Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/uap6DP5hxb9Zuv0l9Ym_BfU50BM.roa
File: uap6DP5hxb9Zuv0l9Ym_BfU50BM.roa (raw, json)
Hash identifier: Cpng4S29oKPs25tPWtItoKRzv2cf7aUkIVXWr1Rg+Qw=
Subject key identifier: B9:AA:7A:0C:FE:61:C5:BF:59:BA:FD:25:F5:89:BF:05:F5:39:D0:13
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0189F440646CE71CCAA32037135B65F20BCF
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/uap6DP5hxb9Zuv0l9Ym_BfU50BM.roa
Signing time: Mon 14 Aug 2023 13:33:27 +0000
ROA not before: Mon 14 Aug 2023 13:33:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
176.221.24.0/21 maxlen: 24
37.128.252.0/22 maxlen: 24
37.128.252.0/23 maxlen: 23
37.128.248.0/23 maxlen: 24
37.128.248.0/22 maxlen: 24
37.128.254.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:f4:40:64:6c:e7:1c:ca:a3:20:37:13:5b:65:f2:0b:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Aug 14 13:33:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b9aa7a0cfe61c5bf59bafd25f589bf05f539d013
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:95:87:57:4f:52:f6:2b:d1:d6:a0:ae:c0:ae:
58:4d:b5:81:77:af:af:2f:0e:e1:eb:6e:25:15:8c:
28:ba:1a:5b:f3:1f:58:3f:ca:61:a6:1f:b3:eb:48:
fc:cc:74:10:d0:2d:9b:db:eb:61:e5:84:5a:ef:8d:
f6:74:28:71:8a:eb:ff:68:94:bb:71:bc:1a:a4:ae:
e0:fd:6b:c6:c0:14:af:75:b4:a9:bd:09:e2:31:f6:
19:19:df:1b:f9:dc:f3:b0:5c:4a:a3:31:8f:cf:4e:
43:f8:c7:57:f0:1e:de:fd:84:5e:29:6a:af:9b:fc:
a6:2e:39:72:2d:22:9e:e8:9a:76:4e:b2:e8:52:1c:
b9:f1:b0:7f:41:08:0e:8d:94:60:62:d3:8c:6e:fd:
9d:c1:f6:3c:16:14:87:2d:bd:e0:f3:d6:ed:7b:2e:
e0:1d:63:7d:1c:b2:68:71:4a:b3:4e:12:88:d0:98:
70:90:45:17:49:bf:1f:bd:c5:f2:54:fe:cf:75:72:
bd:dc:0f:d9:e7:7a:06:7b:f7:7d:3f:3b:8c:c9:bd:
6d:fc:59:a3:b8:d6:b9:a7:9c:ee:3c:05:70:8e:b0:
39:50:ff:80:da:c7:5a:a5:25:28:b7:07:9f:42:db:
a6:72:94:6d:0f:05:61:9b:d9:34:b2:fb:ac:6f:f3:
02:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:AA:7A:0C:FE:61:C5:BF:59:BA:FD:25:F5:89:BF:05:F5:39:D0:13
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/uap6DP5hxb9Zuv0l9Ym_BfU50BM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/21
95.82.0.0/21
176.221.24.0/21
Signature Algorithm: sha256WithRSAEncryption
5b:a7:04:5f:cd:3a:4b:d9:94:64:70:1f:e4:59:16:66:17:56:
89:a5:19:a7:de:a0:e7:47:1c:16:c1:53:a8:90:2d:f7:65:63:
cc:fb:6c:1b:1f:eb:69:42:1b:8f:79:ea:58:66:0f:29:ad:a2:
4b:04:0f:c6:68:b3:36:d7:3b:f0:e2:c6:85:36:2a:40:5f:56:
a1:f9:5d:c7:c4:ec:34:b7:24:f3:eb:b9:e6:33:02:96:39:05:
ff:02:7a:ce:22:c0:ba:49:a3:29:45:19:d3:cb:37:33:95:c5:
ba:5a:e3:6b:36:02:f6:d4:56:60:71:eb:11:10:a2:fb:bc:ad:
b6:00:40:4e:de:6b:87:fa:62:ad:3b:5b:73:33:b5:06:5c:28:
f2:93:df:cd:f9:c4:3e:25:f1:ef:77:d5:f4:13:6e:a9:60:1e:
b7:2a:01:56:c2:69:5d:d0:43:89:98:c9:ed:0c:cb:02:be:30:
c0:b6:ab:6c:96:31:11:7c:d3:d3:b0:bd:5c:54:df:f5:e4:ba:
f4:92:ec:55:8a:37:86:d3:1f:83:f8:8a:d0:65:a9:e3:1a:14:
84:50:b8:92:9a:8b:39:2f:27:cf:37:59:b2:2d:a2:2d:20:2d:
8c:a4:99:d0:b3:ea:0b:bf:b7:0b:6f:75:09:d4:66:bf:da:3e:
7b:97:74:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYn0QGRs5xzKoyA3E1tl8gvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwODE0MTMzMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWFhN2EwY2ZlNjFjNWJmNTliYWZkMjVmNTg5YmYwNWY1MzlkMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pWHV09S9ivR1qCuwK5YTbWBd6+v
Lw7h624lFYwouhpb8x9YP8phph+z60j8zHQQ0C2b2+th5YRa7432dChxiuv/aJS7
cbwapK7g/WvGwBSvdbSpvQniMfYZGd8b+dzzsFxKozGPz05D+MdX8B7e/YReKWqv
m/ymLjlyLSKe6Jp2TrLoUhy58bB/QQgOjZRgYtOMbv2dwfY8FhSHLb3g89btey7g
HWN9HLJocUqzThKI0JhwkEUXSb8fvcXyVP7PdXK93A/Z53oGe/d9PzuMyb1t/Fmj
uNa5p5zuPAVwjrA5UP+A2sdapSUotwefQtumcpRtDwVhm9k0svusb/MC6wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLmqegz+YcW/Wbr9JfWJvwX1OdATMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvdWFwNkRQNWh4YjladXYwbDlZbV9CZlU1MEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJYD4AwQD
X1IAAwQDsN0YMA0GCSqGSIb3DQEBCwUAA4IBAQBbpwRfzTpL2ZRkcB/kWRZmF1aJ
pRmn3qDnRxwWwVOokC33ZWPM+2wbH+tpQhuPeepYZg8praJLBA/GaLM21zvw4saF
NipAX1ah+V3HxOw0tyTz67nmMwKWOQX/AnrOIsC6SaMpRRnTyzczlcW6WuNrNgL2
1FZgcesREKL7vK22AEBO3muH+mKtO1tzM7UGXCjyk9/N+cQ+JfHvd9X0E26pYB63
KgFWwmld0EOJmMntDMsCvjDAtqtsljERfNPTsL1cVN/15Lr0kuxVijeG0x+D+IrQ
ZanjGhSEULiSmos5LyfPN1myLaItIC2MpJnQs+oLv7cLb3UJ1Ga/2j57l3RV
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:28:33 2025 by rpki-client