Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ZFYshQg4RMcCFCpcqbmAwHAgNjM.roa
File: ZFYshQg4RMcCFCpcqbmAwHAgNjM.roa (raw, json)
Hash identifier: SWcQmhmrhAwO+5eDxpaZpmZRpXCFu1YEHLvJp4WlyP4=
Subject key identifier: 64:56:2C:85:08:38:44:C7:02:14:2A:5C:A9:B9:80:C0:70:20:36:33
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01941FFA8BBED6CDBDF21BC8B18DF6568BE9
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ZFYshQg4RMcCFCpcqbmAwHAgNjM.roa
Signing time: Wed 01 Jan 2025 03:48:20 +0000
ROA not before: Wed 01 Jan 2025 03:48:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 134143
IP address blocks: 95.82.0.0/21 maxlen: 24
95.82.32.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:8b:be:d6:cd:bd:f2:1b:c8:b1:8d:f6:56:8b:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 1 03:48:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=64562c85083844c702142a5ca9b980c070203633
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:42:a2:8b:d2:b4:2a:65:a7:4c:1a:ae:87:bc:
02:3b:35:02:2c:95:a3:bf:32:94:43:47:fb:7e:c1:
77:29:db:cb:44:e9:95:ec:6a:13:23:34:c1:69:f9:
68:13:2a:d0:e2:56:e1:a4:1e:18:ae:f5:75:b9:8b:
48:b6:41:1f:df:b9:e4:10:01:08:aa:73:58:2d:27:
9a:e1:af:c6:b5:6a:1e:a5:ba:1f:bc:18:ab:b4:53:
e9:57:5c:3a:6b:4c:8a:7d:0d:c0:0d:97:a1:19:b3:
b7:84:b3:53:ae:ba:c7:d4:05:38:4d:10:3e:b7:98:
8b:1a:93:e8:08:96:c0:f5:55:d1:5c:87:34:fd:d8:
47:77:0a:8a:3e:a1:67:18:04:1c:6a:48:1f:fe:b0:
16:ac:82:bd:1f:f3:d9:78:e3:aa:f1:38:dc:02:fe:
e6:cc:bc:06:71:e7:f2:23:f3:8d:14:f6:fb:af:4b:
e8:f9:ea:14:16:3f:69:8f:0b:a4:05:3d:8f:02:3b:
94:e5:43:6c:77:26:06:3b:1a:f6:00:9f:0f:47:1a:
7b:d5:94:0a:89:62:bb:14:8c:37:07:18:e1:9f:b5:
48:66:bc:e0:5e:4f:9f:cb:73:5e:cc:76:c0:e3:31:
81:cb:7c:8b:2c:cb:ea:7c:f6:64:55:35:5b:2f:a7:
9d:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:56:2C:85:08:38:44:C7:02:14:2A:5C:A9:B9:80:C0:70:20:36:33
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/ZFYshQg4RMcCFCpcqbmAwHAgNjM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/21
95.82.32.0/21
Signature Algorithm: sha256WithRSAEncryption
3a:46:03:2d:3f:30:8b:08:12:aa:0c:96:16:c0:43:12:47:85:
e8:34:6f:ff:b3:96:35:5c:9a:4a:d7:d2:89:99:70:5d:7e:60:
58:47:35:9b:a7:1c:34:7b:d3:20:aa:47:74:bb:d8:b1:13:07:
d3:e8:6d:73:51:7d:9e:f0:bb:9d:1e:a7:d2:13:14:6f:a1:63:
a3:a1:ea:f9:43:ff:74:24:37:40:f8:e6:47:f1:4e:e4:db:8b:
18:fb:a3:b4:64:74:d8:81:df:fc:48:fa:bf:e1:7b:15:cf:91:
18:f0:e7:84:c0:64:31:5c:f6:f2:0b:92:d2:c4:0a:23:85:b2:
e9:ed:da:f4:94:81:09:d9:8a:6b:4e:b6:5c:82:1c:7a:cd:26:
6a:b1:f0:e2:76:39:ce:8e:c3:8c:72:b5:fb:a2:a5:a9:4f:3e:
6c:e6:72:35:50:53:3a:18:46:89:93:1f:7e:e2:07:05:6e:13:
42:0d:12:f4:e5:b8:83:c5:6c:bd:e0:a0:54:c3:50:f1:48:76:
7b:90:bf:bf:66:47:6d:af:a7:fd:26:d4:aa:47:50:1f:60:2e:
12:ec:69:fe:ec:b7:47:7a:f4:01:b3:84:5a:5c:8a:35:82:72:
29:50:4b:a4:d4:93:bd:02:fb:7e:e7:03:f8:ef:78:02:fe:4e:
c0:0e:5a:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+ou+1s298hvIsY32VovpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDU2MmM4NTA4Mzg0NGM3MDIxNDJhNWNhOWI5ODBjMDcwMjAzNjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEKii9K0KmWnTBquh7wCOzUCLJWj
vzKUQ0f7fsF3KdvLROmV7GoTIzTBafloEyrQ4lbhpB4YrvV1uYtItkEf37nkEAEI
qnNYLSea4a/GtWoepbofvBirtFPpV1w6a0yKfQ3ADZehGbO3hLNTrrrH1AU4TRA+
t5iLGpPoCJbA9VXRXIc0/dhHdwqKPqFnGAQcakgf/rAWrIK9H/PZeOOq8TjcAv7m
zLwGcefyI/ONFPb7r0vo+eoUFj9pjwukBT2PAjuU5UNsdyYGOxr2AJ8PRxp71ZQK
iWK7FIw3Bxjhn7VIZrzgXk+fy3NezHbA4zGBy3yLLMvqfPZkVTVbL6edlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGRWLIUIOETHAhQqXKm5gMBwIDYzMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvWkZZc2hRZzRSTWNDRkNwY3FibUF3SEFnTmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX1IAAwQD
X1IgMA0GCSqGSIb3DQEBCwUAA4IBAQA6RgMtPzCLCBKqDJYWwEMSR4XoNG//s5Y1
XJpK19KJmXBdfmBYRzWbpxw0e9Mgqkd0u9ixEwfT6G1zUX2e8LudHqfSExRvoWOj
oer5Q/90JDdA+OZH8U7k24sY+6O0ZHTYgd/8SPq/4XsVz5EY8OeEwGQxXPbyC5LS
xAojhbLp7dr0lIEJ2YprTrZcghx6zSZqsfDidjnOjsOMcrX7oqWpTz5s5nI1UFM6
GEaJkx9+4gcFbhNCDRL05biDxWy94KBUw1DxSHZ7kL+/Zkdtr6f9JtSqR1AfYC4S
7Gn+7LdHevQBs4RaXIo1gnIpUEuk1JO9Avt+5wP473gC/k7ADlpv
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:21:58 2025 by rpki-client