Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/omYoKkSV1uqUF03iXLERDdtDtP8.roa
File: omYoKkSV1uqUF03iXLERDdtDtP8.roa (raw, json)
Hash identifier: LM4yqwpaCUAqiaeTu4yszAxrMZOTFxeldZTuQHuck8Y=
Subject key identifier: A2:66:28:2A:44:95:D6:EA:94:17:4D:E2:5C:B1:11:0D:DB:43:B4:FF
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01911629829B5564FFEDC72D1BAA698FEC1F
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/omYoKkSV1uqUF03iXLERDdtDtP8.roa
Signing time: Sat 03 Aug 2024 02:55:04 +0000
ROA not before: Sat 03 Aug 2024 02:55:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.34.0/23 maxlen: 24
109.111.40.0/22 maxlen: 24
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:16:29:82:9b:55:64:ff:ed:c7:2d:1b:aa:69:8f:ec:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Aug 3 02:55:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a266282a4495d6ea94174de25cb1110ddb43b4ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:b7:11:72:6a:a1:02:3e:40:76:67:c5:bc:e5:
8a:2f:7c:4c:5a:c9:b0:93:9b:60:99:8c:23:bd:fb:
ff:f8:96:7c:46:e5:37:ec:f3:41:bb:57:64:47:65:
10:b6:e3:2b:7d:cd:51:46:d3:3e:ba:b6:01:3e:74:
9c:21:86:48:f0:33:ca:de:d8:d1:a6:90:80:85:fd:
9c:e8:b9:19:f2:de:3e:b5:4d:6f:af:94:4d:14:09:
4b:28:bb:c6:a5:32:31:64:8e:a6:a2:08:03:b7:a2:
7b:56:f8:3d:a3:05:a4:02:ec:85:b3:18:f8:30:c6:
1a:da:1b:ec:d9:53:c6:9e:06:f4:df:a4:64:10:06:
d3:3f:d2:27:4d:80:e4:4f:1b:34:45:00:d5:c0:60:
5b:9d:04:f2:ed:cc:a7:f9:40:47:5d:02:d8:a0:c3:
d5:af:65:20:a5:15:ac:d8:81:d6:2a:34:c0:a4:4b:
6b:76:c3:1b:59:a2:44:7b:52:35:c7:46:c1:cd:36:
b5:67:8e:79:b4:36:0a:9a:25:6d:98:44:12:12:ab:
0d:a6:70:82:81:b6:fc:6d:08:60:c8:a6:86:2f:05:
e3:e0:7d:14:99:29:4d:c4:d9:71:16:8f:3e:b4:a6:
37:b1:36:64:0e:c4:7b:6b:0d:db:c7:2a:04:39:a4:
86:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:66:28:2A:44:95:D6:EA:94:17:4D:E2:5C:B1:11:0D:DB:43:B4:FF
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/omYoKkSV1uqUF03iXLERDdtDtP8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/20
109.111.32.0/20
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
04:b5:a9:ec:93:b8:8e:ac:9a:0e:a5:e2:7e:2b:7c:c2:f8:73:
f9:95:31:91:9c:3c:b2:2e:33:b8:46:b3:f1:68:83:31:63:b4:
d0:3c:d1:f9:6c:75:61:b0:be:8c:49:f8:6a:8e:76:43:a3:09:
3b:2d:de:9d:b9:7d:03:f9:c3:b0:93:fb:9b:1f:34:29:ad:e4:
58:b4:f2:28:5e:df:8d:53:9a:43:0e:e2:01:ac:bf:31:98:03:
11:84:2f:bc:ae:b7:72:60:f8:eb:71:b1:3d:ef:26:2b:bc:f0:
16:27:18:3d:53:88:aa:2f:a0:2c:74:71:03:aa:6a:d3:59:43:
3e:e4:0f:0a:f0:df:7e:31:98:97:94:9e:80:b6:7b:d5:72:a1:
9a:2b:1a:f9:32:30:24:b3:07:36:45:36:ff:8e:45:65:7f:d3:
89:34:f3:14:cf:52:db:93:81:f1:d5:26:f2:6a:60:e8:90:b1:
dd:15:1b:f6:5f:d7:57:f7:4d:78:b5:30:a9:53:54:3e:7f:7d:
14:4c:f0:37:46:1a:4b:66:79:37:d2:38:bb:46:88:17:54:8b:
ef:c5:6e:f6:62:9b:e1:f1:87:d4:15:d4:be:ea:ac:97:e9:af:
23:c0:55:0b:be:ae:a9:4c:84:98:99:9c:ef:4c:46:e9:9b:17:
a4:2f:3a:d1
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZEWKYKbVWT/7cctG6ppj+wfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwODAzMDI1NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjY2MjgyYTQ0OTVkNmVhOTQxNzRkZTI1Y2IxMTEwZGRiNDNiNGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLcRcmqhAj5AdmfFvOWKL3xMWsmw
k5tgmYwjvfv/+JZ8RuU37PNBu1dkR2UQtuMrfc1RRtM+urYBPnScIYZI8DPK3tjR
ppCAhf2c6LkZ8t4+tU1vr5RNFAlLKLvGpTIxZI6moggDt6J7Vvg9owWkAuyFsxj4
MMYa2hvs2VPGngb036RkEAbTP9InTYDkTxs0RQDVwGBbnQTy7cyn+UBHXQLYoMPV
r2UgpRWs2IHWKjTApEtrdsMbWaJEe1I1x0bBzTa1Z455tDYKmiVtmEQSEqsNpnCC
gbb8bQhgyKaGLwXj4H0UmSlNxNlxFo8+tKY3sTZkDsR7aw3bxyoEOaSGSQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKJmKCpEldbqlBdN4lyxEQ3bQ7T/MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvb21Zb0trU1YxdXFVRjAzaVhMRVJEZHREdFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEX1IAAwQE
bW8gMAwDBAKw3RQDBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAAS1qeyTuI6smg6l
4n4rfML4c/mVMZGcPLIuM7hGs/FogzFjtNA80flsdWGwvoxJ+GqOdkOjCTst3p25
fQP5w7CT+5sfNCmt5Fi08ihe341TmkMO4gGsvzGYAxGEL7yut3Jg+OtxsT3vJiu8
8BYnGD1TiKovoCx0cQOqatNZQz7kDwrw334xmJeUnoC2e9VyoZorGvkyMCSzBzZF
Nv+ORWV/04k08xTPUtuTgfHVJvJqYOiQsd0VG/Zf11f3TXi1MKlTVD5/fRRM8DdG
GktmeTfSOLtGiBdUi+/FbvZim+Hxh9QV1L7qrJfpryPAVQu+rqlMhJiZnO9MRumb
F6QvOtE=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:26:34 2025 by rpki-client