Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/j99ZK8qSM-jbN7OZ204452gh3o0.roa
File: j99ZK8qSM-jbN7OZ204452gh3o0.roa (raw, json)
Hash identifier: /B6pFjnpB7VbMpUTUD+7W8OqTkURPjoxtzuxUOi/rko=
Subject key identifier: 8F:DF:59:2B:CA:92:33:E8:DB:37:B3:99:DB:4E:38:E7:68:21:DE:8D
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018E95AE810016C15B696460CC786C30303E
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/j99ZK8qSM-jbN7OZ204452gh3o0.roa
Signing time: Sun 31 Mar 2024 18:03:45 +0000
ROA not before: Sun 31 Mar 2024 18:03:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
176.221.20.0/23 maxlen: 24
176.221.24.0/22 maxlen: 24
185.65.62.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:95:ae:81:00:16:c1:5b:69:64:60:cc:78:6c:30:30:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Mar 31 18:03:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8fdf592bca9233e8db37b399db4e38e76821de8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:57:83:87:71:62:29:3e:66:22:37:a8:c8:53:
52:a2:44:1f:26:18:b1:b6:f9:61:94:b2:cf:b1:72:
b2:b7:5b:fd:61:2a:f1:93:6c:d7:96:6b:7e:6c:b8:
77:d0:0f:a1:a0:f9:45:2f:4f:da:3e:8c:c9:b7:55:
8f:dc:67:96:6a:05:75:7d:ad:14:d2:4c:5e:3f:85:
14:85:19:50:23:a0:8b:cc:11:7c:64:88:d9:eb:15:
ed:68:8e:bd:07:8f:a2:05:8d:fb:e8:45:19:fa:27:
05:e3:7f:9e:8e:95:a9:f9:b6:df:fc:a9:ea:02:39:
74:16:87:99:c3:3d:a4:b8:da:bf:bd:53:70:64:25:
87:6c:18:32:09:3b:32:d7:d2:e4:62:2f:56:e8:38:
91:25:76:64:2f:7e:5e:b4:dc:26:c5:5c:0b:88:fc:
60:c2:46:68:fb:61:83:a3:46:ca:a0:d6:17:d1:21:
bb:9a:0d:2a:a0:fd:3d:ff:b8:2e:2a:64:f1:9f:0c:
92:94:72:17:ac:3e:36:12:cc:9f:a0:b7:a1:2f:20:
86:a9:57:2c:0a:9d:c0:ef:5b:3e:39:1f:9f:04:2b:
7a:31:1c:e9:5c:2f:a8:50:4f:92:ce:66:bd:cb:0a:
0a:23:3f:13:3e:ec:78:9e:0d:be:85:2a:7d:f3:39:
82:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:DF:59:2B:CA:92:33:E8:DB:37:B3:99:DB:4E:38:E7:68:21:DE:8D
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/j99ZK8qSM-jbN7OZ204452gh3o0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
109.111.32.0/20
176.221.16.0-176.221.27.255
185.65.62.0/24
Signature Algorithm: sha256WithRSAEncryption
29:10:d2:dd:f2:26:ac:19:ff:d9:c9:02:c6:8e:c0:fc:05:97:
92:43:c2:54:b4:c5:11:16:23:c3:fa:15:9d:41:ed:e7:e4:bb:
63:57:d0:69:c8:b4:cc:30:2c:ec:4e:56:63:e0:af:54:40:43:
13:24:2b:93:46:13:04:12:13:4d:c1:37:a6:53:e3:ab:b9:12:
cd:16:d7:6c:dc:b0:8f:85:54:23:8d:78:34:63:15:5e:fa:9d:
fc:a0:87:70:e4:41:02:3c:91:f5:d3:50:81:96:69:f0:65:c9:
b2:80:5c:ff:cf:39:46:46:34:f2:a7:ac:87:00:23:4c:6c:42:
a1:e7:6a:ae:a8:d1:0f:32:1e:ec:75:63:bf:5d:d4:f7:20:c0:
03:93:ca:b7:d5:a5:dd:5b:19:d2:c8:64:a4:17:1a:99:d5:a4:
0c:c0:c3:00:0b:24:99:c4:be:f8:40:ff:ce:30:5b:d6:7b:9f:
f3:f4:f3:6c:01:19:c5:49:a8:97:d9:1e:7c:fc:a6:31:a2:79:
ad:0b:8f:3a:33:44:13:45:49:a2:db:34:b8:ba:2d:93:67:46:
62:70:6e:8c:90:91:ae:27:06:b4:f3:e8:30:cc:df:ce:3a:da:
86:39:33:78:bc:df:bf:cc:71:40:21:b9:98:df:88:3d:88:4d:
54:0a:a1:3b
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAY6VroEAFsFbaWRgzHhsMDA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMzMxMTgwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmRmNTkyYmNhOTIzM2U4ZGIzN2IzOTlkYjRlMzhlNzY4MjFkZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFeDh3FiKT5mIjeoyFNSokQfJhix
tvlhlLLPsXKyt1v9YSrxk2zXlmt+bLh30A+hoPlFL0/aPozJt1WP3GeWagV1fa0U
0kxeP4UUhRlQI6CLzBF8ZIjZ6xXtaI69B4+iBY376EUZ+icF43+ejpWp+bbf/Knq
Ajl0FoeZwz2kuNq/vVNwZCWHbBgyCTsy19LkYi9W6DiRJXZkL35etNwmxVwLiPxg
wkZo+2GDo0bKoNYX0SG7mg0qoP09/7guKmTxnwySlHIXrD42EsyfoLehLyCGqVcs
Cp3A71s+OR+fBCt6MRzpXC+oUE+Szma9ywoKIz8TPux4ng2+hSp98zmCFQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFI/fWSvKkjPo2zezmdtOOOdoId6NMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvajk5Wks4cVNNLWpiTjdPWjIwNDQ1MmdoM28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCJYD4AwQE
X1IAAwQEbW8gMAwDBASw3RADBAKw3RgDBAC5QT4wDQYJKoZIhvcNAQELBQADggEB
ACkQ0t3yJqwZ/9nJAsaOwPwFl5JDwlS0xREWI8P6FZ1B7efku2NX0GnItMwwLOxO
VmPgr1RAQxMkK5NGEwQSE03BN6ZT46u5Es0W12zcsI+FVCONeDRjFV76nfygh3Dk
QQI8kfXTUIGWafBlybKAXP/POUZGNPKnrIcAI0xsQqHnaq6o0Q8yHux1Y79d1Pcg
wAOTyrfVpd1bGdLIZKQXGpnVpAzAwwALJJnEvvhA/84wW9Z7n/P082wBGcVJqJfZ
Hnz8pjGiea0LjzozRBNFSaLbNLi6LZNnRmJwboyQka4nBrTz6DDM38462oY5M3i8
37/McUAhuZjfiD2ITVQKoTs=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:18:31 2025 by rpki-client