Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/_R17IkHAQNC4z1cNTaMu5V5QcBw.roa
File: _R17IkHAQNC4z1cNTaMu5V5QcBw.roa (raw, json)
Hash identifier: YQd64A/Zc76bY4Ahn1QVOC72V95IySzL41Ynu656Qfc=
Subject key identifier: FD:1D:7B:22:41:C0:40:D0:B8:CF:57:0D:4D:A3:2E:E5:5E:50:70:1C
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01908048E37AD8F6B372014746A19023A1D7
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/_R17IkHAQNC4z1cNTaMu5V5QcBw.roa
Signing time: Fri 05 Jul 2024 00:26:18 +0000
ROA not before: Fri 05 Jul 2024 00:26:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.40.0/22 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
176.221.26.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:80:48:e3:7a:d8:f6:b3:72:01:47:46:a1:90:23:a1:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jul 5 00:26:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fd1d7b2241c040d0b8cf570d4da32ee55e50701c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:c5:d1:a4:07:76:23:7d:a9:d9:93:83:f3:79:
0c:73:f9:9f:42:34:5a:29:b1:f6:9a:2a:ba:77:80:
63:57:9b:eb:8e:e3:dc:16:b7:0d:2b:ec:59:3b:9d:
13:40:a4:f6:e9:bf:79:87:d0:34:4f:21:14:95:6e:
3f:67:a5:65:c8:c7:95:c3:09:82:02:50:84:56:b9:
19:72:f0:4a:d3:03:bb:9e:34:d1:54:a8:a5:f1:c7:
12:d7:35:9f:aa:6a:88:fc:52:2b:58:fe:23:a6:3b:
e4:1b:35:2a:ec:77:a4:ac:e5:34:ca:32:93:22:21:
5b:c6:00:84:e8:ea:b6:9b:f5:77:fa:76:bf:13:50:
f8:a1:b9:92:93:db:d7:79:aa:0e:25:a0:8b:fe:2e:
9e:78:68:40:ef:39:2a:b6:c4:88:72:f4:ea:85:8b:
67:a6:22:35:9f:63:71:45:14:16:b2:fa:ce:9c:d7:
8d:68:91:95:d8:7e:7c:26:2a:54:85:8d:58:de:dd:
db:49:2a:13:99:a2:8f:02:29:59:9a:c3:89:f6:72:
4d:55:fd:26:75:aa:67:d1:9e:bb:b3:2e:d7:70:69:
74:1b:a3:44:02:d0:2b:ba:d3:2b:1b:41:9d:71:41:
04:30:78:09:16:89:42:8f:2e:11:78:03:47:a5:56:
9a:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:1D:7B:22:41:C0:40:D0:B8:CF:57:0D:4D:A3:2E:E5:5E:50:70:1C
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/_R17IkHAQNC4z1cNTaMu5V5QcBw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
109.111.32.0/20
176.221.16.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
92:72:3b:9c:73:7b:b2:a8:48:9b:4c:5b:f0:e3:35:af:ce:51:
b7:4f:d0:27:97:e5:36:11:1c:2f:16:e8:83:5e:3a:4a:bc:c4:
3f:76:55:6f:b0:0f:6d:e2:a9:8b:05:c6:75:ab:6f:9b:34:2a:
5d:c4:a0:42:01:56:7b:9c:97:b1:a9:3d:65:b8:a3:6e:76:ff:
da:8b:2b:79:32:9f:45:94:48:39:53:27:51:9d:22:af:3d:3c:
60:70:27:98:b1:8f:39:7a:fa:5e:05:28:0d:77:0c:13:fe:93:
47:25:a4:cc:2a:71:6f:1a:ec:6a:a9:2e:d1:13:35:fa:98:87:
9c:2c:1c:ec:17:41:5c:aa:fd:d6:08:66:4d:02:40:8c:83:5c:
3b:50:64:de:79:9b:03:0d:29:18:29:a4:0e:47:66:e7:90:f9:
78:8f:38:fe:68:65:23:b6:eb:9d:8e:bf:fe:3c:84:48:11:86:
7d:c8:46:19:73:70:3b:ff:40:00:99:54:5d:97:1c:08:44:6b:
d0:0e:9a:28:f1:bb:e3:d9:74:bc:55:5d:d8:a1:55:35:c2:35:
80:8f:ad:b2:11:f3:ec:ce:cb:44:11:a2:43:41:44:9e:50:cf:
ca:1a:ef:ce:68:57:7f:b4:58:09:b3:87:3e:28:8c:39:b6:38:
0f:85:5f:53
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZCASON62PazcgFHRqGQI6HXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNzA1MDAyNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDFkN2IyMjQxYzA0MGQwYjhjZjU3MGQ0ZGEzMmVlNTVlNTA3MDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MXRpAd2I32p2ZOD83kMc/mfQjRa
KbH2miq6d4BjV5vrjuPcFrcNK+xZO50TQKT26b95h9A0TyEUlW4/Z6VlyMeVwwmC
AlCEVrkZcvBK0wO7njTRVKil8ccS1zWfqmqI/FIrWP4jpjvkGzUq7HekrOU0yjKT
IiFbxgCE6Oq2m/V3+na/E1D4obmSk9vXeaoOJaCL/i6eeGhA7zkqtsSIcvTqhYtn
piI1n2NxRRQWsvrOnNeNaJGV2H58JipUhY1Y3t3bSSoTmaKPAilZmsOJ9nJNVf0m
dapn0Z67sy7XcGl0G6NEAtArutMrG0GdcUEEMHgJFolCjy4ReANHpVaaPwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFP0deyJBwEDQuM9XDU2jLuVeUHAcMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvX1IxN0lrSEFRTkM0ejFjTlRhTXU1VjVRY0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCJYD4AwQE
X1IAAwQEbW8gMAwDBASw3RADBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAJJyO5xz
e7KoSJtMW/DjNa/OUbdP0CeX5TYRHC8W6INeOkq8xD92VW+wD23iqYsFxnWrb5s0
Kl3EoEIBVnucl7GpPWW4o252/9qLK3kyn0WUSDlTJ1GdIq89PGBwJ5ixjzl6+l4F
KA13DBP+k0clpMwqcW8a7GqpLtETNfqYh5wsHOwXQVyq/dYIZk0CQIyDXDtQZN55
mwMNKRgppA5HZueQ+XiPOP5oZSO2652Ov/48hEgRhn3IRhlzcDv/QACZVF2XHAhE
a9AOmijxu+PZdLxVXdihVTXCNYCPrbIR8+zOy0QRokNBRJ5Qz8oa785oV3+0WAmz
hz4ojDm2OA+FX1M=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:25:10 2025 by rpki-client