Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/sGVwMPNaphqgDzKU5onxKqAgW00.roa
File: sGVwMPNaphqgDzKU5onxKqAgW00.roa (raw, json)
Hash identifier: UkW9S1iymCYOMsyRxs7vi5lIeWrsniI3rc16LLCw8ss=
Subject key identifier: B0:65:70:30:F3:5A:A6:1A:A0:0F:32:94:E6:89:F1:2A:A0:20:5B:4D
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018B964F86D9597E50069F722196C2ECB4E9
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/sGVwMPNaphqgDzKU5onxKqAgW00.roa
Signing time: Fri 03 Nov 2023 17:51:16 +0000
ROA not before: Fri 03 Nov 2023 17:51:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
95.82.8.0/21 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.24.0/21 maxlen: 21
176.221.28.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:96:4f:86:d9:59:7e:50:06:9f:72:21:96:c2:ec:b4:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Nov 3 17:51:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b0657030f35aa61aa00f3294e689f12aa0205b4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:c3:8b:e1:62:7d:ed:9f:59:5e:8d:20:0d:3f:
17:0b:b0:47:50:27:33:5a:e5:96:74:21:5c:ee:c3:
89:fa:cb:c5:16:db:9b:9a:f0:41:dc:41:ba:08:0d:
4b:32:40:9f:1f:9a:87:01:a3:13:5d:e3:f1:da:6d:
32:c6:42:9f:24:61:f8:25:c5:79:bf:75:d9:05:a0:
28:6a:90:c7:fe:a1:b0:d9:89:4a:ea:fe:f1:d3:3c:
07:97:de:04:2a:9a:07:9d:69:14:06:8b:cd:06:45:
2b:f1:75:a6:1b:d6:2b:64:cf:3b:a6:3c:0f:ac:1c:
21:b3:cd:b4:52:dd:3c:40:51:1f:a5:85:55:a2:63:
70:1d:5a:a3:a0:7f:77:42:dd:2d:43:3b:ec:29:bc:
6b:1c:3c:d9:51:f7:81:a7:e7:06:38:9c:cc:c6:83:
52:d5:35:bf:ae:38:6e:1b:0a:da:ea:67:da:12:ce:
73:52:45:75:59:ca:43:a8:05:f8:3a:f5:7a:b3:21:
de:eb:48:22:e2:34:ec:93:a4:b8:3e:32:65:ae:a4:
f7:eb:9f:4d:fa:b6:0d:0e:1c:e0:d0:0a:38:5f:3c:
5d:33:98:27:43:35:6b:39:f9:ab:8d:3d:95:c6:87:
2c:e2:55:8e:dc:5a:c1:9c:b5:d2:af:90:5b:62:0b:
39:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:65:70:30:F3:5A:A6:1A:A0:0F:32:94:E6:89:F1:2A:A0:20:5B:4D
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/sGVwMPNaphqgDzKU5onxKqAgW00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
176.221.16.0/20
Signature Algorithm: sha256WithRSAEncryption
4e:75:d8:e9:a5:8c:51:25:26:22:28:a2:00:bf:2c:d7:c9:a8:
82:34:3c:6d:5e:30:f0:65:24:71:99:4a:25:8a:09:c9:95:6b:
93:b6:4a:22:72:d8:49:2d:fa:08:ab:c4:fe:be:0a:b5:42:f5:
00:b4:32:24:98:8b:75:63:84:ed:0d:ae:e2:00:5e:36:a5:5e:
ec:74:14:00:62:11:37:2c:d8:c4:58:4d:4a:bc:b7:6b:3c:2f:
79:a1:7e:5b:85:a5:7c:fb:44:bf:fb:0e:9b:bb:d1:d0:db:8a:
e1:8a:33:ea:e4:18:88:c2:7d:89:8f:f0:18:e9:02:54:10:30:
4e:66:55:76:b5:89:09:9f:1c:c9:21:2e:21:8d:5f:91:96:d4:
4f:fa:83:4f:21:45:0c:54:6d:1f:63:36:1a:21:9b:26:15:77:
fd:4e:9c:a9:b4:74:fc:46:1d:bd:b0:fa:ce:92:47:f1:ef:9c:
5a:79:19:aa:aa:d7:2e:2c:b1:3e:24:ce:fc:0e:91:f4:d6:f0:
b2:25:d7:98:52:14:0b:eb:16:b2:cf:63:84:84:c0:d1:e1:4b:
d8:7d:2e:46:9a:bf:a3:cf:9b:09:aa:a1:f7:cc:ff:ae:90:24:
62:6f:7d:eb:67:fa:76:c0:cb:67:d8:b8:ad:6f:8d:dc:74:0d:
3f:a7:40:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYuWT4bZWX5QBp9yIZbC7LTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMxMTAzMTc1MTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDY1NzAzMGYzNWFhNjFhYTAwZjMyOTRlNjg5ZjEyYWEwMjA1YjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8OL4WJ97Z9ZXo0gDT8XC7BHUCcz
WuWWdCFc7sOJ+svFFtubmvBB3EG6CA1LMkCfH5qHAaMTXePx2m0yxkKfJGH4JcV5
v3XZBaAoapDH/qGw2YlK6v7x0zwHl94EKpoHnWkUBovNBkUr8XWmG9YrZM87pjwP
rBwhs820Ut08QFEfpYVVomNwHVqjoH93Qt0tQzvsKbxrHDzZUfeBp+cGOJzMxoNS
1TW/rjhuGwra6mfaEs5zUkV1WcpDqAX4OvV6syHe60gi4jTsk6S4PjJlrqT3659N
+rYNDhzg0Ao4XzxdM5gnQzVrOfmrjT2Vxocs4lWO3FrBnLXSr5BbYgs5WQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLBlcDDzWqYaoA8ylOaJ8SqgIFtNMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvc0dWd01QTmFwaHFnRHpLVTVvbnhLcUFnVzAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCJYD4AwQE
X1IAAwQEsN0QMA0GCSqGSIb3DQEBCwUAA4IBAQBOddjppYxRJSYiKKIAvyzXyaiC
NDxtXjDwZSRxmUolignJlWuTtkoicthJLfoIq8T+vgq1QvUAtDIkmIt1Y4TtDa7i
AF42pV7sdBQAYhE3LNjEWE1KvLdrPC95oX5bhaV8+0S/+w6bu9HQ24rhijPq5BiI
wn2Jj/AY6QJUEDBOZlV2tYkJnxzJIS4hjV+RltRP+oNPIUUMVG0fYzYaIZsmFXf9
TpyptHT8Rh29sPrOkkfx75xaeRmqqtcuLLE+JM78DpH01vCyJdeYUhQL6xayz2OE
hMDR4UvYfS5Gmr+jz5sJqqH3zP+ukCRib33rZ/p2wMtn2Litb43cdA0/p0Cf
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:28:21 2025 by rpki-client