Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/t04xoltCl23rFTmxty7-SL_tLg0.roa
File: t04xoltCl23rFTmxty7-SL_tLg0.roa (raw, json)
Hash identifier: u8pRW0OWs3V1pMJ0U0N3bVspxWJEWmnzOCtffWwu5U0=
Subject key identifier: B7:4E:31:A2:5B:42:97:6D:EB:15:39:B1:B7:2E:FE:48:BF:ED:2E:0D
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0192CC1FECAE310E603F421CB08796277BE5
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/t04xoltCl23rFTmxty7-SL_tLg0.roa
Signing time: Sun 27 Oct 2024 03:58:17 +0000
ROA not before: Sun 27 Oct 2024 03:58:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.34.0/23 maxlen: 24
109.111.40.0/22 maxlen: 24
109.111.42.0/23 maxlen: 24
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:cc:1f:ec:ae:31:0e:60:3f:42:1c:b0:87:96:27:7b:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Oct 27 03:58:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b74e31a25b42976deb1539b1b72efe48bfed2e0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:41:e2:3f:2b:65:9d:23:e8:09:07:55:6e:4c:
bb:29:e2:0e:8d:b1:dd:84:59:bd:c2:99:a3:78:3f:
45:9b:64:0a:dd:12:cd:db:6e:2b:12:9e:da:99:a9:
7b:db:87:99:e3:8b:53:80:f2:78:58:c2:da:63:b5:
ce:9b:4c:22:2e:1c:36:58:b9:2c:9e:9c:06:64:84:
8d:38:96:2d:2d:57:a2:f2:9f:4c:ef:d6:3e:ef:eb:
d0:da:fe:ad:c8:ae:95:1f:90:87:c5:34:98:0b:a0:
2b:29:82:81:0c:8b:82:36:33:a8:9c:e8:c1:59:1b:
93:99:a2:36:e1:ee:9a:c0:1c:ea:ee:ef:23:50:9c:
30:2e:da:8c:ca:e4:9e:4b:72:aa:8c:a1:89:c0:fd:
6f:e6:b3:6c:e4:5f:89:c3:73:37:2c:84:71:74:76:
ce:03:4d:da:46:ab:a2:14:eb:ae:a5:a8:c7:bb:d7:
6b:b7:21:f1:95:1f:93:aa:f7:84:5c:25:51:ac:ab:
f3:10:75:ca:28:3c:cd:94:8a:c5:b8:e9:c6:2a:14:
9e:11:b7:94:50:5a:9a:82:4b:6a:54:fe:96:c8:dc:
c3:51:cb:8a:04:5c:40:eb:1d:11:b4:3a:ea:8b:f0:
32:a6:ea:e5:7a:45:e2:da:89:bd:3e:19:1c:b4:9d:
d9:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:4E:31:A2:5B:42:97:6D:EB:15:39:B1:B7:2E:FE:48:BF:ED:2E:0D
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/t04xoltCl23rFTmxty7-SL_tLg0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/20
109.111.32.0/20
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
11:91:c8:47:b3:88:ba:6a:f2:ac:18:6d:23:80:cf:5c:e8:27:
97:55:59:96:57:98:5b:f9:57:b4:67:15:8b:06:c9:2d:05:39:
66:ba:6f:8e:d6:b8:2f:95:bd:9a:62:07:b6:3c:78:81:17:8b:
8b:cf:b0:69:fb:53:2a:d6:a8:b2:f2:73:ac:40:33:d7:f7:a1:
e1:00:a6:ef:28:02:be:5f:ab:38:2c:7d:0d:88:96:9b:1c:85:
f6:fd:ac:5e:de:4b:8f:86:d6:0d:e6:3f:26:82:42:4b:b1:fc:
65:f7:f3:82:a0:ab:d8:7b:2d:77:bc:9b:b4:16:fc:e6:ac:c5:
aa:a3:a8:52:b8:c8:69:70:31:ef:d0:a5:18:e1:b4:43:42:5f:
40:76:3c:b9:b4:e9:b0:39:34:7d:5f:fb:0b:48:96:9b:6d:1e:
c8:27:d9:6c:c1:e0:30:84:a6:2c:e9:0d:e6:fd:91:a2:0f:2a:
31:66:88:90:c7:57:e2:f4:6c:03:b3:fa:21:0f:14:ce:11:ec:
0b:e2:0a:39:b8:30:86:7f:ee:52:3a:96:b0:75:fe:63:b2:74:
23:4f:d9:f1:2e:17:57:81:b1:6d:e9:04:c6:7c:bc:06:fb:8c:
1d:cb:5e:33:91:0f:8d:99:f4:6d:c2:86:b4:f5:d1:e2:cd:91:
c8:b0:10:21
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZLMH+yuMQ5gP0IcsIeWJ3vlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQxMDI3MDM1ODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRlMzFhMjViNDI5NzZkZWIxNTM5YjFiNzJlZmU0OGJmZWQyZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kHiPytlnSPoCQdVbky7KeIOjbHd
hFm9wpmjeD9Fm2QK3RLN224rEp7amal724eZ44tTgPJ4WMLaY7XOm0wiLhw2WLks
npwGZISNOJYtLVei8p9M79Y+7+vQ2v6tyK6VH5CHxTSYC6ArKYKBDIuCNjOonOjB
WRuTmaI24e6awBzq7u8jUJwwLtqMyuSeS3KqjKGJwP1v5rNs5F+Jw3M3LIRxdHbO
A03aRquiFOuupajHu9drtyHxlR+TqveEXCVRrKvzEHXKKDzNlIrFuOnGKhSeEbeU
UFqagktqVP6WyNzDUcuKBFxA6x0RtDrqi/AypurlekXi2om9PhkctJ3ZuwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLdOMaJbQpdt6xU5sbcu/ki/7S4NMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvdDA0eG9sdENsMjNyRlRteHR5Ny1TTF90TGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEX1IAAwQE
bW8gMAwDBAKw3RQDBAKw3RgwDQYJKoZIhvcNAQELBQADggEBABGRyEeziLpq8qwY
bSOAz1zoJ5dVWZZXmFv5V7RnFYsGyS0FOWa6b47WuC+VvZpiB7Y8eIEXi4vPsGn7
UyrWqLLyc6xAM9f3oeEApu8oAr5fqzgsfQ2Ilpschfb9rF7eS4+G1g3mPyaCQkux
/GX384Kgq9h7LXe8m7QW/OasxaqjqFK4yGlwMe/QpRjhtENCX0B2PLm06bA5NH1f
+wtIlpttHsgn2WzB4DCEpizpDeb9kaIPKjFmiJDHV+L0bAOz+iEPFM4R7AviCjm4
MIZ/7lI6lrB1/mOydCNP2fEuF1eBsW3pBMZ8vAb7jB3LXjORD42Z9G3ChrT10eLN
kciwECE=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:24:24 2025 by rpki-client