Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/gDy_Vq3oParxDBFRqYXeOxAoi5k.roa
File: gDy_Vq3oParxDBFRqYXeOxAoi5k.roa (raw, json)
Hash identifier: L7O4vB8qyXGYh21/Emk1fvgiNKISGTHI4x/+tgek3Go=
Subject key identifier: 80:3C:BF:56:AD:E8:3D:AA:F1:0C:11:51:A9:85:DE:3B:10:28:8B:99
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018C48561F6F8C783AC6AF36E94147E9C223
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/gDy_Vq3oParxDBFRqYXeOxAoi5k.roa
Signing time: Fri 08 Dec 2023 07:30:52 +0000
ROA not before: Fri 08 Dec 2023 07:30:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.65.62.0/24 maxlen: 24
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
95.82.32.0/21 maxlen: 24
176.221.24.0/21 maxlen: 21
176.221.30.0/23 maxlen: 24
109.111.56.0/22 maxlen: 24
176.221.28.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:48:56:1f:6f:8c:78:3a:c6:af:36:e9:41:47:e9:c2:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Dec 8 07:30:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=803cbf56ade83daaf10c1151a985de3b10288b99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:b0:8a:18:86:1a:41:33:18:c1:3a:8c:d7:98:
73:33:44:06:1a:af:b7:ac:71:c6:6e:40:2c:8b:ab:
12:e3:d5:36:55:85:a4:36:86:81:72:53:bb:4a:6d:
06:71:38:17:12:13:92:35:2e:73:b0:ac:29:45:5f:
e8:f2:2c:43:2b:ac:77:e7:81:7a:45:db:64:2d:fc:
be:be:9a:d3:25:60:28:ec:af:7e:41:35:7d:36:53:
e0:13:55:78:71:73:82:7c:d4:54:34:7f:ba:41:e7:
36:d5:28:c8:ce:49:3f:f7:27:9c:e4:63:de:e9:d0:
28:ac:b5:fd:61:13:3e:39:21:f8:3c:14:9e:67:df:
f9:99:71:47:12:d5:2c:62:8e:69:b5:c8:47:1c:ef:
2a:3e:a4:8b:26:b2:09:ca:f5:9f:1e:0c:87:4a:80:
0b:06:09:37:d3:c2:c4:56:18:59:fd:65:c8:9b:2b:
3c:b1:96:a2:a3:e0:ee:58:9f:3c:37:3e:83:7d:ff:
9d:53:fb:9d:cd:f0:a0:90:ff:ed:ed:b6:5a:20:8b:
e5:6c:da:e8:97:df:c7:bf:d6:08:a9:9e:af:79:30:
92:17:da:b9:c6:ec:86:54:f4:39:16:b3:2d:24:8b:
dc:5d:d0:9a:93:0e:00:7f:d0:11:1f:70:fa:d3:3d:
b3:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:3C:BF:56:AD:E8:3D:AA:F1:0C:11:51:A9:85:DE:3B:10:28:8B:99
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/gDy_Vq3oParxDBFRqYXeOxAoi5k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.32.0/21
109.111.32.0/20
109.111.56.0/22
176.221.16.0/20
185.65.62.0/24
Signature Algorithm: sha256WithRSAEncryption
88:52:27:c9:08:b2:bf:f9:e4:4c:7b:ad:74:41:28:e6:2a:cb:
73:58:cc:ab:74:88:25:8a:07:a1:63:d6:89:8e:e4:29:c6:5a:
7d:ef:4f:14:d1:c2:31:89:48:71:d7:75:ea:70:e7:17:77:4b:
ca:be:40:f4:0c:24:4a:4d:d6:80:02:46:b9:04:f9:40:ff:fe:
8e:4a:03:b9:55:c8:1b:6b:b0:6c:d3:95:4b:75:ad:28:43:26:
ff:e0:71:15:58:7f:ff:65:f3:01:90:fd:63:12:c2:60:45:dd:
4a:84:28:6b:2a:34:b9:06:16:19:a9:da:56:bd:c0:e7:8f:89:
fe:f6:65:20:c4:07:62:81:f5:de:bd:0f:1a:41:f2:81:f6:2c:
a9:4d:70:66:63:58:e8:fd:39:5f:71:ec:86:4f:53:ae:57:df:
e1:76:3e:89:68:b4:fa:40:76:ab:cf:1a:4e:70:61:e4:a2:6a:
0d:e5:d3:f1:92:64:70:6b:c6:0e:69:39:2e:41:46:36:b7:8a:
a5:39:16:fc:d0:d4:52:7f:8b:e9:6e:39:75:d8:2a:17:bb:7a:
eb:40:bf:7c:33:ee:e8:f2:d0:e1:20:73:76:be:6e:f9:c9:b9:
69:cb:94:17:78:4e:c0:a3:63:c9:5a:10:a2:e2:ee:e9:ca:0e:
11:42:db:c0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYxIVh9vjHg6xq826UFH6cIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMxMjA4MDczMDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDNjYmY1NmFkZTgzZGFhZjEwYzExNTFhOTg1ZGUzYjEwMjg4Yjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbCKGIYaQTMYwTqM15hzM0QGGq+3
rHHGbkAsi6sS49U2VYWkNoaBclO7Sm0GcTgXEhOSNS5zsKwpRV/o8ixDK6x354F6
RdtkLfy+vprTJWAo7K9+QTV9NlPgE1V4cXOCfNRUNH+6Qec21SjIzkk/9yec5GPe
6dAorLX9YRM+OSH4PBSeZ9/5mXFHEtUsYo5ptchHHO8qPqSLJrIJyvWfHgyHSoAL
Bgk308LEVhhZ/WXImys8sZaio+DuWJ88Nz6Dff+dU/udzfCgkP/t7bZaIIvlbNro
l9/Hv9YIqZ6veTCSF9q5xuyGVPQ5FrMtJIvcXdCakw4Af9ARH3D60z2zqQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIA8v1at6D2q8QwRUamF3jsQKIuZMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZ0R5X1ZxM29QYXJ4REJGUnFZWGVPeEFvaTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJYD4AwQD
X1IgAwQEbW8gAwQCbW84AwQEsN0QAwQAuUE+MA0GCSqGSIb3DQEBCwUAA4IBAQCI
UifJCLK/+eRMe610QSjmKstzWMyrdIgligehY9aJjuQpxlp9708U0cIxiUhx13Xq
cOcXd0vKvkD0DCRKTdaAAka5BPlA//6OSgO5Vcgba7Bs05VLda0oQyb/4HEVWH//
ZfMBkP1jEsJgRd1KhChrKjS5BhYZqdpWvcDnj4n+9mUgxAdigfXevQ8aQfKB9iyp
TXBmY1jo/TlfceyGT1OuV9/hdj6JaLT6QHarzxpOcGHkomoN5dPxkmRwa8YOaTku
QUY2t4qlORb80NRSf4vpbjl12CoXu3rrQL98M+7o8tDhIHN2vm75yblpy5QXeE7A
o2PJWhCi4u7pyg4RQtvA
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:16:52 2025 by rpki-client