Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/tr_81CiIjPB2WUs1CWt-enin0Ig.roa
File: tr_81CiIjPB2WUs1CWt-enin0Ig.roa (raw, json)
Hash identifier: o09aoJn035CYYCNOUjxN35pgDmJtNhEAUnOwoDZNlXI=
Subject key identifier: B6:BF:FC:D4:28:88:8C:F0:76:59:4B:35:09:6B:7E:7A:78:A7:D0:88
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01941FFA877990C3CAE33B032394FEBE12C0
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/tr_81CiIjPB2WUs1CWt-enin0Ig.roa
Signing time: Wed 01 Jan 2025 03:48:19 +0000
ROA not before: Wed 01 Jan 2025 03:48:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 95.82.8.0/21 maxlen: 24
95.82.16.0/20 maxlen: 24
109.111.52.0/22 maxlen: 24
176.221.20.0/23 maxlen: 24
176.221.22.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:87:79:90:c3:ca:e3:3b:03:23:94:fe:be:12:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jan 1 03:48:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b6bffcd428888cf076594b35096b7e7a78a7d088
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:8f:bd:07:18:ee:18:a8:e2:85:39:36:61:51:
6b:a9:9d:9c:14:e8:ee:9f:e2:cd:a1:c5:b4:1b:58:
2f:f7:be:01:41:1a:57:fb:ac:5a:2a:b5:9c:cd:21:
bd:d4:65:b5:6d:54:98:19:20:aa:37:d3:d5:f6:95:
c4:ea:cb:e1:0f:0c:c5:3d:f1:10:e2:68:d0:c7:e7:
75:d8:d7:fe:70:04:dd:c6:2a:5b:15:a3:ee:70:38:
55:bc:ca:51:9b:56:36:d6:a2:f7:fd:1e:f0:7f:b7:
81:ee:e2:4b:51:f0:88:0f:a1:9b:d6:16:2d:a3:20:
80:cd:94:4a:47:54:bf:de:f3:01:b3:40:16:0c:cc:
15:56:0b:02:26:f8:d2:2e:d7:6e:fd:c6:fc:3e:d1:
4e:a7:39:87:a2:7c:fe:54:30:5d:d1:3b:ff:53:34:
7d:c4:7e:76:64:95:9d:2b:06:84:f5:6e:8d:f1:7b:
f6:2e:c4:5d:c8:13:ea:e1:78:60:b9:34:2c:03:f1:
19:bf:5b:ca:fd:24:90:ed:74:30:45:95:07:b8:13:
3f:70:2e:0a:81:df:3a:5f:e7:fa:9a:26:b6:a4:c5:
93:f3:70:f8:b1:4a:15:2d:39:ca:61:31:85:1a:60:
9b:23:9d:a8:ca:94:0f:17:18:0d:b1:99:7e:75:84:
c0:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:BF:FC:D4:28:88:8C:F0:76:59:4B:35:09:6B:7E:7A:78:A7:D0:88
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/tr_81CiIjPB2WUs1CWt-enin0Ig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.8.0-95.82.31.255
109.111.52.0/22
176.221.20.0/22
Signature Algorithm: sha256WithRSAEncryption
82:f0:51:be:88:67:9b:bd:e9:fc:e8:40:41:bc:99:3b:c7:50:
77:40:64:63:ad:b9:00:34:ed:3e:1c:53:11:95:e0:36:13:f8:
cb:56:67:c9:1b:73:fc:d9:ce:24:3a:07:c9:00:bc:ed:a7:9e:
44:83:0a:42:f3:e5:47:1a:50:7f:cb:d6:56:ae:6f:d8:2e:e2:
48:3c:25:68:ea:ee:cf:03:6e:e7:31:b2:da:8b:86:d7:d0:37:
1a:66:7d:40:ae:00:e5:20:34:2f:83:91:9a:90:0d:c8:fb:7d:
5c:5a:6c:05:a8:ac:e8:57:31:17:8a:ce:64:05:2a:c0:d6:60:
4e:10:f2:12:8a:a6:21:2b:46:3f:24:55:87:9c:2a:76:de:75:
f3:f9:d4:09:38:68:cc:64:66:d4:bd:1a:58:21:0e:58:16:13:
14:22:0a:1a:53:fc:eb:ca:dd:5f:bf:a8:e4:2d:ea:1f:cb:9d:
ef:6d:78:a9:92:75:f6:2f:53:24:44:58:a4:c1:24:e5:91:7e:
78:ae:dc:29:ce:10:b2:3f:9d:99:49:5f:15:1a:57:fc:59:a5:
7e:ec:16:cb:11:b8:7a:28:87:1b:88:fb:55:0f:80:b1:16:d9:
36:31:e1:cc:08:28:6b:55:d9:9b:a8:8d:68:46:67:04:b8:6a:
27:66:60:01
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQf+od5kMPK4zsDI5T+vhLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmJmZmNkNDI4ODg4Y2YwNzY1OTRiMzUwOTZiN2U3YTc4YTdkMDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4+9BxjuGKjihTk2YVFrqZ2cFOju
n+LNocW0G1gv974BQRpX+6xaKrWczSG91GW1bVSYGSCqN9PV9pXE6svhDwzFPfEQ
4mjQx+d12Nf+cATdxipbFaPucDhVvMpRm1Y21qL3/R7wf7eB7uJLUfCID6Gb1hYt
oyCAzZRKR1S/3vMBs0AWDMwVVgsCJvjSLtdu/cb8PtFOpzmHonz+VDBd0Tv/UzR9
xH52ZJWdKwaE9W6N8Xv2LsRdyBPq4XhguTQsA/EZv1vK/SSQ7XQwRZUHuBM/cC4K
gd86X+f6mia2pMWT83D4sUoVLTnKYTGFGmCbI52oypQPFxgNsZl+dYTADwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLa//NQoiIzwdllLNQlrfnp4p9CIMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvdHJfODFDaUlqUEIyV1VzMUNXdC1lbmluMElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBANfUggD
BAVfUgADBAJtbzQDBAKw3RQwDQYJKoZIhvcNAQELBQADggEBAILwUb6IZ5u96fzo
QEG8mTvHUHdAZGOtuQA07T4cUxGV4DYT+MtWZ8kbc/zZziQ6B8kAvO2nnkSDCkLz
5UcaUH/L1laub9gu4kg8JWjq7s8DbucxstqLhtfQNxpmfUCuAOUgNC+DkZqQDcj7
fVxabAWorOhXMReKzmQFKsDWYE4Q8hKKpiErRj8kVYecKnbedfP51Ak4aMxkZtS9
GlghDlgWExQiChpT/OvK3V+/qOQt6h/Lne9teKmSdfYvUyREWKTBJOWRfniu3CnO
ELI/nZlJXxUaV/xZpX7sFssRuHoohxuI+1UPgLEW2TYx4cwIKGtV2ZuojWhGZwS4
aidmYAE=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:16:48 2025 by rpki-client