Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/hY2Ou1uBhoWDCSv5_dGQEuhvh3c.roa
File: hY2Ou1uBhoWDCSv5_dGQEuhvh3c.roa (raw, json)
Hash identifier: UjcnXoIEKc/jJgD6cnnjpypt19cXXIlMio4a9pcx1oY=
Subject key identifier: 85:8D:8E:BB:5B:81:86:85:83:09:2B:F9:FD:D1:90:12:E8:6F:87:77
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0190A4D311A5B54296E7351AA0EA29880D40
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/hY2Ou1uBhoWDCSv5_dGQEuhvh3c.roa
Signing time: Fri 12 Jul 2024 02:43:34 +0000
ROA not before: Fri 12 Jul 2024 02:43:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.40.0/22 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
176.221.24.0/23 maxlen: 24
176.221.26.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:a4:d3:11:a5:b5:42:96:e7:35:1a:a0:ea:29:88:0d:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jul 12 02:43:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=858d8ebb5b81868583092bf9fdd19012e86f8777
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:1f:66:19:c5:77:2a:80:8f:c0:dd:8c:78:64:
40:72:95:90:46:28:6d:c3:5c:32:40:c8:0a:dc:b8:
b1:66:aa:d3:ca:6a:45:17:fd:33:86:3a:61:12:11:
e9:bd:e7:b7:9f:c9:ba:6b:13:fc:1f:e2:9f:82:27:
ce:a0:ae:72:6f:6e:15:a5:54:e9:22:92:69:de:c5:
04:31:6e:f0:b8:c9:33:e4:bd:21:f0:91:1b:3d:bc:
17:29:3d:06:a9:50:ef:ed:c3:2c:fc:94:81:28:eb:
30:66:55:dd:4c:de:17:7f:3f:36:f5:9c:a3:d7:39:
c7:66:d2:77:74:ba:8b:b1:36:fd:b5:eb:d1:bc:da:
6a:50:b4:ad:48:67:73:a8:e3:a9:07:2f:9e:6d:30:
83:30:ec:57:8a:cd:f6:ef:88:a3:cc:75:ab:fc:59:
f2:61:1e:d7:f4:64:b8:b6:ea:6a:e5:55:70:9e:d8:
77:fe:d1:33:82:5a:e5:7d:c4:3a:52:e4:42:b1:c7:
3b:a2:bc:79:92:e3:fc:90:e8:bc:3b:f1:73:a3:c6:
dd:b4:cb:c3:ca:1f:72:9c:06:3b:af:59:9a:d0:0d:
f1:0a:24:5b:7a:12:b4:d6:0a:2f:b9:1a:2c:86:45:
81:b9:f5:e9:cb:8f:b7:7c:8b:45:87:c9:e4:68:a9:
8b:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:8D:8E:BB:5B:81:86:85:83:09:2B:F9:FD:D1:90:12:E8:6F:87:77
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/hY2Ou1uBhoWDCSv5_dGQEuhvh3c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
109.111.32.0/20
176.221.16.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
7d:2e:48:19:0c:2f:bc:5d:fc:a5:46:1f:5e:2b:e7:30:ea:7b:
56:b8:1c:09:42:35:62:19:4e:85:6a:e9:c4:40:e6:73:61:5c:
96:c4:1d:05:3e:15:82:f0:8a:42:05:64:e9:e2:a7:0e:90:82:
72:d7:7f:73:3a:8e:14:2a:de:74:cc:00:34:76:16:ae:a0:23:
27:87:81:00:42:18:0b:9f:c7:3f:88:4d:a2:e5:ba:29:43:5c:
9e:c6:9f:96:b2:1f:85:84:74:9b:8b:9b:a2:f1:03:e6:d2:8f:
c2:22:c5:3b:f9:6b:17:21:f9:d3:94:f4:35:17:08:c8:c9:4e:
45:a2:f5:09:f2:fa:b3:70:d4:47:a9:fb:e6:53:f3:7e:bb:cf:
f9:e0:e6:c6:6e:c6:d3:f3:30:b6:74:59:cb:9c:34:81:06:69:
39:da:b7:4c:53:2a:25:2e:60:59:44:56:09:e2:14:a6:45:02:
d6:55:c1:60:2c:33:00:29:7d:a3:79:59:40:68:fb:5f:0c:ef:
5c:9c:f9:4f:8d:ad:17:a2:5f:b6:c4:5e:27:88:9f:c7:1c:bc:
dd:5a:ac:02:83:81:6b:1c:88:6e:9d:37:8f:b2:78:e9:50:52:
90:9d:74:8d:c9:15:5f:e9:25:c2:73:2b:d5:97:7a:27:e6:ac:
3b:55:c3:e8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZCk0xGltUKW5zUaoOopiA1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNzEyMDI0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NThkOGViYjViODE4Njg1ODMwOTJiZjlmZGQxOTAxMmU4NmY4Nzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqR9mGcV3KoCPwN2MeGRAcpWQRiht
w1wyQMgK3LixZqrTympFF/0zhjphEhHpvee3n8m6axP8H+KfgifOoK5yb24VpVTp
IpJp3sUEMW7wuMkz5L0h8JEbPbwXKT0GqVDv7cMs/JSBKOswZlXdTN4Xfz829Zyj
1znHZtJ3dLqLsTb9tevRvNpqULStSGdzqOOpBy+ebTCDMOxXis3274ijzHWr/Fny
YR7X9GS4tupq5VVwnth3/tEzglrlfcQ6UuRCscc7orx5kuP8kOi8O/Fzo8bdtMvD
yh9ynAY7r1ma0A3xCiRbehK01govuRoshkWBufXpy4+3fItFh8nkaKmLVwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIWNjrtbgYaFgwkr+f3RkBLob4d3MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvaFkyT3UxdUJob1dEQ1N2NV9kR1FFdWh2aDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCJYD4AwQE
X1IAAwQEbW8gMAwDBASw3RADBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAH0uSBkM
L7xd/KVGH14r5zDqe1a4HAlCNWIZToVq6cRA5nNhXJbEHQU+FYLwikIFZOnipw6Q
gnLXf3M6jhQq3nTMADR2Fq6gIyeHgQBCGAufxz+ITaLluilDXJ7Gn5ayH4WEdJuL
m6LxA+bSj8IixTv5axch+dOU9DUXCMjJTkWi9Qny+rNw1Eep++ZT8367z/ng5sZu
xtPzMLZ0WcucNIEGaTnat0xTKiUuYFlEVgniFKZFAtZVwWAsMwApfaN5WUBo+18M
71yc+U+NrReiX7bEXieIn8ccvN1arAKDgWsciG6dN4+yeOlQUpCddI3JFV/pJcJz
K9WXeifmrDtVw+g=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:22:50 2025 by rpki-client