Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dQjn6blvgwTsKURQljOwb5VFJt0.roa
File: dQjn6blvgwTsKURQljOwb5VFJt0.roa (raw, json)
Hash identifier: NNbanT7boyHrtOQlSIbxj7RpPWKZShIAiHAjwV2wK90=
Subject key identifier: 75:08:E7:E9:B9:6F:83:04:EC:29:44:50:96:33:B0:6F:95:45:26:DD
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018AEA04D59B72CE6F1D83484C3B17309EC5
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dQjn6blvgwTsKURQljOwb5VFJt0.roa
Signing time: Sun 01 Oct 2023 06:54:59 +0000
ROA not before: Sun 01 Oct 2023 06:54:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
176.221.24.0/22 maxlen: 24
176.221.28.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ea:04:d5:9b:72:ce:6f:1d:83:48:4c:3b:17:30:9e:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Oct 1 06:54:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7508e7e9b96f8304ec2944509633b06f954526dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:92:bd:ed:2e:80:3d:53:16:cd:67:df:64:6c:
0a:a4:04:e7:af:76:75:1e:6d:0b:25:41:00:e4:1c:
4b:6b:2a:e2:a5:d4:88:8c:b5:23:68:f2:ce:75:1e:
e6:46:cb:aa:99:a0:9b:d3:cd:68:c4:25:59:80:9f:
db:05:6b:0a:44:b5:04:ab:58:75:28:5f:f2:63:64:
56:da:33:70:da:21:8c:08:05:46:ad:11:d4:2b:37:
83:4f:36:c6:20:ce:a8:40:43:4e:e7:ae:93:c2:e0:
59:32:ab:57:39:54:59:f1:c6:a4:fa:68:3f:92:20:
07:59:5d:04:64:d9:d3:bf:46:68:5e:22:f0:d1:26:
0b:eb:26:1f:8a:38:41:ec:d2:0a:76:3e:b5:ff:cb:
b5:eb:e7:ee:e4:b9:c9:d5:de:ea:e5:7c:7d:e5:fe:
76:19:2f:b9:cf:f3:93:94:09:b5:43:20:45:c6:a8:
1f:b8:eb:11:b5:18:69:5a:57:6b:de:5b:34:ce:cf:
09:9f:fa:43:cd:ca:4b:f4:44:99:fe:f2:bb:bb:b3:
e9:24:e5:40:df:c5:38:9c:91:0a:a2:aa:8b:9d:4a:
05:b6:1e:44:db:4a:92:cf:0d:24:9e:48:6d:c1:2f:
f8:72:1d:ba:4d:62:52:25:9d:74:77:9f:66:cc:d4:
92:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:08:E7:E9:B9:6F:83:04:EC:29:44:50:96:33:B0:6F:95:45:26:DD
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dQjn6blvgwTsKURQljOwb5VFJt0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/21
176.221.24.0/21
Signature Algorithm: sha256WithRSAEncryption
24:1d:e5:07:ad:46:e1:34:99:0f:a1:ac:f3:3d:c0:6a:61:90:
aa:3e:b0:4b:b6:3c:60:96:88:8d:cc:a6:53:41:c5:07:aa:dc:
de:64:31:55:ae:5b:2e:3c:c2:9e:14:c4:ca:a4:7b:66:08:72:
42:3d:e4:82:6e:3b:a4:3c:aa:0b:6c:8d:fb:c1:61:63:ae:07:
62:17:56:62:9f:18:22:e7:19:35:39:24:2e:20:d4:cd:7a:ed:
de:0c:27:3e:59:64:0c:e4:ed:63:ba:7f:17:17:d9:49:45:31:
57:f7:28:69:9c:0d:ad:ed:84:ac:4e:f2:5b:69:1d:c8:2e:f4:
e5:4b:1c:53:76:95:59:07:75:ce:47:b8:6d:62:3a:96:1a:72:
00:63:8e:17:bb:fe:1e:ab:b9:31:4e:e3:16:24:a8:bb:51:16:
a2:bf:38:bc:ef:f4:bd:26:49:6a:e4:20:1c:f0:2f:3e:f2:f5:
1b:15:be:17:62:d5:14:5b:5b:c5:b8:d8:7e:c1:0f:2b:9b:7c:
a8:fe:b9:d6:5f:f1:f5:7f:a2:20:7c:b4:34:9d:64:6a:a5:55:
8b:45:1b:a5:0c:55:47:da:1c:c5:25:17:30:5e:45:ce:e7:30:
a7:73:33:b7:a2:59:e7:56:d6:0e:66:0f:84:4a:75:8a:a9:7f:
9f:af:0e:ec
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYrqBNWbcs5vHYNITDsXMJ7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMxMDAxMDY1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTA4ZTdlOWI5NmY4MzA0ZWMyOTQ0NTA5NjMzYjA2Zjk1NDUyNmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZK97S6APVMWzWffZGwKpATnr3Z1
Hm0LJUEA5BxLayripdSIjLUjaPLOdR7mRsuqmaCb081oxCVZgJ/bBWsKRLUEq1h1
KF/yY2RW2jNw2iGMCAVGrRHUKzeDTzbGIM6oQENO566TwuBZMqtXOVRZ8cak+mg/
kiAHWV0EZNnTv0ZoXiLw0SYL6yYfijhB7NIKdj61/8u16+fu5LnJ1d7q5Xx95f52
GS+5z/OTlAm1QyBFxqgfuOsRtRhpWldr3ls0zs8Jn/pDzcpL9ESZ/vK7u7PpJOVA
38U4nJEKoqqLnUoFth5E20qSzw0knkhtwS/4ch26TWJSJZ10d59mzNSSHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHUI5+m5b4ME7ClEUJYzsG+VRSbdMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZFFqbjZibHZnd1RzS1VSUWxqT3diNVZGSnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCJYD4AwQD
X1IAAwQDsN0YMA0GCSqGSIb3DQEBCwUAA4IBAQAkHeUHrUbhNJkPoazzPcBqYZCq
PrBLtjxgloiNzKZTQcUHqtzeZDFVrlsuPMKeFMTKpHtmCHJCPeSCbjukPKoLbI37
wWFjrgdiF1Zinxgi5xk1OSQuINTNeu3eDCc+WWQM5O1jun8XF9lJRTFX9yhpnA2t
7YSsTvJbaR3ILvTlSxxTdpVZB3XOR7htYjqWGnIAY44Xu/4eq7kxTuMWJKi7URai
vzi87/S9Jklq5CAc8C8+8vUbFb4XYtUUW1vFuNh+wQ8rm3yo/rnWX/H1f6IgfLQ0
nWRqpVWLRRulDFVH2hzFJRcwXkXO5zCnczO3olnnVtYOZg+ESnWKqX+frw7s
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:25:54 2025 by rpki-client