Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fPAaJIyYoDuyPg4T4RAhvH8_x4s.roa
File: fPAaJIyYoDuyPg4T4RAhvH8_x4s.roa (raw, json)
Hash identifier: AzVpG4TaE9SlwvHPXCkSmh6INnC3HJw6iWONMdPGoPI=
Subject key identifier: 7C:F0:1A:24:8C:98:A0:3B:B2:3E:0E:13:E1:10:21:BC:7F:3F:C7:8B
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018D7F05FDF0025574A76E46932E2103B2AD
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fPAaJIyYoDuyPg4T4RAhvH8_x4s.roa
Signing time: Tue 06 Feb 2024 15:25:15 +0000
ROA not before: Tue 06 Feb 2024 15:25:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.8.0/21 maxlen: 24
95.82.32.0/21 maxlen: 21
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
193.176.96.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:7f:05:fd:f0:02:55:74:a7:6e:46:93:2e:21:03:b2:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Feb 6 15:25:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7cf01a248c98a03bb23e0e13e11021bc7f3fc78b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:42:6f:71:40:8c:84:66:1d:1f:2b:de:e7:85:
0d:99:03:3d:9e:06:75:07:b3:eb:01:92:78:21:9e:
1f:de:b8:c6:08:01:2b:8b:e5:df:51:08:9a:6c:d5:
57:0a:7f:62:6e:e8:76:08:00:09:f3:18:d2:69:c1:
91:68:85:7f:0e:b8:fc:44:54:62:3c:20:dc:4d:ba:
af:54:8e:1f:8a:27:f1:61:57:91:03:13:4d:74:38:
45:c5:7a:0d:cc:45:71:9d:63:d8:36:8b:15:f5:5a:
b5:2e:67:44:b2:ea:04:89:69:0f:d1:9b:72:61:95:
8e:9a:34:79:f2:77:6a:10:7d:e0:f0:da:3b:a9:5d:
71:d4:ca:4e:18:dd:54:f6:9f:85:2b:5e:69:54:a6:
33:96:9f:88:30:99:70:17:47:6e:f4:80:44:2c:ea:
50:53:01:0c:dc:7a:d9:c6:a8:cc:a4:43:51:53:9a:
29:1a:85:b0:30:e3:00:c9:3b:a3:e2:3b:38:6b:27:
41:f0:b4:19:ea:ac:c7:be:36:58:42:0f:5d:26:36:
da:0f:cb:07:3c:6b:1d:70:5c:09:cb:7e:4e:7c:82:
80:b2:28:6f:ba:8c:eb:1d:ae:2d:89:74:26:98:2e:
a6:ab:15:09:f1:3e:3e:9f:8b:02:39:73:3d:06:c8:
2a:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:F0:1A:24:8C:98:A0:3B:B2:3E:0E:13:E1:10:21:BC:7F:3F:C7:8B
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fPAaJIyYoDuyPg4T4RAhvH8_x4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.8.0/21
95.82.32.0/21
109.111.32.0/20
176.221.16.0/21
193.176.96.0/24
Signature Algorithm: sha256WithRSAEncryption
19:0d:7a:2b:70:3d:7a:52:dd:01:b5:05:6a:ab:e5:c3:96:62:
44:e9:79:56:17:8d:d2:87:58:29:eb:60:43:58:a2:e7:6a:c1:
09:80:24:1a:fb:f3:17:e1:aa:57:4c:58:7b:68:d1:f3:05:04:
b4:3c:dc:06:09:4d:84:f4:53:f2:0a:61:b4:8b:a7:a5:fb:f6:
14:4c:1d:71:c2:f2:f1:52:36:02:99:87:a2:bf:6f:17:cf:37:
21:ca:66:73:2c:47:27:91:80:7f:d0:9b:9c:3b:71:54:e0:aa:
0f:57:46:0f:77:26:4a:d0:52:af:63:5d:46:e3:fc:c0:7c:b3:
30:e4:17:7b:15:f2:a0:15:49:97:9b:98:db:30:f1:ef:77:38:
77:c6:03:92:e1:27:7a:ef:ff:3c:71:29:97:d4:e8:4a:5e:d5:
3f:e5:f6:d7:30:95:a0:86:8f:64:12:1d:f1:c6:c0:5c:8c:14:
f3:94:20:3a:84:a5:7c:1f:87:0d:39:89:d4:60:c1:87:a7:11:
51:89:7d:2f:5f:2a:da:5f:25:a5:0c:74:e3:24:6f:cb:98:36:
0b:7e:d0:ad:a1:e4:d6:42:19:49:2a:eb:16:6e:06:5b:04:3f:
3e:6b:a9:af:04:f8:7f:77:61:7f:3d:be:dd:44:29:a3:b6:3c:
e9:70:d9:9f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY1/Bf3wAlV0p25Gky4hA7KtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMjA2MTUyNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2YwMWEyNDhjOThhMDNiYjIzZTBlMTNlMTEwMjFiYzdmM2ZjNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEJvcUCMhGYdHyve54UNmQM9ngZ1
B7PrAZJ4IZ4f3rjGCAEri+XfUQiabNVXCn9ibuh2CAAJ8xjSacGRaIV/Drj8RFRi
PCDcTbqvVI4fiifxYVeRAxNNdDhFxXoNzEVxnWPYNosV9Vq1LmdEsuoEiWkP0Zty
YZWOmjR58ndqEH3g8No7qV1x1MpOGN1U9p+FK15pVKYzlp+IMJlwF0du9IBELOpQ
UwEM3HrZxqjMpENRU5opGoWwMOMAyTuj4js4aydB8LQZ6qzHvjZYQg9dJjbaD8sH
PGsdcFwJy35OfIKAsihvuozrHa4tiXQmmC6mqxUJ8T4+n4sCOXM9BsgqhQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHzwGiSMmKA7sj4OE+EQIbx/P8eLMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZlBBYUpJeVlvRHV5UGc0VDRSQWh2SDhfeDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJYD4AwQD
X1IIAwQDX1IgAwQEbW8gAwQDsN0QAwQAwbBgMA0GCSqGSIb3DQEBCwUAA4IBAQAZ
DXorcD16Ut0BtQVqq+XDlmJE6XlWF43Sh1gp62BDWKLnasEJgCQa+/MX4apXTFh7
aNHzBQS0PNwGCU2E9FPyCmG0i6el+/YUTB1xwvLxUjYCmYeiv28XzzchymZzLEcn
kYB/0JucO3FU4KoPV0YPdyZK0FKvY11G4/zAfLMw5Bd7FfKgFUmXm5jbMPHvdzh3
xgOS4Sd67/88cSmX1OhKXtU/5fbXMJWgho9kEh3xxsBcjBTzlCA6hKV8H4cNOYnU
YMGHpxFRiX0vXyraXyWlDHTjJG/LmDYLftCtoeTWQhlJKusWbgZbBD8+a6mvBPh/
d2F/Pb7dRCmjtjzpcNmf
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:21:15 2025 by rpki-client