Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/q_X2oV8DniMiAFShTjhuBbelLE0.roa
File: q_X2oV8DniMiAFShTjhuBbelLE0.roa (raw, json)
Hash identifier: Wa7zaTrSIGmZnjFWb0O9CllEgwa4he2ao2G2LHrGor8=
Subject key identifier: AB:F5:F6:A1:5F:03:9E:23:22:00:54:A1:4E:38:6E:05:B7:A5:2C:4D
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018DB49A84A196484EA288FC6EF274501F14
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/q_X2oV8DniMiAFShTjhuBbelLE0.roa
Signing time: Sat 17 Feb 2024 01:07:21 +0000
ROA not before: Sat 17 Feb 2024 01:07:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/20 maxlen: 20
95.82.0.0/21 maxlen: 24
95.82.8.0/21 maxlen: 24
95.82.32.0/21 maxlen: 21
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:b4:9a:84:a1:96:48:4e:a2:88:fc:6e:f2:74:50:1f:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Feb 17 01:07:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=abf5f6a15f039e23220054a14e386e05b7a52c4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:b5:4f:19:ce:31:97:dc:47:9a:16:9c:0c:5d:
52:7b:40:de:1b:b3:16:de:24:1c:8d:0f:6a:f3:6d:
b9:dc:3b:90:8f:12:71:29:ee:fa:7c:cf:f4:37:1a:
7b:d7:8d:d9:39:bf:b7:31:d4:59:c4:99:60:fc:50:
f0:27:52:96:aa:92:54:e9:ec:37:ff:33:96:53:fd:
f9:03:46:d2:99:61:93:a6:ff:68:54:a9:1f:80:69:
7d:4f:87:f2:45:1c:40:a1:81:7d:52:39:6c:e1:9b:
fa:2a:2c:3b:67:26:1e:a5:ea:23:de:5f:da:71:d6:
8d:cc:7b:65:6a:d5:e5:e8:21:98:24:b0:ea:a7:12:
13:ab:4f:51:9c:f3:ae:03:27:56:a3:25:ad:11:c9:
ff:58:9e:f2:49:3b:4d:c2:40:a6:63:c3:d4:de:15:
ec:e5:e7:f2:f3:38:a6:69:9c:49:4b:6b:c0:cb:1b:
7d:f5:a5:ea:de:d4:b7:55:65:05:8e:81:86:86:94:
e3:4c:18:f2:11:8d:70:db:30:79:7b:3f:cb:c5:60:
d5:2e:e9:2f:15:75:f4:f0:c8:63:6e:43:9f:c9:89:
e1:d1:1d:80:65:6c:63:2c:12:62:1d:15:d5:36:32:
34:cf:45:1e:ee:1d:05:16:2c:f7:7c:e5:3f:ea:f7:
2c:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:F5:F6:A1:5F:03:9E:23:22:00:54:A1:4E:38:6E:05:B7:A5:2C:4D
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/q_X2oV8DniMiAFShTjhuBbelLE0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
95.82.32.0/21
109.111.32.0/20
176.221.16.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
95:bf:0c:6c:db:af:43:cc:45:ea:c4:2d:5b:13:6f:eb:42:32:
12:f5:07:06:10:d7:de:8c:21:b2:a6:0b:61:24:d9:b1:d2:81:
5d:41:44:59:fd:1d:51:6d:2c:dd:4b:28:d4:41:24:3e:da:74:
c2:18:56:bd:5f:53:8d:6b:5f:b9:f6:33:20:66:5f:d6:44:c4:
b7:4c:5a:18:4c:f1:1e:2c:c8:dc:f7:8d:55:83:78:7c:af:b8:
d7:99:71:40:f0:d0:9e:bf:e1:0f:4a:8a:cc:e3:cf:5c:0d:b2:
8f:e3:86:81:a1:f9:14:72:07:d1:2c:aa:4c:bc:85:f4:08:56:
13:ed:33:a0:ec:20:4a:19:54:b5:db:a0:d9:29:c9:36:a7:d1:
7d:b9:7c:10:88:73:55:65:a5:f6:d2:04:24:26:8f:96:d9:15:
d3:96:83:c6:2c:39:d2:58:84:ed:7d:c5:f1:e9:b4:57:02:08:
06:ef:96:e9:ac:16:f4:d1:d9:7d:c4:6c:ce:ec:bc:da:71:98:
eb:97:20:56:e5:7a:fb:d6:a0:21:12:c3:e4:69:c4:0b:e4:00:
4d:82:4c:1f:82:91:0e:cc:e3:cf:b8:3c:52:9c:7e:41:36:f4:
0d:f7:5e:7e:fe:59:0e:b0:57:72:fd:ad:8c:a7:12:35:a7:e1:
1a:97:90:af
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAY20moShlkhOooj8bvJ0UB8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMjE3MDEwNzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmY1ZjZhMTVmMDM5ZTIzMjIwMDU0YTE0ZTM4NmUwNWI3YTUyYzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrVPGc4xl9xHmhacDF1Se0DeG7MW
3iQcjQ9q82253DuQjxJxKe76fM/0Nxp7143ZOb+3MdRZxJlg/FDwJ1KWqpJU6ew3
/zOWU/35A0bSmWGTpv9oVKkfgGl9T4fyRRxAoYF9Ujls4Zv6Kiw7ZyYepeoj3l/a
cdaNzHtlatXl6CGYJLDqpxITq09RnPOuAydWoyWtEcn/WJ7ySTtNwkCmY8PU3hXs
5efy8zimaZxJS2vAyxt99aXq3tS3VWUFjoGGhpTjTBjyEY1w2zB5ez/LxWDVLukv
FXX08MhjbkOfyYnh0R2AZWxjLBJiHRXVNjI0z0Ue7h0FFiz3fOU/6vcsaQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFKv19qFfA54jIgBUoU44bgW3pSxNMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvcV9YMm9WOERuaU1pQUZTaFRqaHVCYmVsTEUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCJYD4AwQE
X1IAAwQDX1IgAwQEbW8gMAwDBASw3RADBAKw3RgwDQYJKoZIhvcNAQELBQADggEB
AJW/DGzbr0PMRerELVsTb+tCMhL1BwYQ196MIbKmC2Ek2bHSgV1BRFn9HVFtLN1L
KNRBJD7adMIYVr1fU41rX7n2MyBmX9ZExLdMWhhM8R4syNz3jVWDeHyvuNeZcUDw
0J6/4Q9Kiszjz1wNso/jhoGh+RRyB9Esqky8hfQIVhPtM6DsIEoZVLXboNkpyTan
0X25fBCIc1VlpfbSBCQmj5bZFdOWg8YsOdJYhO19xfHptFcCCAbvlumsFvTR2X3E
bM7svNpxmOuXIFblevvWoCESw+RpxAvkAE2CTB+CkQ7M48+4PFKcfkE29A33Xn7+
WQ6wV3L9rYynEjWn4RqXkK8=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:22:12 2025 by rpki-client