Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LnckTc8wt3uwjsrxf3Y_KNRw6wo.roa
File: LnckTc8wt3uwjsrxf3Y_KNRw6wo.roa (raw, json)
Hash identifier: GIWbdmA3HQ7BsekGy75yw4Tr7rVWDi4N65D2EbUYY8Y=
Subject key identifier: 2E:77:24:4D:CF:30:B7:7B:B0:8E:CA:F1:7F:76:3F:28:D4:70:EB:0A
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01881F7B8789CA4FF38EB19BE7D4433DAEDC
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LnckTc8wt3uwjsrxf3Y_KNRw6wo.roa
Signing time: Mon 15 May 2023 12:56:09 +0000
ROA not before: Mon 15 May 2023 12:56:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.32.0/21 maxlen: 24
37.128.252.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1f:7b:87:89:ca:4f:f3:8e:b1:9b:e7:d4:43:3d:ae:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: May 15 12:56:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2e77244dcf30b77bb08ecaf17f763f28d470eb0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:92:25:33:65:89:fe:67:2b:55:05:57:af:f8:
bc:d2:52:b2:12:35:41:fc:76:68:c0:83:dc:49:25:
9a:7d:ec:ff:b7:77:d7:0b:35:23:0e:dd:3c:a3:ac:
02:a9:af:10:72:cd:4f:48:b8:86:17:68:4d:f1:74:
37:46:a9:a6:7d:89:5a:04:ba:40:b8:2e:4e:dc:da:
b0:89:52:86:3c:f4:e2:ab:fe:f9:8e:cd:e2:a1:c4:
e3:00:59:56:4f:b2:0f:e6:c0:7a:d0:18:8e:e3:47:
2b:d7:4b:67:a9:cb:1e:64:fc:04:43:70:92:c1:a0:
b2:50:d4:5c:af:b4:b9:41:f7:bd:65:18:b5:e5:50:
26:ba:91:bc:1f:5a:dd:25:e4:44:0f:f0:66:2a:7c:
64:bb:ad:fc:46:32:41:30:26:ce:dd:87:45:ed:b2:
e4:db:a5:e8:85:05:16:6b:c0:fc:3b:db:79:35:ba:
19:2b:e6:e8:78:47:20:16:1f:ba:00:0a:e9:35:42:
40:e1:28:5a:46:a9:0d:32:91:c4:24:41:6f:a9:9f:
fc:26:fb:86:6f:16:c7:ad:bd:21:2d:70:be:65:0f:
ea:35:67:dc:56:d6:54:98:d1:94:14:4e:8f:63:4e:
af:37:58:79:60:f7:16:c3:80:33:a8:11:c3:7b:ed:
89:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:77:24:4D:CF:30:B7:7B:B0:8E:CA:F1:7F:76:3F:28:D4:70:EB:0A
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/LnckTc8wt3uwjsrxf3Y_KNRw6wo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/21
95.82.32.0/21
Signature Algorithm: sha256WithRSAEncryption
17:db:8b:ea:06:cb:13:4a:5a:46:0a:f7:f6:9c:01:61:ac:b3:
fb:9a:73:5d:08:4e:05:65:a5:be:36:60:1a:93:ad:69:ae:56:
7f:ce:34:f6:da:0c:cd:bb:b6:67:ee:8c:24:ab:06:17:2a:0e:
ce:09:f4:68:73:30:20:52:8f:f0:f7:91:b8:43:52:33:da:9e:
86:11:b5:05:e2:90:3f:96:6d:66:85:dd:53:4f:51:a1:38:61:
3b:a4:f9:d9:84:b7:49:7d:94:f6:da:c1:7a:87:cc:d2:36:e6:
14:87:be:f3:91:25:63:0f:51:c9:c8:a9:47:d8:8d:d1:61:f2:
f6:46:b8:08:5b:64:ef:97:69:cf:a6:74:60:ec:39:3e:63:81:
9d:ca:2a:ce:82:60:b0:41:22:e0:36:32:d8:15:55:82:46:a4:
e1:27:f7:35:4e:60:98:32:fc:00:13:b4:b9:51:7d:c4:fc:a6:
b0:01:90:1b:40:b0:ad:42:0a:74:a3:00:e2:5e:36:ba:f4:2c:
e9:41:a6:5e:d8:6a:29:c6:e0:39:f7:27:c6:41:1b:3d:43:fe:
e8:6b:3c:89:53:39:6c:df:18:3e:5f:f5:77:1b:c5:b8:3d:1a:
00:cb:b0:76:d7:83:b1:b8:d5:e4:78:50:56:84:b8:9b:9b:c7:
22:4d:54:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYgfe4eJyk/zjrGb59RDPa7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwNTE1MTI1NjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTc3MjQ0ZGNmMzBiNzdiYjA4ZWNhZjE3Zjc2M2YyOGQ0NzBlYjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJIlM2WJ/mcrVQVXr/i80lKyEjVB
/HZowIPcSSWafez/t3fXCzUjDt08o6wCqa8Qcs1PSLiGF2hN8XQ3RqmmfYlaBLpA
uC5O3NqwiVKGPPTiq/75js3iocTjAFlWT7IP5sB60BiO40cr10tnqcseZPwEQ3CS
waCyUNRcr7S5Qfe9ZRi15VAmupG8H1rdJeRED/BmKnxku638RjJBMCbO3YdF7bLk
26XohQUWa8D8O9t5NboZK+boeEcgFh+6AArpNUJA4ShaRqkNMpHEJEFvqZ/8JvuG
bxbHrb0hLXC+ZQ/qNWfcVtZUmNGUFE6PY06vN1h5YPcWw4AzqBHDe+2JowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC53JE3PMLd7sI7K8X92PyjUcOsKMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvTG5ja1RjOHd0M3V3anNyeGYzWV9LTlJ3NndvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJYD4AwQD
X1IgMA0GCSqGSIb3DQEBCwUAA4IBAQAX24vqBssTSlpGCvf2nAFhrLP7mnNdCE4F
ZaW+NmAak61prlZ/zjT22gzNu7Zn7owkqwYXKg7OCfRoczAgUo/w95G4Q1Iz2p6G
EbUF4pA/lm1mhd1TT1GhOGE7pPnZhLdJfZT22sF6h8zSNuYUh77zkSVjD1HJyKlH
2I3RYfL2RrgIW2Tvl2nPpnRg7Dk+Y4GdyirOgmCwQSLgNjLYFVWCRqThJ/c1TmCY
MvwAE7S5UX3E/KawAZAbQLCtQgp0owDiXja69CzpQaZe2GopxuA59yfGQRs9Q/7o
azyJUzls3xg+X/V3G8W4PRoAy7B214OxuNXkeFBWhLibm8ciTVSG
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:18:01 2025 by rpki-client