Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/l0GOPE2S41z20lTnfDfvWphsTUc.roa
File: l0GOPE2S41z20lTnfDfvWphsTUc.roa (raw, json)
Hash identifier: Tg1eyUk86QPWtgBXziJmt1NOBtC1gA2yN2FsnfTkRhg=
Subject key identifier: 97:41:8E:3C:4D:92:E3:5C:F6:D2:54:E7:7C:37:EF:5A:98:6C:4D:47
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018FCF184EE7C081A002F763C77EBC1EBCC1
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/l0GOPE2S41z20lTnfDfvWphsTUc.roa
Signing time: Fri 31 May 2024 14:40:27 +0000
ROA not before: Fri 31 May 2024 14:40:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:cf:18:4e:e7:c0:81:a0:02:f7:63:c7:7e:bc:1e:bc:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: May 31 14:40:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=97418e3c4d92e35cf6d254e77c37ef5a986c4d47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:19:17:74:84:e5:a8:da:e1:6c:cd:11:e7:ec:
0a:01:d4:df:36:23:05:5c:56:35:5c:94:dc:e0:37:
0b:e7:bf:a7:e0:d7:2a:86:91:48:41:fa:61:97:9f:
b0:99:57:3d:cc:c9:b5:1b:b2:7a:1d:fb:a1:d8:46:
32:c2:18:3b:06:28:c0:7d:76:86:c2:33:73:c3:27:
4d:70:47:8a:cd:aa:a0:bb:46:75:f0:54:40:3f:50:
f0:8b:e5:2f:ef:5d:42:5f:11:6e:1c:a4:3c:db:6b:
3f:5d:64:a9:84:24:57:81:41:6c:db:ce:be:ca:a7:
7b:ea:80:65:e6:9e:25:90:29:6b:05:8c:88:79:94:
30:f0:9e:21:1d:a2:e4:50:94:eb:f0:4d:d1:27:fd:
a2:18:f0:9c:0e:8b:30:c8:5c:c5:1f:0c:2f:09:37:
5e:7e:8e:07:f2:5a:75:16:01:28:43:b9:ac:97:32:
5e:2d:44:c6:f8:ac:b2:62:55:16:30:92:e6:14:02:
c1:fb:8f:da:31:be:3d:ae:2e:1d:51:cb:7b:78:df:
95:15:af:12:87:0e:b2:e3:ae:19:b0:a5:b4:dd:a3:
12:26:7a:f2:b2:8f:5c:69:c7:b9:2f:b4:b6:2d:ab:
53:e7:f1:2c:a4:d8:bf:ed:bf:f4:14:e6:29:73:78:
5a:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:41:8E:3C:4D:92:E3:5C:F6:D2:54:E7:7C:37:EF:5A:98:6C:4D:47
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/l0GOPE2S41z20lTnfDfvWphsTUc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
109.111.32.0/20
176.221.16.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
59:6d:df:6c:26:a4:70:be:c9:f5:b2:7c:e7:f3:d6:f0:f2:be:
69:b2:82:77:0d:73:5c:6f:e3:5a:6c:af:3c:b7:79:97:58:09:
75:94:b7:03:78:0d:e6:17:6a:ec:47:a6:c8:3c:d8:fa:84:29:
33:54:c5:00:75:3e:57:1c:c2:97:d3:25:06:9f:f2:38:c8:1d:
bf:c5:a3:d2:d0:7b:92:17:61:b1:2c:71:20:02:9b:c3:8b:23:
af:b7:d7:89:38:7f:80:20:65:e1:f5:8f:f2:2d:09:ec:1a:25:
ec:28:36:3c:f9:27:2c:86:5a:5a:2b:62:ec:e4:7a:9f:4c:61:
3d:86:e5:5a:16:9a:b2:27:f6:22:24:24:7d:7b:02:b5:8d:d4:
3b:bb:2f:4f:c8:6b:10:15:a5:54:d1:a2:5e:f8:f2:21:f2:dd:
4c:50:eb:a6:de:ef:39:cd:0c:b8:1c:3c:ea:e3:c6:df:e7:6d:
12:14:74:9a:2a:2c:8c:54:60:23:1f:28:71:37:94:2e:f0:9a:
b2:3f:a4:47:43:79:86:48:f0:8e:28:8b:85:b7:6c:5e:90:b2:
ed:74:13:ce:22:90:48:e7:86:a2:29:12:d3:ac:f5:b2:31:6b:
a4:25:34:cf:85:7b:38:a2:22:1f:5f:e0:c4:d3:2a:97:6d:f5:
c3:96:d5:77
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAY/PGE7nwIGgAvdjx368HrzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNTMxMTQ0MDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzQxOGUzYzRkOTJlMzVjZjZkMjU0ZTc3YzM3ZWY1YTk4NmM0ZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBkXdITlqNrhbM0R5+wKAdTfNiMF
XFY1XJTc4DcL57+n4NcqhpFIQfphl5+wmVc9zMm1G7J6Hfuh2EYywhg7BijAfXaG
wjNzwydNcEeKzaqgu0Z18FRAP1Dwi+Uv711CXxFuHKQ822s/XWSphCRXgUFs286+
yqd76oBl5p4lkClrBYyIeZQw8J4hHaLkUJTr8E3RJ/2iGPCcDoswyFzFHwwvCTde
fo4H8lp1FgEoQ7mslzJeLUTG+KyyYlUWMJLmFALB+4/aMb49ri4dUct7eN+VFa8S
hw6y464ZsKW03aMSJnryso9cace5L7S2LatT5/EspNi/7b/0FOYpc3haxQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFJdBjjxNkuNc9tJU53w371qYbE1HMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvbDBHT1BFMlM0MXoyMGxUbmZEZnZXcGhzVFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCJYD4AwQE
X1IAAwQEbW8gMAwDBASw3RADBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAFlt32wm
pHC+yfWyfOfz1vDyvmmygncNc1xv41psrzy3eZdYCXWUtwN4DeYXauxHpsg82PqE
KTNUxQB1PlccwpfTJQaf8jjIHb/Fo9LQe5IXYbEscSACm8OLI6+314k4f4AgZeH1
j/ItCewaJewoNjz5JyyGWlorYuzkep9MYT2G5VoWmrIn9iIkJH17ArWN1Du7L0/I
axAVpVTRol748iHy3UxQ66be7znNDLgcPOrjxt/nbRIUdJoqLIxUYCMfKHE3lC7w
mrI/pEdDeYZI8I4oi4W3bF6Qsu10E84ikEjnhqIpEtOs9bIxa6QlNM+FeziiIh9f
4MTTKpdt9cOW1Xc=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:21:07 2025 by rpki-client