Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/j3UNicmQfjSA0xJ-Ypo_HLPJXX4.roa
File: j3UNicmQfjSA0xJ-Ypo_HLPJXX4.roa (raw, json)
Hash identifier: BhZeM2UP6Y8IPyzGL3UpuFzGWRl8oWxCK7zdRx+YZXc=
Subject key identifier: 8F:75:0D:89:C9:90:7E:34:80:D3:12:7E:62:9A:3F:1C:B3:C9:5D:7E
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018C3DF1A2BC02A2170B16DD4FB9355C71F2
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/j3UNicmQfjSA0xJ-Ypo_HLPJXX4.roa
Signing time: Wed 06 Dec 2023 07:04:55 +0000
ROA not before: Wed 06 Dec 2023 07:04:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62240
IP address blocks: 95.82.0.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3d:f1:a2:bc:02:a2:17:0b:16:dd:4f:b9:35:5c:71:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Dec 6 07:04:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8f750d89c9907e3480d3127e629a3f1cb3c95d7e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:df:80:2e:dc:e2:5e:08:60:ad:77:c5:51:35:
99:7f:44:57:77:87:12:af:c0:2e:dc:ac:52:d1:18:
40:f9:9f:22:a5:73:b0:a7:07:5d:13:fb:93:7a:30:
82:67:6f:74:30:d9:cc:f3:b0:33:d2:35:72:76:b4:
c0:1e:cc:b8:97:13:c9:12:25:3d:77:6a:80:55:54:
1d:77:d9:93:f1:c4:6d:64:bf:5d:11:ce:ae:63:27:
64:ee:6b:58:a3:52:55:b9:63:d0:f2:3c:09:6b:b5:
91:d5:19:24:5b:6c:9b:fa:b2:e4:ec:6e:81:1f:72:
2d:a5:9d:bf:7b:bb:0e:54:b6:5c:84:e5:78:10:50:
52:02:16:05:ef:30:ba:2c:9e:94:83:5a:f9:75:ef:
fc:d5:8e:d4:91:ec:75:d9:4e:0b:40:5d:4e:8e:ad:
e7:2e:50:6f:26:d0:06:7b:af:a8:e2:ed:f5:7e:82:
03:2f:55:c7:09:2a:ca:ae:c3:50:5d:fb:f8:03:1d:
3c:90:5c:50:f9:4e:b8:01:26:89:bb:15:ef:7a:88:
ad:ac:d3:7e:7b:46:06:77:f7:fc:07:9e:b9:2d:65:
40:c9:37:b0:59:a5:20:85:d3:a0:ee:25:2e:28:2f:
42:1d:75:50:61:a2:07:4c:e2:9d:3a:c2:c9:0f:64:
7d:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:75:0D:89:C9:90:7E:34:80:D3:12:7E:62:9A:3F:1C:B3:C9:5D:7E
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/j3UNicmQfjSA0xJ-Ypo_HLPJXX4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/21
Signature Algorithm: sha256WithRSAEncryption
14:77:bc:ab:03:c6:7f:e2:83:2e:aa:c0:4f:3a:1b:1c:eb:ae:
a2:03:72:fa:fc:68:c0:0a:81:ea:da:bd:d9:e7:71:aa:ab:6a:
f1:db:38:cc:35:de:49:81:77:9d:7d:3c:be:9a:d1:ab:b7:33:
98:6b:16:3a:40:2a:b0:32:74:77:0c:02:0f:59:f2:ca:d8:0c:
83:18:02:46:2c:27:d2:d6:b9:d8:a3:bf:5f:c2:c1:b2:a0:9d:
77:dd:9b:3d:7e:f0:38:4f:6e:a6:7a:48:c4:39:1d:85:e9:6b:
0c:4c:f7:5d:c9:92:9b:a4:48:00:19:67:a5:e4:ac:d6:fa:f0:
bc:1a:82:5d:33:57:38:78:a1:d5:c8:2b:54:61:9a:e1:44:94:
fd:1a:41:1a:df:27:ec:26:0d:8d:5a:91:97:5f:ef:dd:7a:f9:
68:b6:4e:d8:0b:51:85:d4:51:74:f1:8a:f9:42:60:4d:56:80:
e1:a9:5c:fc:41:37:04:a5:01:e5:6c:95:da:a8:6f:01:8e:51:
c4:79:26:91:d3:bb:7c:5d:2b:78:03:2e:a4:86:45:59:5a:11:
2f:00:10:a2:83:a3:ec:9c:5d:e1:ef:7f:ad:65:81:1f:60:e0:
92:40:a3:54:e9:1b:3e:24:2e:e9:76:0b:31:49:8a:22:e5:c9:
a9:28:57:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYw98aK8AqIXCxbdT7k1XHHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMxMjA2MDcwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjc1MGQ4OWM5OTA3ZTM0ODBkMzEyN2U2MjlhM2YxY2IzYzk1ZDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxt+ALtziXghgrXfFUTWZf0RXd4cS
r8Au3KxS0RhA+Z8ipXOwpwddE/uTejCCZ290MNnM87Az0jVydrTAHsy4lxPJEiU9
d2qAVVQdd9mT8cRtZL9dEc6uYydk7mtYo1JVuWPQ8jwJa7WR1RkkW2yb+rLk7G6B
H3ItpZ2/e7sOVLZchOV4EFBSAhYF7zC6LJ6Ug1r5de/81Y7Ukex12U4LQF1Ojq3n
LlBvJtAGe6+o4u31foIDL1XHCSrKrsNQXfv4Ax08kFxQ+U64ASaJuxXveoitrNN+
e0YGd/f8B565LWVAyTewWaUghdOg7iUuKC9CHXVQYaIHTOKdOsLJD2R9tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI91DYnJkH40gNMSfmKaPxyzyV1+MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvajNVTmljbVFmalNBMHhKLVlwb19ITFBKWFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX1IAMA0G
CSqGSIb3DQEBCwUAA4IBAQAUd7yrA8Z/4oMuqsBPOhsc666iA3L6/GjACoHq2r3Z
53Gqq2rx2zjMNd5JgXedfTy+mtGrtzOYaxY6QCqwMnR3DAIPWfLK2AyDGAJGLCfS
1rnYo79fwsGyoJ133Zs9fvA4T26mekjEOR2F6WsMTPddyZKbpEgAGWel5KzW+vC8
GoJdM1c4eKHVyCtUYZrhRJT9GkEa3yfsJg2NWpGXX+/devlotk7YC1GF1FF08Yr5
QmBNVoDhqVz8QTcEpQHlbJXaqG8BjlHEeSaR07t8XSt4Ay6khkVZWhEvABCig6Ps
nF3h73+tZYEfYOCSQKNU6Rs+JC7pdgsxSYoi5cmpKFfY
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:15:02 2025 by rpki-client