Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LH4xbpmEr-rknEDVfcOEVw3A0k8.roa
File: LH4xbpmEr-rknEDVfcOEVw3A0k8.roa (raw, json)
Hash identifier: NJ+OSlSiJQDJLlpF6pf776wqnyBun9RT0aCrT3Mlhcc=
Subject key identifier: 2C:7E:31:6E:99:84:AF:EA:E4:9C:40:D5:7D:C3:84:57:0D:C0:D2:4F
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018BD723EB7D05340B2C65BC87F3C30A4303
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LH4xbpmEr-rknEDVfcOEVw3A0k8.roa
Signing time: Thu 16 Nov 2023 07:58:57 +0000
ROA not before: Thu 16 Nov 2023 07:58:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
95.82.8.0/21 maxlen: 24
185.65.63.0/24 maxlen: 24
185.65.62.0/24 maxlen: 24
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
95.82.32.0/21 maxlen: 24
176.221.24.0/21 maxlen: 21
176.221.30.0/23 maxlen: 24
176.221.28.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d7:23:eb:7d:05:34:0b:2c:65:bc:87:f3:c3:0a:43:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Nov 16 07:58:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2c7e316e9984afeae49c40d57dc384570dc0d24f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:95:e1:16:19:6e:67:bd:32:cd:c5:8b:d7:cb:
30:98:eb:0d:0b:d9:e7:0c:34:5e:04:28:ba:3c:7b:
ad:78:21:ef:65:83:9a:8a:32:13:bb:58:9d:36:43:
f3:05:17:8d:2c:80:54:5f:49:d9:87:8b:a4:13:0e:
eb:09:fb:65:5e:33:54:81:4c:4c:c7:92:a5:9b:48:
65:5b:52:01:07:b7:81:b7:f2:07:8b:0e:eb:d0:a7:
86:8e:9d:a4:d9:74:69:e1:76:c2:db:8b:0d:7c:07:
ad:2b:22:c9:68:89:50:1f:e7:0c:7d:bb:57:15:db:
30:63:7a:9d:66:b8:5d:eb:81:3b:ac:31:fc:80:16:
c6:4f:ce:b0:06:33:d3:1b:f0:ce:1e:eb:d4:56:c7:
cf:f9:67:e9:8a:ae:ea:77:28:e6:51:4b:37:31:16:
ad:04:7d:d8:40:9e:f6:41:36:ba:98:50:b5:54:91:
c7:95:f6:db:78:65:96:9b:5f:26:43:d6:3c:62:a4:
6c:16:85:74:cb:f0:94:37:82:e5:f3:bb:11:ee:cc:
0e:4a:ec:80:fb:ea:33:2d:4e:fb:a2:37:da:ef:66:
a8:00:dc:75:a6:08:bf:31:f9:af:5a:63:57:fb:86:
c4:ea:ad:e8:3d:20:da:3a:08:2d:d4:b8:43:77:2f:
78:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:7E:31:6E:99:84:AF:EA:E4:9C:40:D5:7D:C3:84:57:0D:C0:D2:4F
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LH4xbpmEr-rknEDVfcOEVw3A0k8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
95.82.32.0/21
109.111.32.0/20
176.221.16.0/20
185.65.62.0/23
Signature Algorithm: sha256WithRSAEncryption
5d:04:3b:b7:60:07:5a:5e:e7:e9:b1:cd:00:e6:d7:90:d0:b5:
7b:c6:f8:a4:49:c5:f7:40:6d:27:3b:3c:de:5e:e5:8b:67:49:
fe:35:d2:76:5c:42:42:49:0d:5e:d6:45:7d:24:7c:df:89:c1:
82:d8:38:6c:77:25:99:23:79:ff:4a:0c:db:e7:3c:a3:e4:06:
13:1d:55:4d:9f:e6:e5:26:75:a4:fe:0c:9f:95:c8:19:5c:39:
3a:b3:67:82:62:af:3e:f1:51:c8:7c:5f:b3:98:85:08:fe:88:
f6:3e:dd:32:cb:ae:4e:4c:8c:3d:32:dc:74:d7:e3:7e:76:1e:
7d:26:b3:46:d1:d5:9a:3f:2e:a8:29:7d:cd:bd:91:77:0c:03:
2c:54:c0:88:ba:2e:57:be:b5:34:67:b1:4b:2f:c7:93:d3:12:
cd:92:c6:de:3d:f6:e7:fd:e3:27:31:a8:8e:30:fa:e0:76:d3:
8b:5a:dc:fa:32:27:d3:b9:fc:db:a9:92:64:ff:e5:67:82:ab:
24:ca:90:64:85:c1:85:e7:b6:a4:34:7f:ef:c7:30:20:39:07:
fe:ea:fb:b0:81:65:2e:52:b1:cf:b2:10:9a:72:2c:7c:5e:0b:
ba:c6:37:ee:d6:64:52:7f:fd:df:99:84:b7:47:22:4d:42:41:
47:57:b4:c8
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYvXI+t9BTQLLGW8h/PDCkMDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMxMTE2MDc1ODU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzdlMzE2ZTk5ODRhZmVhZTQ5YzQwZDU3ZGMzODQ1NzBkYzBkMjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipXhFhluZ70yzcWL18swmOsNC9nn
DDReBCi6PHuteCHvZYOaijITu1idNkPzBReNLIBUX0nZh4ukEw7rCftlXjNUgUxM
x5Klm0hlW1IBB7eBt/IHiw7r0KeGjp2k2XRp4XbC24sNfAetKyLJaIlQH+cMfbtX
FdswY3qdZrhd64E7rDH8gBbGT86wBjPTG/DOHuvUVsfP+Wfpiq7qdyjmUUs3MRat
BH3YQJ72QTa6mFC1VJHHlfbbeGWWm18mQ9Y8YqRsFoV0y/CUN4Ll87sR7swOSuyA
++ozLU77ojfa72aoANx1pgi/MfmvWmNX+4bE6q3oPSDaOggt1LhDdy94zwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFCx+MW6ZhK/q5JxA1X3DhFcNwNJPMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvTEg0eGJwbUVyLXJrbkVEVmZjT0VWdzNBMGs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJYD4AwQE
X1IAAwQDX1IgAwQEbW8gAwQEsN0QAwQBuUE+MA0GCSqGSIb3DQEBCwUAA4IBAQBd
BDu3YAdaXufpsc0A5teQ0LV7xvikScX3QG0nOzzeXuWLZ0n+NdJ2XEJCSQ1e1kV9
JHzficGC2DhsdyWZI3n/Sgzb5zyj5AYTHVVNn+blJnWk/gyflcgZXDk6s2eCYq8+
8VHIfF+zmIUI/oj2Pt0yy65OTIw9Mtx01+N+dh59JrNG0dWaPy6oKX3NvZF3DAMs
VMCIui5XvrU0Z7FLL8eT0xLNksbePfbn/eMnMaiOMPrgdtOLWtz6MifTufzbqZJk
/+VngqskypBkhcGF57akNH/vxzAgOQf+6vuwgWUuUrHPshCacix8Xgu6xjfu1mRS
f/3fmYS3RyJNQkFHV7TI
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:23:12 2025 by rpki-client