Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ODBFauqi6tm9OBYumPslS9Bx0_s.roa
File: ODBFauqi6tm9OBYumPslS9Bx0_s.roa (raw, json)
Hash identifier: p2RDjRAqPsSb3M9HngXTBafm3d5rUInVuxVzFww4Gvw=
Subject key identifier: 38:30:45:6A:EA:A2:EA:D9:BD:38:16:2E:98:FB:25:4B:D0:71:D3:FB
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0185D306827F0F1D21DC8A1E6307E07A3BAA
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ODBFauqi6tm9OBYumPslS9Bx0_s.roa
Signing time: Sat 21 Jan 2023 06:31:37 +0000
ROA not before: Sat 21 Jan 2023 06:31:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39521
IP address blocks: 95.82.8.0/21 maxlen: 24
95.82.56.0/21 maxlen: 24
37.128.252.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:d3:06:82:7f:0f:1d:21:dc:8a:1e:63:07:e0:7a:3b:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 21 06:31:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3830456aeaa2ead9bd38162e98fb254bd071d3fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:67:0f:76:08:88:36:44:e6:1f:b3:5b:0c:13:
2c:fe:5f:69:58:c1:a1:26:b1:0a:14:dc:e3:ef:b6:
0c:6c:38:1e:3e:a6:b4:25:56:f2:4b:b5:ce:0d:bc:
d0:e9:5f:96:cd:c0:7f:91:37:c3:88:34:a5:91:a8:
ca:51:96:74:74:f1:ec:ad:a7:bc:51:25:5b:3f:57:
65:b0:c3:fa:48:f5:13:88:a1:79:5a:eb:a5:86:21:
32:b3:17:39:67:bb:26:57:31:ba:63:d8:ca:c4:65:
a5:90:b4:1b:d3:1b:f4:52:61:7a:a8:20:f1:a0:bb:
93:6d:5d:ea:93:bf:57:fc:9c:a3:59:b4:0c:14:c9:
ae:86:d1:91:02:f5:6c:34:94:9b:4d:29:62:a1:37:
fd:c3:9b:ab:d4:31:f3:08:53:86:67:9d:86:83:03:
c1:f6:65:13:be:4f:16:ee:87:7b:73:4e:22:c8:e7:
26:15:93:a1:cc:86:d8:1a:a1:09:fb:58:c4:8b:3f:
fb:7a:4f:f8:ee:54:8b:e4:55:ff:4c:7c:a6:42:e7:
29:9a:1e:0b:4d:2a:dc:83:c3:eb:71:a9:b2:18:ba:
5a:be:56:5e:8a:15:ea:33:fd:45:76:3a:05:51:66:
03:b7:ac:01:22:7c:0a:05:da:da:92:ce:c0:bb:82:
fb:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:30:45:6A:EA:A2:EA:D9:BD:38:16:2E:98:FB:25:4B:D0:71:D3:FB
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ODBFauqi6tm9OBYumPslS9Bx0_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/21
95.82.8.0/21
95.82.56.0/21
Signature Algorithm: sha256WithRSAEncryption
44:82:54:fc:ff:1d:c2:e6:3a:5e:f1:74:5e:cd:b3:cc:11:c0:
09:6c:aa:b6:25:66:11:0d:03:c1:1b:9d:c4:57:1d:6f:83:58:
a2:00:df:1f:bd:00:76:40:b8:32:63:f0:82:d0:8d:b3:c8:a9:
7a:9b:40:f3:40:af:13:53:bf:0b:2d:f9:06:b5:13:28:c4:c9:
20:c3:1a:20:b4:05:39:7c:e3:29:03:0e:ed:91:4d:17:9c:e9:
c0:c5:95:14:55:00:7a:ba:fa:1f:1b:15:93:f2:9d:91:90:1b:
d2:d1:d9:ff:89:fd:9c:46:4e:fc:71:1c:d0:15:09:22:59:4b:
c7:fb:e2:06:47:1d:57:e1:25:24:9e:2e:7f:d6:ce:24:48:5d:
78:91:02:20:36:4c:33:7b:1d:41:9a:7f:26:2d:2c:93:25:c4:
e7:19:f9:4d:2c:fa:6e:b7:d7:0d:dd:5b:6b:27:41:76:9a:fd:
55:9f:e1:26:45:41:a1:40:23:e4:4a:d8:6a:75:71:79:9d:7f:
34:06:33:77:b2:1a:93:ce:6a:69:03:ef:fb:73:59:90:57:15:
cb:3a:1c:ae:3b:71:0c:15:8f:2c:38:8c:1e:3b:3c:f4:0c:c9:
51:eb:c4:bc:7b:5f:f9:c4:d4:9a:ef:04:17:c4:53:e4:b1:71:
cd:c6:e4:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYXTBoJ/Dx0h3IoeYwfgejuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwMTIxMDYzMTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODMwNDU2YWVhYTJlYWQ5YmQzODE2MmU5OGZiMjU0YmQwNzFkM2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmcPdgiINkTmH7NbDBMs/l9pWMGh
JrEKFNzj77YMbDgePqa0JVbyS7XODbzQ6V+WzcB/kTfDiDSlkajKUZZ0dPHsrae8
USVbP1dlsMP6SPUTiKF5WuulhiEysxc5Z7smVzG6Y9jKxGWlkLQb0xv0UmF6qCDx
oLuTbV3qk79X/JyjWbQMFMmuhtGRAvVsNJSbTSlioTf9w5ur1DHzCFOGZ52GgwPB
9mUTvk8W7od7c04iyOcmFZOhzIbYGqEJ+1jEiz/7ek/47lSL5FX/THymQucpmh4L
TSrcg8PrcamyGLpavlZeihXqM/1FdjoFUWYDt6wBInwKBdraks7Au4L7xQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDgwRWrqourZvTgWLpj7JUvQcdP7MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvT0RCRmF1cWk2dG05T0JZdW1Qc2xTOUJ4MF9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJYD4AwQD
X1IIAwQDX1I4MA0GCSqGSIb3DQEBCwUAA4IBAQBEglT8/x3C5jpe8XRezbPMEcAJ
bKq2JWYRDQPBG53EVx1vg1iiAN8fvQB2QLgyY/CC0I2zyKl6m0DzQK8TU78LLfkG
tRMoxMkgwxogtAU5fOMpAw7tkU0XnOnAxZUUVQB6uvofGxWT8p2RkBvS0dn/if2c
Rk78cRzQFQkiWUvH++IGRx1X4SUkni5/1s4kSF14kQIgNkwzex1Bmn8mLSyTJcTn
GflNLPput9cN3VtrJ0F2mv1Vn+EmRUGhQCPkSthqdXF5nX80BjN3shqTzmppA+/7
c1mQVxXLOhyuO3EMFY8sOIweOzz0DMlR68S8e1/5xNSa7wQXxFPksXHNxuQZ
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:29:13 2025 by rpki-client