Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/RgDZXptfxNthqT4CJ01q0meaXf0.roa
File: RgDZXptfxNthqT4CJ01q0meaXf0.roa (raw, json)
Hash identifier: Ys8gfGtsI24czzh/BxoEEnIIOluObdVIFRz5O5rdHCU=
Subject key identifier: 46:00:D9:5E:9B:5F:C4:DB:61:A9:3E:02:27:4D:6A:D2:67:9A:5D:FD
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018CF38F8E1AF518B85920667F56D22D5E68
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/RgDZXptfxNthqT4CJ01q0meaXf0.roa
Signing time: Wed 10 Jan 2024 13:28:40 +0000
ROA not before: Wed 10 Jan 2024 13:28:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.8.0/21 maxlen: 24
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f3:8f:8e:1a:f5:18:b8:59:20:66:7f:56:d2:2d:5e:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 10 13:28:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4600d95e9b5fc4db61a93e02274d6ad2679a5dfd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:6a:31:1f:be:ea:d4:fe:01:00:ab:60:40:fb:
92:48:cf:cf:e8:46:64:9c:b6:ab:7b:83:96:12:38:
49:9d:dd:e4:1c:dc:c0:25:5f:03:1e:de:a3:3c:cd:
18:6d:75:0d:b0:65:f3:b3:15:ba:a7:32:bb:b5:f4:
5d:a1:85:55:3e:b8:8e:f4:0d:95:9e:6b:23:ee:02:
15:da:20:fe:8f:98:8a:b5:3a:a8:8b:9c:4d:58:31:
82:b3:13:f8:4d:58:be:b2:ae:af:b0:24:38:17:7a:
cd:4b:31:cb:e2:13:13:a0:43:04:28:5e:53:3c:a7:
39:13:c0:9c:42:ba:31:27:8d:8c:6a:52:7b:91:69:
11:61:5a:48:35:a1:d6:97:a2:40:ec:b0:8c:65:0b:
a8:0f:7f:ed:0c:50:fd:08:a9:8a:07:3b:80:f3:b8:
9e:f8:a4:a6:d6:3b:5c:34:0c:7f:bd:c9:48:0b:ee:
04:c2:79:e2:24:90:1b:4e:54:4c:8d:df:2c:6b:8e:
b5:fa:c5:dd:81:ee:48:47:78:a9:22:ef:d8:88:a6:
13:d3:c3:2b:a2:68:c5:f2:3b:e6:e9:80:a6:56:a3:
f2:9b:2f:16:8b:e2:4b:fe:8e:e6:8e:d4:01:17:09:
98:51:4c:db:ad:68:8a:d2:56:e0:b4:08:44:94:6b:
91:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:00:D9:5E:9B:5F:C4:DB:61:A9:3E:02:27:4D:6A:D2:67:9A:5D:FD
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/RgDZXptfxNthqT4CJ01q0meaXf0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.8.0/21
109.111.32.0/20
176.221.16.0/21
Signature Algorithm: sha256WithRSAEncryption
04:2f:ee:5f:40:2a:71:9b:53:40:5f:be:6f:d1:f2:b0:0b:e5:
39:93:49:3b:82:bc:64:c5:46:96:34:99:e8:55:fa:dc:34:1c:
8f:ed:56:e1:43:40:2a:7f:3b:c0:91:fd:60:b1:ee:25:65:89:
62:c6:60:71:02:3f:05:9e:09:da:0c:d3:98:d3:f3:a0:18:91:
21:30:de:fb:c7:ea:77:fe:0f:a3:47:e2:31:f5:9f:df:34:5f:
41:b6:9b:c8:83:51:c8:09:e4:e6:04:63:a3:26:06:eb:e2:e7:
cd:8a:32:b0:4d:93:1c:0f:18:bb:7a:95:fd:f9:23:04:2f:01:
c8:00:88:b8:a6:5f:a1:49:9c:63:81:45:93:88:ef:b3:44:60:
c9:1f:d6:56:c2:ae:8a:1f:02:a0:f4:51:59:1c:78:6e:ec:47:
1d:52:19:ee:a9:c2:20:34:b9:e3:99:80:88:ba:e6:89:d9:8f:
75:39:69:81:38:62:52:58:4a:f7:e2:ba:4e:a1:23:ee:76:02:
20:d2:b1:2f:6a:8d:a0:39:89:72:8d:f5:2e:6c:4b:ef:98:f1:
46:2a:12:fa:8b:fd:5a:00:d0:36:4d:39:a1:71:93:81:8e:1f:
45:52:47:86:e0:32:3b:d7:fc:28:87:a9:9e:8c:61:c5:2b:81:
de:b5:16:8b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzzj44a9Ri4WSBmf1bSLV5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTEwMTMyODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjAwZDk1ZTliNWZjNGRiNjFhOTNlMDIyNzRkNmFkMjY3OWE1ZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2oxH77q1P4BAKtgQPuSSM/P6EZk
nLare4OWEjhJnd3kHNzAJV8DHt6jPM0YbXUNsGXzsxW6pzK7tfRdoYVVPriO9A2V
nmsj7gIV2iD+j5iKtTqoi5xNWDGCsxP4TVi+sq6vsCQ4F3rNSzHL4hMToEMEKF5T
PKc5E8CcQroxJ42MalJ7kWkRYVpINaHWl6JA7LCMZQuoD3/tDFD9CKmKBzuA87ie
+KSm1jtcNAx/vclIC+4EwnniJJAbTlRMjd8sa461+sXdge5IR3ipIu/YiKYT08Mr
omjF8jvm6YCmVqPymy8Wi+JL/o7mjtQBFwmYUUzbrWiK0lbgtAhElGuRhwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEYA2V6bX8TbYak+AidNatJnml39MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvUmdEWlhwdGZ4TnRocVQ0Q0owMXEwbWVhWGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCJYD4AwQD
X1IIAwQEbW8gAwQDsN0QMA0GCSqGSIb3DQEBCwUAA4IBAQAEL+5fQCpxm1NAX75v
0fKwC+U5k0k7grxkxUaWNJnoVfrcNByP7VbhQ0AqfzvAkf1gse4lZYlixmBxAj8F
ngnaDNOY0/OgGJEhMN77x+p3/g+jR+Ix9Z/fNF9BtpvIg1HICeTmBGOjJgbr4ufN
ijKwTZMcDxi7epX9+SMELwHIAIi4pl+hSZxjgUWTiO+zRGDJH9ZWwq6KHwKg9FFZ
HHhu7EcdUhnuqcIgNLnjmYCIuuaJ2Y91OWmBOGJSWEr34rpOoSPudgIg0rEvao2g
OYlyjfUubEvvmPFGKhL6i/1aANA2TTmhcZOBjh9FUkeG4DI71/woh6mejGHFK4He
tRaL
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:23:08 2025 by rpki-client