Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/OlUKqeAVffCDq4a9d1GJTbXN5BE.roa
File: OlUKqeAVffCDq4a9d1GJTbXN5BE.roa (raw, json)
Hash identifier: HqWqioN2xfAsU8AIZOCWfdjc+2O11hk/JEkKb5Zzv/c=
Subject key identifier: 3A:55:0A:A9:E0:15:7D:F0:83:AB:86:BD:77:51:89:4D:B5:CD:E4:11
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0189D4F5FCD811F18963F05409637551E6A9
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/OlUKqeAVffCDq4a9d1GJTbXN5BE.roa
Signing time: Tue 08 Aug 2023 11:43:58 +0000
ROA not before: Tue 08 Aug 2023 11:43:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
176.221.24.0/21 maxlen: 24
95.82.32.0/21 maxlen: 24
37.128.252.0/22 maxlen: 24
37.128.252.0/23 maxlen: 23
37.128.248.0/23 maxlen: 24
37.128.248.0/22 maxlen: 24
37.128.254.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d4:f5:fc:d8:11:f1:89:63:f0:54:09:63:75:51:e6:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Aug 8 11:43:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3a550aa9e0157df083ab86bd7751894db5cde411
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:9a:fb:20:2f:c4:13:b9:21:22:0a:0f:17:81:
35:a8:f7:96:35:55:d0:c9:fe:9d:05:17:2f:55:e9:
64:e9:6d:49:91:5b:c8:de:30:6b:bf:b2:4d:9c:9a:
40:79:b1:db:54:da:c7:27:00:ef:ca:64:3f:32:b4:
83:a6:89:21:66:fc:1b:6e:46:38:40:03:27:a4:cb:
13:9e:86:2f:67:4d:52:ed:ef:2b:28:97:ed:90:ba:
f4:fe:0d:69:3c:6c:4f:d9:68:72:2d:fc:3d:52:65:
47:59:1a:21:50:54:cd:19:34:0e:1a:4e:1a:48:9a:
3c:3f:a8:d5:bf:a4:1c:b5:1c:d7:8a:49:df:89:5f:
6a:6f:02:4d:4b:d5:c4:b4:19:cc:12:b6:cd:b4:6a:
14:4f:c1:60:39:1e:74:aa:58:3f:7c:07:24:f8:fb:
6e:30:f6:77:1f:c8:16:e5:e2:d2:f7:ad:1a:d2:9b:
35:1d:b1:96:67:d2:dd:a9:51:f6:63:f4:05:cc:05:
82:f7:a9:13:07:56:dc:a2:47:76:cc:67:4a:42:a4:
5a:f7:e1:fa:09:7a:e2:e3:04:b7:ee:17:d1:8c:4e:
91:ef:ff:3c:87:55:d4:6b:a1:36:93:59:7f:78:6c:
ec:6b:4b:50:91:d2:73:87:38:24:29:f0:29:0a:51:
b0:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:55:0A:A9:E0:15:7D:F0:83:AB:86:BD:77:51:89:4D:B5:CD:E4:11
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/OlUKqeAVffCDq4a9d1GJTbXN5BE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/21
95.82.0.0/21
95.82.32.0/21
176.221.24.0/21
Signature Algorithm: sha256WithRSAEncryption
65:4b:1b:56:c7:15:a7:d2:91:b3:c5:60:18:cc:82:9f:28:63:
b5:2c:34:74:0d:93:61:b8:51:64:7f:cc:ea:d6:6a:e9:8c:78:
65:35:dc:94:55:ae:ad:8f:70:79:47:8b:f5:8a:d5:5b:74:d8:
7d:b7:3d:1c:db:1c:7a:2b:93:c7:d4:98:0f:27:1e:22:a3:cf:
21:81:6b:6e:8a:fd:5d:59:7d:03:4c:4d:12:33:d0:d6:a4:e1:
5a:59:3b:2f:e2:b4:a2:43:8c:05:98:59:95:09:63:f9:c7:4f:
41:9c:fe:c7:c5:d1:f9:ec:44:f4:97:d9:a9:81:2d:44:86:3b:
57:0c:6b:eb:ae:9c:de:d1:84:ee:76:00:9d:13:fe:c7:20:89:
d3:d6:80:fa:8c:5b:ad:db:65:42:8d:c6:e9:1d:59:bb:68:5f:
c4:09:b4:c8:e9:f1:c3:55:69:ff:c9:9c:6e:55:0f:8e:ed:23:
eb:44:30:9a:62:d2:5e:61:6a:9b:96:0d:b4:61:c9:c5:bd:13:
77:34:0e:d7:02:26:ad:9b:07:02:56:a0:e9:25:02:43:5f:ca:
85:70:1e:1e:49:91:de:7e:a8:5e:74:fd:b7:fe:b6:55:53:6e:
a9:0b:95:e4:18:e8:bd:f2:6f:91:92:ad:b3:4c:45:3a:6c:56:
e3:7f:5b:fa
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYnU9fzYEfGJY/BUCWN1UeapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwODA4MTE0MzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTU1MGFhOWUwMTU3ZGYwODNhYjg2YmQ3NzUxODk0ZGI1Y2RlNDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJr7IC/EE7khIgoPF4E1qPeWNVXQ
yf6dBRcvVelk6W1JkVvI3jBrv7JNnJpAebHbVNrHJwDvymQ/MrSDpokhZvwbbkY4
QAMnpMsTnoYvZ01S7e8rKJftkLr0/g1pPGxP2WhyLfw9UmVHWRohUFTNGTQOGk4a
SJo8P6jVv6QctRzXiknfiV9qbwJNS9XEtBnMErbNtGoUT8FgOR50qlg/fAck+Ptu
MPZ3H8gW5eLS960a0ps1HbGWZ9LdqVH2Y/QFzAWC96kTB1bcokd2zGdKQqRa9+H6
CXri4wS37hfRjE6R7/88h1XUa6E2k1l/eGzsa0tQkdJzhzgkKfApClGwfwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDpVCqngFX3wg6uGvXdRiU21zeQRMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvT2xVS3FlQVZmZkNEcTRhOWQxR0pUYlhONUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDJYD4AwQD
X1IAAwQDX1IgAwQDsN0YMA0GCSqGSIb3DQEBCwUAA4IBAQBlSxtWxxWn0pGzxWAY
zIKfKGO1LDR0DZNhuFFkf8zq1mrpjHhlNdyUVa6tj3B5R4v1itVbdNh9tz0c2xx6
K5PH1JgPJx4io88hgWtuiv1dWX0DTE0SM9DWpOFaWTsv4rSiQ4wFmFmVCWP5x09B
nP7HxdH57ET0l9mpgS1EhjtXDGvrrpze0YTudgCdE/7HIInT1oD6jFut22VCjcbp
HVm7aF/ECbTI6fHDVWn/yZxuVQ+O7SPrRDCaYtJeYWqblg20YcnFvRN3NA7XAiat
mwcCVqDpJQJDX8qFcB4eSZHefqhedP23/rZVU26pC5XkGOi98m+Rkq2zTEU6bFbj
f1v6
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:13:14 2025 by rpki-client