Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/geobNFmKvh976Y9qJKL6RsIARuM.roa
File: geobNFmKvh976Y9qJKL6RsIARuM.roa (raw, json)
Hash identifier: nCPqyOXQY5RueNB+Jty5VDcueCtiqfqeksbTbrkwXrw=
Subject key identifier: 81:EA:1B:34:59:8A:BE:1F:7B:E9:8F:6A:24:A2:FA:46:C2:00:46:E3
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018AE4F29D881199911F5FD477B2E0373608
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/geobNFmKvh976Y9qJKL6RsIARuM.roa
Signing time: Sat 30 Sep 2023 07:16:59 +0000
ROA not before: Sat 30 Sep 2023 07:16:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
176.221.24.0/22 maxlen: 24
176.221.28.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
37.128.254.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:e4:f2:9d:88:11:99:91:1f:5f:d4:77:b2:e0:37:36:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Sep 30 07:16:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=81ea1b34598abe1f7be98f6a24a2fa46c20046e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:ae:69:37:1b:0a:3d:b0:e9:4a:a0:6d:81:61:
0a:13:07:c4:e3:b7:9f:f6:d1:d3:4f:bd:7d:b2:48:
e1:21:1f:75:34:bd:1c:86:8b:b7:c4:0b:aa:22:1a:
e2:0b:30:eb:77:bf:3b:21:3e:82:1a:95:6d:e0:aa:
23:21:be:9e:29:a3:8d:aa:bc:a1:0f:f8:41:7c:7e:
98:3a:01:d8:a9:6c:0d:75:a0:5f:5c:61:60:b5:eb:
dc:01:ca:74:8b:6c:c6:bc:46:67:e7:5f:b8:99:3e:
6a:7b:a4:45:d5:40:79:38:2b:fb:8a:79:fc:d4:58:
4d:ca:44:d6:9e:01:1f:d9:e7:f8:40:fe:d5:ce:af:
65:cd:94:d3:9e:87:05:18:e1:23:74:89:e5:b5:f8:
b2:90:4b:66:42:a4:1f:7f:db:80:fc:a7:61:d9:45:
7d:73:0e:dd:c7:d6:11:25:76:01:96:9e:c3:eb:94:
99:e3:3b:60:25:a0:c5:1b:cd:c6:6f:a1:54:d6:1e:
29:5d:2f:60:0d:0a:92:59:e0:c4:30:45:7b:f5:5a:
b0:15:f9:15:b4:3e:5a:33:e3:15:c5:90:5a:b5:93:
89:63:4f:30:14:91:92:4b:cb:2b:0f:c9:40:41:d7:
6a:44:8a:b4:6d:f9:f4:da:c2:25:cb:50:20:09:0d:
ae:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:EA:1B:34:59:8A:BE:1F:7B:E9:8F:6A:24:A2:FA:46:C2:00:46:E3
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/geobNFmKvh976Y9qJKL6RsIARuM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
37.128.254.0/23
95.82.0.0/21
176.221.24.0/21
Signature Algorithm: sha256WithRSAEncryption
71:26:13:c8:03:7e:03:51:d6:71:09:9e:65:f6:8a:d6:ed:b4:
5d:62:d8:ba:c7:f6:66:2c:b2:58:89:20:4f:d9:c0:da:60:e4:
ad:34:f0:b2:9e:42:80:1e:49:22:51:a9:bd:55:6b:0c:cb:9d:
7f:8a:17:05:7a:42:a7:b4:b9:f4:c2:8d:47:02:c7:f7:7f:66:
6e:19:fe:f6:52:83:02:72:06:da:db:73:41:73:f0:20:15:c7:
35:c1:9a:95:91:e3:cd:d8:cc:d5:3f:e3:95:c9:65:2a:05:7a:
3c:37:0a:13:53:8f:d3:29:ef:de:d4:ce:a0:78:80:27:67:47:
6a:ec:be:16:ff:aa:a2:93:7b:cf:14:4a:86:7d:b0:57:ee:20:
78:78:34:9c:f8:f2:a9:f7:36:67:a7:52:98:40:27:38:1e:a9:
00:a1:6a:21:71:5c:49:1d:16:dc:3b:3d:63:fe:b3:b6:2e:e7:
1c:a3:2d:ff:31:96:2e:56:3e:3c:80:ef:2d:b0:d7:8e:de:ea:
27:e9:1f:de:c2:fd:c4:2b:dc:05:55:d5:dd:88:51:1c:e0:d4:
49:24:a0:4f:c8:54:f8:b2:05:b2:cd:f4:30:a8:2b:ab:9e:21:
1c:fc:18:10:2a:19:b0:15:03:9b:42:60:a8:67:52:32:b6:9c:
b0:11:ac:56
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYrk8p2IEZmRH1/Ud7LgNzYIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwOTMwMDcxNjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWVhMWIzNDU5OGFiZTFmN2JlOThmNmEyNGEyZmE0NmMyMDA0NmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0q5pNxsKPbDpSqBtgWEKEwfE47ef
9tHTT719skjhIR91NL0chou3xAuqIhriCzDrd787IT6CGpVt4KojIb6eKaONqryh
D/hBfH6YOgHYqWwNdaBfXGFgtevcAcp0i2zGvEZn51+4mT5qe6RF1UB5OCv7inn8
1FhNykTWngEf2ef4QP7Vzq9lzZTTnocFGOEjdInltfiykEtmQqQff9uA/Kdh2UV9
cw7dx9YRJXYBlp7D65SZ4ztgJaDFG83Gb6FU1h4pXS9gDQqSWeDEMEV79VqwFfkV
tD5aM+MVxZBatZOJY08wFJGSS8srD8lAQddqRIq0bfn02sIly1AgCQ2uLQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIHqGzRZir4fe+mPaiSi+kbCAEbjMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZ2VvYk5GbUt2aDk3Nlk5cUpLTDZSc0lBUnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCJYD4AwQB
JYD+AwQDX1IAAwQDsN0YMA0GCSqGSIb3DQEBCwUAA4IBAQBxJhPIA34DUdZxCZ5l
9orW7bRdYti6x/ZmLLJYiSBP2cDaYOStNPCynkKAHkkiUam9VWsMy51/ihcFekKn
tLn0wo1HAsf3f2ZuGf72UoMCcgba23NBc/AgFcc1wZqVkePN2MzVP+OVyWUqBXo8
NwoTU4/TKe/e1M6geIAnZ0dq7L4W/6qik3vPFEqGfbBX7iB4eDSc+PKp9zZnp1KY
QCc4HqkAoWohcVxJHRbcOz1j/rO2Luccoy3/MZYuVj48gO8tsNeO3uon6R/ewv3E
K9wFVdXdiFEc4NRJJKBPyFT4sgWyzfQwqCurniEc/BgQKhmwFQObQmCoZ1Iytpyw
EaxW
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:25:42 2025 by rpki-client