Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/soLoRvTCXdEbT-BKNzkVAYjcvfE.roa
File: soLoRvTCXdEbT-BKNzkVAYjcvfE.roa (raw, json)
Hash identifier: JfK/39OeGq8VRR4HDH7Jscx5BHXIuh5HBQKIKFN7M88=
Subject key identifier: B2:82:E8:46:F4:C2:5D:D1:1B:4F:E0:4A:37:39:15:01:88:DC:BD:F1
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018CF7FC10E554910C651FE93F6AA2772053
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/soLoRvTCXdEbT-BKNzkVAYjcvfE.roa
Signing time: Thu 11 Jan 2024 10:05:40 +0000
ROA not before: Thu 11 Jan 2024 10:05:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.8.0/21 maxlen: 24
185.65.62.0/24 maxlen: 24
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f7:fc:10:e5:54:91:0c:65:1f:e9:3f:6a:a2:77:20:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 11 10:05:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b282e846f4c25dd11b4fe04a3739150188dcbdf1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:c0:fc:de:29:dd:41:79:57:69:55:73:f8:41:
92:65:3a:e8:95:a6:19:ff:b6:d3:65:45:0f:46:4b:
6d:ee:82:cd:38:a1:ff:89:f0:45:92:c5:77:00:1e:
b5:2a:a3:7e:08:87:1c:c3:76:3d:2a:94:7b:4f:ab:
81:25:9a:9d:f3:e0:de:23:c9:11:4a:9e:67:df:3f:
be:98:b3:3c:f5:ab:3f:e7:74:80:93:e1:7b:fb:f4:
1b:9c:f4:59:87:c8:c5:ab:65:6c:3a:1d:e2:ad:9f:
0e:92:71:ac:6f:3f:e7:ba:15:4a:39:18:6e:a6:20:
73:cc:df:9e:25:9d:89:75:7e:d3:22:ea:32:92:d3:
49:f7:44:8a:a9:f5:95:d9:ae:ae:9e:63:ac:11:57:
70:36:9c:85:12:83:2a:30:62:ed:cd:b0:3f:bb:bc:
d6:3c:29:27:9b:54:87:dd:e4:19:50:93:1f:6a:17:
da:06:4f:b4:5d:b4:e7:46:15:fc:f7:2b:64:41:3d:
45:f4:f0:db:0a:27:e0:a9:4b:d5:be:63:de:fe:23:
b8:5f:41:1f:52:88:53:16:f7:38:a2:34:2b:40:09:
21:90:e3:25:61:1e:a3:0e:61:4a:96:c1:83:23:f8:
f1:05:b9:1f:a6:bd:4b:37:80:23:4b:23:7c:77:35:
17:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:82:E8:46:F4:C2:5D:D1:1B:4F:E0:4A:37:39:15:01:88:DC:BD:F1
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/soLoRvTCXdEbT-BKNzkVAYjcvfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.8.0/21
109.111.32.0/20
176.221.16.0/21
185.65.62.0/24
Signature Algorithm: sha256WithRSAEncryption
b7:49:e8:8f:9a:b4:eb:3e:aa:ae:55:5e:88:9f:26:8c:7f:8a:
8b:fd:7a:89:01:cd:9e:c8:ef:2b:62:65:79:5a:99:46:25:9e:
ec:15:f1:b3:6c:3b:1a:71:2b:b6:21:df:97:5c:d3:d3:e4:b4:
22:2b:09:a3:f5:e8:04:6c:de:a5:5f:b6:89:32:52:4c:1f:27:
bf:ae:b4:fe:1b:0d:a1:7b:16:ab:3c:43:f6:bb:f3:43:aa:3a:
7d:32:cb:5f:6c:e0:c9:44:59:da:b4:38:5f:65:d1:a9:43:f0:
a0:64:ba:25:ba:b2:62:2d:94:41:20:aa:cf:f9:34:6c:b1:38:
b3:dd:e6:aa:a2:af:fe:01:0d:ae:d2:2a:97:6f:6b:d6:c0:f0:
42:7b:92:3c:90:b9:a4:a0:92:3d:8c:c7:7b:b1:c3:e0:63:00:
73:56:66:53:b8:0e:e8:36:78:7f:6a:36:bc:a6:51:76:f3:59:
7c:d8:62:c2:0c:9f:e4:8f:8b:cc:89:7d:f2:1a:cd:ba:67:f0:
96:05:f7:bb:d3:d2:93:c1:41:2f:34:c7:c2:fd:54:4a:38:63:
0a:b8:6e:05:a9:cd:fe:24:e9:1e:3e:a6:ea:a4:4f:56:1c:b7:
dd:01:d3:15:aa:9d:f8:18:77:a4:55:55:97:bf:4b:61:8f:88:
3f:56:2d:17
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYz3/BDlVJEMZR/pP2qidyBTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTExMTAwNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjgyZTg0NmY0YzI1ZGQxMWI0ZmUwNGEzNzM5MTUwMTg4ZGNiZGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8D83indQXlXaVVz+EGSZTrolaYZ
/7bTZUUPRktt7oLNOKH/ifBFksV3AB61KqN+CIccw3Y9KpR7T6uBJZqd8+DeI8kR
Sp5n3z++mLM89as/53SAk+F7+/QbnPRZh8jFq2VsOh3irZ8OknGsbz/nuhVKORhu
piBzzN+eJZ2JdX7TIuoyktNJ90SKqfWV2a6unmOsEVdwNpyFEoMqMGLtzbA/u7zW
PCknm1SH3eQZUJMfahfaBk+0XbTnRhX89ytkQT1F9PDbCifgqUvVvmPe/iO4X0Ef
UohTFvc4ojQrQAkhkOMlYR6jDmFKlsGDI/jxBbkfpr1LN4AjSyN8dzUXEwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLKC6Eb0wl3RG0/gSjc5FQGI3L3xMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvc29Mb1J2VENYZEViVC1CS056a1ZBWWpjdmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCJYD4AwQD
X1IIAwQEbW8gAwQDsN0QAwQAuUE+MA0GCSqGSIb3DQEBCwUAA4IBAQC3SeiPmrTr
PqquVV6InyaMf4qL/XqJAc2eyO8rYmV5WplGJZ7sFfGzbDsacSu2Id+XXNPT5LQi
Kwmj9egEbN6lX7aJMlJMHye/rrT+Gw2hexarPEP2u/NDqjp9MstfbODJRFnatDhf
ZdGpQ/CgZLolurJiLZRBIKrP+TRssTiz3eaqoq/+AQ2u0iqXb2vWwPBCe5I8kLmk
oJI9jMd7scPgYwBzVmZTuA7oNnh/aja8plF281l82GLCDJ/kj4vMiX3yGs26Z/CW
Bfe709KTwUEvNMfC/VRKOGMKuG4Fqc3+JOkePqbqpE9WHLfdAdMVqp34GHekVVWX
v0thj4g/Vi0X
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:21:10 2025 by rpki-client