Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/faMU_UhG6rlSnIw1jGiLp9HtzBY.roa
File: faMU_UhG6rlSnIw1jGiLp9HtzBY.roa (raw, json)
Hash identifier: JjxS2TNBSL8WCuMEJOciWlLX8xSdagfGzN28908o3sw=
Subject key identifier: 7D:A3:14:FD:48:46:EA:B9:52:9C:8C:35:8C:68:8B:A7:D1:ED:CC:16
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018CCA2A35FEB38947DCCCF79848E1BD4A5D
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/faMU_UhG6rlSnIw1jGiLp9HtzBY.roa
Signing time: Tue 02 Jan 2024 12:33:33 +0000
ROA not before: Tue 02 Jan 2024 12:33:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 95.82.0.0/21 maxlen: 21
95.82.8.0/21 maxlen: 21
95.82.32.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2a:35:fe:b3:89:47:dc:cc:f7:98:48:e1:bd:4a:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 2 12:33:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7da314fd4846eab9529c8c358c688ba7d1edcc16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:cd:56:f5:fa:e8:74:bc:63:2d:42:46:e7:ae:
87:06:e6:1f:a5:79:82:24:da:f4:5a:cf:48:09:98:
79:66:93:5b:e2:ee:5d:b9:13:fe:10:65:b0:1e:43:
c8:2c:90:69:eb:f4:52:27:21:ca:82:a1:f0:16:b1:
e1:4a:bd:19:85:14:17:d6:72:24:6b:60:33:d6:bb:
a1:35:f5:3d:bc:21:e0:a5:da:b8:4d:21:41:35:c5:
2c:80:ae:d7:bf:1b:21:df:5e:e4:be:2a:fe:03:9e:
72:e1:47:fe:e2:36:36:71:1c:eb:c9:1c:66:15:cb:
5a:f4:91:e2:38:3d:91:e4:58:07:1a:bb:b1:bd:70:
66:45:58:39:87:6c:6e:c2:2f:bd:d3:97:1b:39:1a:
bb:60:d3:1d:37:29:4d:10:63:c1:68:bb:1f:d0:14:
ef:41:a2:86:08:65:44:dd:32:e5:cf:d8:f6:7d:bf:
e4:31:23:f9:eb:a3:1e:80:4a:33:c5:69:51:6e:3d:
14:ac:9c:17:59:b7:53:4e:ad:33:c0:ac:76:98:1e:
34:6e:12:85:0a:89:f1:38:4e:1b:2e:49:a8:ab:c3:
cb:26:0d:2c:91:38:1d:8d:35:8a:9b:31:77:ba:ed:
c2:13:75:f1:f5:fe:0d:ea:44:9e:f9:d3:5e:9e:ff:
3b:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:A3:14:FD:48:46:EA:B9:52:9C:8C:35:8C:68:8B:A7:D1:ED:CC:16
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/faMU_UhG6rlSnIw1jGiLp9HtzBY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/20
95.82.32.0/21
Signature Algorithm: sha256WithRSAEncryption
13:2f:7e:43:6d:e6:8f:c3:b0:01:ba:3f:7f:25:59:3a:9a:c8:
88:74:3c:76:49:9d:df:c3:26:3f:89:5d:8f:e5:5a:c3:e7:e4:
0b:5e:30:ee:44:60:63:8a:f4:2f:b1:90:20:03:23:99:92:7c:
61:64:42:cb:7b:2c:c9:44:80:bd:3d:f7:f8:31:34:11:07:ea:
85:c3:6e:8d:f4:94:ea:70:92:2c:01:4a:4c:36:a7:cd:1f:8e:
e3:5a:67:7a:d5:3a:86:b2:e1:41:a0:fb:41:2f:e7:8f:56:04:
bd:fe:8f:b0:4b:17:43:ff:04:95:92:9f:5b:e1:4a:59:e8:e0:
b8:2a:f4:41:e0:5a:10:0a:09:b6:ce:d3:f6:7f:dd:4a:19:6e:
c8:d4:b9:bf:c4:dd:16:35:5f:70:3b:43:77:71:53:47:6d:ef:
a1:f7:6f:43:95:c6:33:b2:de:62:4f:02:68:7f:4a:c0:23:00:
5a:89:57:22:68:38:7a:28:a4:0a:58:7b:86:8a:8b:d2:f8:69:
0e:2d:c8:80:c6:bf:f6:4c:5f:10:41:70:3c:eb:b4:f3:eb:4f:
69:23:bc:29:ef:ec:7d:52:c1:44:b9:cd:e6:8d:5a:c1:20:98:
27:e0:60:38:60:c3:14:9c:7b:aa:a9:dd:6e:d2:66:17:eb:fd:
d5:76:1c:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKjX+s4lH3Mz3mEjhvUpdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGEzMTRmZDQ4NDZlYWI5NTI5YzhjMzU4YzY4OGJhN2QxZWRjYzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA081W9frodLxjLUJG566HBuYfpXmC
JNr0Ws9ICZh5ZpNb4u5duRP+EGWwHkPILJBp6/RSJyHKgqHwFrHhSr0ZhRQX1nIk
a2Az1ruhNfU9vCHgpdq4TSFBNcUsgK7Xvxsh317kvir+A55y4Uf+4jY2cRzryRxm
Fcta9JHiOD2R5FgHGruxvXBmRVg5h2xuwi+905cbORq7YNMdNylNEGPBaLsf0BTv
QaKGCGVE3TLlz9j2fb/kMSP566MegEozxWlRbj0UrJwXWbdTTq0zwKx2mB40bhKF
ConxOE4bLkmoq8PLJg0skTgdjTWKmzF3uu3CE3Xx9f4N6kSe+dNenv87ZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH2jFP1IRuq5UpyMNYxoi6fR7cwWMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZmFNVV9VaEc2cmxTbkl3MWpHaUxwOUh0ekJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEX1IAAwQD
X1IgMA0GCSqGSIb3DQEBCwUAA4IBAQATL35DbeaPw7ABuj9/JVk6msiIdDx2SZ3f
wyY/iV2P5VrD5+QLXjDuRGBjivQvsZAgAyOZknxhZELLeyzJRIC9Pff4MTQRB+qF
w26N9JTqcJIsAUpMNqfNH47jWmd61TqGsuFBoPtBL+ePVgS9/o+wSxdD/wSVkp9b
4UpZ6OC4KvRB4FoQCgm2ztP2f91KGW7I1Lm/xN0WNV9wO0N3cVNHbe+h929DlcYz
st5iTwJof0rAIwBaiVciaDh6KKQKWHuGiovS+GkOLciAxr/2TF8QQXA867Tz609p
I7wp7+x9UsFEuc3mjVrBIJgn4GA4YMMUnHuqqd1u0mYX6/3Vdhz7
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:12:43 2025 by rpki-client