Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kUH2XcWvrZRqF5A9ka8EH-_sneY.roa
File: kUH2XcWvrZRqF5A9ka8EH-_sneY.roa (raw, json)
Hash identifier: aAxvonrsYgRi4LruqmM3r4/iXyzMQyImh57otUe2Fas=
Subject key identifier: 91:41:F6:5D:C5:AF:AD:94:6A:17:90:3D:91:AF:04:1F:EF:EC:9D:E6
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01941FFA8704CE8939F7EF668A455D7D197A
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kUH2XcWvrZRqF5A9ka8EH-_sneY.roa
Signing time: Wed 01 Jan 2025 03:48:19 +0000
ROA not before: Wed 01 Jan 2025 03:48:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 95.82.8.0/21 maxlen: 24
95.82.16.0/20 maxlen: 24
109.111.52.0/22 maxlen: 24
176.221.20.0/23 maxlen: 24
176.221.22.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:87:04:ce:89:39:f7:ef:66:8a:45:5d:7d:19:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 1 03:48:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9141f65dc5afad946a17903d91af041fefec9de6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:fa:c4:59:32:3b:3d:4c:e6:0b:1a:4f:ee:e5:
96:11:e3:d0:5f:eb:25:8f:a2:fe:0d:17:a5:98:d4:
ac:59:11:d1:a0:d6:de:c7:09:8a:41:37:1b:a9:7f:
e0:dd:25:56:e1:3a:fb:ce:5f:3a:eb:9f:61:e1:8e:
b4:71:9f:52:6f:2a:e8:64:63:70:07:13:a8:45:81:
f4:62:fe:c3:c4:9c:cb:fd:3d:41:43:a7:67:0e:23:
d5:4e:d6:a5:3b:77:f6:10:6b:47:ca:ac:b5:68:a5:
75:e7:1b:e7:19:93:51:9b:b6:90:a4:3a:7f:45:21:
7e:75:d8:45:19:d4:35:77:23:3a:09:83:33:a0:cd:
52:90:8d:21:4e:2c:78:93:0b:8b:2e:82:c8:d8:c5:
78:ad:3c:68:4f:e1:8f:d4:e4:be:5a:5a:ca:6e:cb:
d3:7c:1e:c5:f1:b5:6c:33:e8:16:d5:61:ff:d4:ca:
ab:ec:45:78:6c:31:7b:97:e0:b5:1b:9c:66:d9:63:
22:93:18:0f:cb:db:3a:2b:cb:ac:95:c4:b7:93:28:
ac:f8:e1:28:c5:8f:17:0e:89:7a:5b:39:e7:d6:ca:
57:eb:83:08:ed:61:f9:a2:47:af:c9:7b:b4:ad:f4:
f0:7e:af:b5:63:df:01:7c:97:5b:eb:0c:cf:5a:bb:
be:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:41:F6:5D:C5:AF:AD:94:6A:17:90:3D:91:AF:04:1F:EF:EC:9D:E6
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kUH2XcWvrZRqF5A9ka8EH-_sneY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.8.0-95.82.31.255
109.111.52.0/22
176.221.20.0/22
Signature Algorithm: sha256WithRSAEncryption
67:06:8e:15:01:a9:fa:88:1e:84:0d:76:66:c3:fc:79:b2:d6:
e1:81:c2:7e:0f:7a:a3:bc:1c:a3:db:23:fd:5f:3e:e9:4b:2b:
17:89:28:10:73:18:3c:5a:3d:8e:cc:e1:97:a0:73:bd:c5:2b:
75:b7:4b:b7:46:d6:b1:1c:2a:3d:ae:45:d9:97:7f:4a:2c:29:
1b:2b:bb:6d:e8:04:1d:a9:50:26:06:20:1f:3d:2f:f4:3e:93:
43:6c:cb:f2:0e:67:4b:27:66:0a:68:46:56:8a:1c:25:9d:64:
1e:05:a7:9e:50:93:1d:71:34:b5:df:73:62:e4:3c:28:a2:b6:
3d:21:62:d0:94:e5:d0:52:23:64:2c:e7:45:30:d4:39:44:f3:
28:ea:a6:88:e4:25:29:f2:e0:22:4c:22:80:ef:0b:66:70:17:
0a:dc:fb:d2:44:ea:78:06:c4:61:2c:5c:40:ca:3a:dd:2d:39:
52:d1:9f:8d:84:69:60:46:2b:af:52:1b:65:da:fc:63:13:32:
f2:16:89:54:4f:e4:ae:63:4a:98:e4:c0:15:5c:91:d3:3b:2f:
7b:d3:3b:96:28:54:89:02:bc:e8:3e:14:c5:31:64:8b:88:2e:
89:81:90:25:ed:f6:a0:1c:7d:a7:b0:c6:97:18:ef:5f:d7:b4:
6c:e7:71:b0
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQf+ocEzok59+9mikVdfRl6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTQxZjY1ZGM1YWZhZDk0NmExNzkwM2Q5MWFmMDQxZmVmZWM5ZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5PrEWTI7PUzmCxpP7uWWEePQX+sl
j6L+DRelmNSsWRHRoNbexwmKQTcbqX/g3SVW4Tr7zl86659h4Y60cZ9SbyroZGNw
BxOoRYH0Yv7DxJzL/T1BQ6dnDiPVTtalO3f2EGtHyqy1aKV15xvnGZNRm7aQpDp/
RSF+ddhFGdQ1dyM6CYMzoM1SkI0hTix4kwuLLoLI2MV4rTxoT+GP1OS+WlrKbsvT
fB7F8bVsM+gW1WH/1Mqr7EV4bDF7l+C1G5xm2WMikxgPy9s6K8uslcS3kyis+OEo
xY8XDol6Wznn1spX64MI7WH5okevyXu0rfTwfq+1Y98BfJdb6wzPWru+rwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJFB9l3Fr62UaheQPZGvBB/v7J3mMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEva1VIMlhjV3ZyWlJxRjVBOWthOEVILV9zbmVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBANfUggD
BAVfUgADBAJtbzQDBAKw3RQwDQYJKoZIhvcNAQELBQADggEBAGcGjhUBqfqIHoQN
dmbD/Hmy1uGBwn4PeqO8HKPbI/1fPulLKxeJKBBzGDxaPY7M4Zegc73FK3W3S7dG
1rEcKj2uRdmXf0osKRsru23oBB2pUCYGIB89L/Q+k0Nsy/IOZ0snZgpoRlaKHCWd
ZB4Fp55Qkx1xNLXfc2LkPCiitj0hYtCU5dBSI2Qs50Uw1DlE8yjqpojkJSny4CJM
IoDvC2ZwFwrc+9JE6ngGxGEsXEDKOt0tOVLRn42EaWBGK69SG2Xa/GMTMvIWiVRP
5K5jSpjkwBVckdM7L3vTO5YoVIkCvOg+FMUxZIuILomBkCXt9qAcfaewxpcY71/X
tGzncbA=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:18:13 2025 by rpki-client