Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kyJ3cz21WxgIIcpZzIA1EKCdyo8.roa
File: kyJ3cz21WxgIIcpZzIA1EKCdyo8.roa (raw, json)
Hash identifier: lInFTk2jp8hdCH+d7hJsr8QRlLcM3r98rd3BMek6MWs=
Subject key identifier: 93:22:77:73:3D:B5:5B:18:08:21:CA:59:CC:80:35:10:A0:9D:CA:8F
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018E6957CB3D4233AB1B39983C912B0AD744
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kyJ3cz21WxgIIcpZzIA1EKCdyo8.roa
Signing time: Sat 23 Mar 2024 03:25:45 +0000
ROA not before: Sat 23 Mar 2024 03:25:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 14618
IP address blocks: 95.82.8.0/21 maxlen: 21
95.82.16.0/20 maxlen: 24
109.111.52.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:69:57:cb:3d:42:33:ab:1b:39:98:3c:91:2b:0a:d7:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Mar 23 03:25:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=932277733db55b180821ca59cc803510a09dca8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:f8:0c:4e:b1:67:84:79:e5:3d:bd:51:11:8a:
ef:61:2f:c5:41:a9:cd:93:b1:51:55:8d:ad:ca:22:
d4:8d:26:33:c6:20:c9:08:29:fb:26:91:4d:be:1d:
70:0d:2e:1a:90:b6:4b:96:57:d9:b7:32:37:ac:e2:
a8:fd:78:ea:23:6c:96:85:94:a8:c3:02:2f:4a:af:
ff:86:1e:e7:9e:bd:38:70:5d:85:e4:ac:6f:48:c3:
08:ee:9e:32:86:17:27:f0:b1:0e:e1:d0:bc:a5:bf:
1b:bb:53:ed:83:f2:b3:ad:1c:23:62:62:09:cf:88:
61:24:8b:d3:bc:ea:98:65:fa:60:dd:ca:67:ba:c6:
79:95:17:86:5f:39:80:30:62:31:76:a4:7a:77:1d:
e8:8a:03:60:e9:02:e6:6c:a7:b0:ee:82:a4:24:41:
6c:4a:46:83:1f:1b:df:bd:eb:45:d2:ca:32:28:77:
5b:0a:72:90:e4:74:fd:55:48:5f:1d:f9:ec:24:9e:
fc:3d:85:31:61:17:9d:12:d6:5f:ab:b8:dc:51:65:
67:de:7f:e4:a3:60:c0:74:d9:2a:ad:81:58:04:84:
c5:4d:57:42:ec:a7:f0:e2:bb:03:2b:80:40:e3:6a:
3e:d5:69:ec:a6:be:b5:a9:24:ed:5b:1b:6d:43:ce:
f8:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:22:77:73:3D:B5:5B:18:08:21:CA:59:CC:80:35:10:A0:9D:CA:8F
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/kyJ3cz21WxgIIcpZzIA1EKCdyo8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.8.0-95.82.31.255
109.111.52.0/22
Signature Algorithm: sha256WithRSAEncryption
87:8b:0e:47:13:e7:02:93:54:f6:51:ee:ff:fe:0c:18:91:cd:
c8:11:7d:d5:ea:6f:12:ee:3c:51:e4:1d:2b:8a:b3:dc:1a:0c:
70:4f:35:db:90:38:48:cc:74:59:36:f4:ca:e2:ff:53:18:46:
1b:10:9b:37:03:d1:72:40:2b:4a:93:95:da:c2:3b:ce:18:5e:
54:c8:86:4c:cc:13:93:4f:e5:bb:0a:0e:d1:bd:5b:05:61:fd:
c3:61:2a:3a:08:db:3b:95:28:ce:8c:d8:37:5b:90:3e:ba:21:
53:c5:bc:f4:3e:6d:39:64:c1:26:1a:c3:80:c0:7d:76:d4:de:
d8:2b:b2:75:50:a4:0b:b9:f4:c5:1d:ef:fb:cd:fc:3a:9b:6c:
40:ef:60:0e:77:09:6c:91:4f:bd:98:af:e1:2b:94:a0:96:40:
1a:ac:1f:94:57:d0:7c:e9:6a:61:4b:f9:e9:ec:a5:b6:80:84:
78:02:c9:8d:1d:60:0b:87:36:9a:1d:0b:8e:c3:8a:a6:46:d4:
d2:8c:ab:e9:ef:2c:9b:1b:7a:e4:50:e7:0d:9d:6d:a8:9d:62:
16:8f:64:11:3b:49:69:eb:99:ae:fa:76:04:f0:6e:40:69:a3:
b1:58:cb:ea:ec:ab:56:0c:a5:59:03:8d:fa:3d:2a:1c:32:77:
49:e4:9f:56
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY5pV8s9QjOrGzmYPJErCtdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMzIzMDMyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzIyNzc3MzNkYjU1YjE4MDgyMWNhNTljYzgwMzUxMGEwOWRjYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPgMTrFnhHnlPb1REYrvYS/FQanN
k7FRVY2tyiLUjSYzxiDJCCn7JpFNvh1wDS4akLZLllfZtzI3rOKo/XjqI2yWhZSo
wwIvSq//hh7nnr04cF2F5KxvSMMI7p4yhhcn8LEO4dC8pb8bu1Ptg/KzrRwjYmIJ
z4hhJIvTvOqYZfpg3cpnusZ5lReGXzmAMGIxdqR6dx3oigNg6QLmbKew7oKkJEFs
SkaDHxvfvetF0soyKHdbCnKQ5HT9VUhfHfnsJJ78PYUxYRedEtZfq7jcUWVn3n/k
o2DAdNkqrYFYBITFTVdC7Kfw4rsDK4BA42o+1Wnspr61qSTtWxttQ874UwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJMid3M9tVsYCCHKWcyANRCgncqPMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEva3lKM2N6MjFXeGdJSWNwWnpJQTFFS0NkeW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBANfUggD
BAVfUgADBAJtbzQwDQYJKoZIhvcNAQELBQADggEBAIeLDkcT5wKTVPZR7v/+DBiR
zcgRfdXqbxLuPFHkHSuKs9waDHBPNduQOEjMdFk29Mri/1MYRhsQmzcD0XJAK0qT
ldrCO84YXlTIhkzME5NP5bsKDtG9WwVh/cNhKjoI2zuVKM6M2DdbkD66IVPFvPQ+
bTlkwSYaw4DAfXbU3tgrsnVQpAu59MUd7/vN/DqbbEDvYA53CWyRT72Yr+ErlKCW
QBqsH5RX0HzpamFL+enspbaAhHgCyY0dYAuHNpodC47DiqZG1NKMq+nvLJsbeuRQ
5w2dbaidYhaPZBE7SWnrma76dgTwbkBpo7FYy+rsq1YMpVkDjfo9Khwyd0nkn1Y=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:14:35 2025 by rpki-client