrudCvAUV3/VDA3bMjc
PJrBRKikGSjF9zfSXJu9ROb6T11ivBaqVqsOQrAcOWdJoh9wn5TUwk4yIGNSruUv
kR4oLlxRZ2WTNxKv44rXx8BcQxbOQ6Hd4Mx/u7M4UxG+1dt/EmlihpQ8rdmeeqUk
7a+uiHfD1OUH3Jb4QsjnWrfxrC4qYHAWo5QGkapJ3YSVhUeLWxQd2sJpO3yEWlaw
cJWCuTITOpy0bhB9FL8lHvjyGeb4
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:19:42 2025 by rpki-client