Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/uqQ-t6q1aRqS7xgYmMWX9kb2O8A.roa
File: uqQ-t6q1aRqS7xgYmMWX9kb2O8A.roa (raw, json)
Hash identifier: 2pH4WZdi1zHcq3lmDM3YLL/R/NxF+K8JVxPoUJVzhR0=
Subject key identifier: BA:A4:3E:B7:AA:B5:69:1A:92:EF:18:18:98:C5:97:F6:46:F6:3B:C0
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018F0FA08410221F2CF9CF1ACBF4481C2278
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/uqQ-t6q1aRqS7xgYmMWX9kb2O8A.roa
Signing time: Wed 24 Apr 2024 10:22:08 +0000
ROA not before: Wed 24 Apr 2024 10:22:08 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 95.82.8.0/21 maxlen: 24
95.82.16.0/20 maxlen: 24
109.111.52.0/22 maxlen: 24
109.111.60.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:0f:a0:84:10:22:1f:2c:f9:cf:1a:cb:f4:48:1c:22:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Apr 24 10:22:08 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=baa43eb7aab5691a92ef181898c597f646f63bc0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:6b:d8:c1:07:c1:bd:e6:dd:07:e8:9a:72:65:
2a:81:5b:6e:69:8c:62:78:7a:b7:db:d1:ef:b1:6a:
06:3d:f0:b7:5f:fb:81:77:e3:94:3c:7c:6a:41:f8:
94:18:37:9e:39:9d:c9:6d:6b:a4:22:c2:f0:dd:e2:
71:a6:27:44:0e:0c:e5:1b:6e:6a:6d:49:3a:c9:b2:
b3:c0:09:5c:50:0d:44:5d:ff:28:47:62:04:05:c7:
14:6f:70:6c:95:a5:eb:3b:58:50:2f:30:8b:57:49:
60:0c:f2:35:fa:76:64:87:80:cf:d4:7c:a3:8a:fb:
0b:78:89:6f:80:bc:eb:96:94:ec:e2:54:af:df:68:
5b:fe:35:5c:f6:05:fc:bf:e0:e4:7a:c2:6a:93:cf:
3b:2e:33:4d:f0:96:06:ca:71:ea:38:98:98:b7:fa:
96:18:49:f6:e0:f4:04:b8:65:8a:50:18:3f:6b:67:
73:0c:14:bc:cf:a3:d1:3a:9c:00:8b:9d:94:a6:8c:
28:ec:b6:6d:45:19:20:83:36:f6:76:a7:dd:6c:88:
53:44:26:93:af:5d:04:10:93:d9:21:cd:e3:10:a0:
da:19:6e:8d:e4:8c:8d:58:b9:8b:83:8e:50:ab:c8:
16:50:b9:92:b4:78:26:fa:8a:e3:1d:af:7f:a5:15:
54:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:A4:3E:B7:AA:B5:69:1A:92:EF:18:18:98:C5:97:F6:46:F6:3B:C0
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/uqQ-t6q1aRqS7xgYmMWX9kb2O8A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.8.0-95.82.31.255
109.111.52.0/22
109.111.60.0/22
Signature Algorithm: sha256WithRSAEncryption
0b:b2:f1:f4:31:3a:b0:32:1a:86:a2:0f:b4:6f:ab:1d:a6:0d:
92:b8:b3:93:a0:da:8e:e8:8a:7d:36:5c:e6:91:ea:ab:6b:55:
22:44:57:59:a0:e2:7c:be:eb:b1:fc:ff:24:b8:05:85:8f:74:
33:b9:04:d8:65:67:d1:50:f2:8b:88:e1:73:38:f9:04:40:54:
8b:b1:3a:05:9a:07:e9:ad:8f:b6:a9:dd:56:90:a3:dd:d4:3b:
0d:6e:0e:11:06:72:e8:61:3a:ec:a2:da:09:3c:25:9d:6c:c4:
2f:51:eb:c3:5c:f2:26:23:86:90:6f:08:df:d2:b3:0b:07:12:
25:4b:b0:b3:80:a0:c6:92:f9:94:8a:50:b9:1c:77:15:5e:ec:
8b:4f:33:be:bd:9c:cd:0c:ed:a6:8c:65:42:a3:b4:78:d2:7f:
4a:45:75:6f:72:71:15:3b:f9:75:25:f3:c5:6f:b0:b4:0a:b9:
4b:2f:0d:0c:f9:84:c8:4f:57:c1:ac:d7:59:2e:72:2f:b0:2a:
18:f0:4c:95:73:0d:c8:73:c8:65:c0:06:58:c7:6b:80:f5:16:
42:63:2e:f8:00:58:69:15:5c:26:f1:37:ea:85:58:0e:8c:61:
db:27:be:2a:61:91:23:c1:93:ba:86:58:d7:10:7b:a3:25:81:
c1:59:6f:a8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY8PoIQQIh8s+c8ay/RIHCJ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNDI0MTAyMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWE0M2ViN2FhYjU2OTFhOTJlZjE4MTg5OGM1OTdmNjQ2ZjYzYmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmvYwQfBvebdB+iacmUqgVtuaYxi
eHq329HvsWoGPfC3X/uBd+OUPHxqQfiUGDeeOZ3JbWukIsLw3eJxpidEDgzlG25q
bUk6ybKzwAlcUA1EXf8oR2IEBccUb3BslaXrO1hQLzCLV0lgDPI1+nZkh4DP1Hyj
ivsLeIlvgLzrlpTs4lSv32hb/jVc9gX8v+DkesJqk887LjNN8JYGynHqOJiYt/qW
GEn24PQEuGWKUBg/a2dzDBS8z6PROpwAi52Upowo7LZtRRkggzb2dqfdbIhTRCaT
r10EEJPZIc3jEKDaGW6N5IyNWLmLg45Qq8gWULmStHgm+orjHa9/pRVUPwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLqkPreqtWkaku8YGJjFl/ZG9jvAMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvdXFRLXQ2cTFhUnFTN3hnWW1NV1g5a2IyTzhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBANfUggD
BAVfUgADBAJtbzQDBAJtbzwwDQYJKoZIhvcNAQELBQADggEBAAuy8fQxOrAyGoai
D7Rvqx2mDZK4s5Og2o7oin02XOaR6qtrVSJEV1mg4ny+67H8/yS4BYWPdDO5BNhl
Z9FQ8ouI4XM4+QRAVIuxOgWaB+mtj7ap3VaQo93UOw1uDhEGcuhhOuyi2gk8JZ1s
xC9R68Nc8iYjhpBvCN/SswsHEiVLsLOAoMaS+ZSKULkcdxVe7ItPM769nM0M7aaM
ZUKjtHjSf0pFdW9ycRU7+XUl88VvsLQKuUsvDQz5hMhPV8Gs11kuci+wKhjwTJVz
DchzyGXABljHa4D1FkJjLvgAWGkVXCbxN+qFWA6MYdsnviphkSPBk7qGWNcQe6Ml
gcFZb6g=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:25:49 2025 by rpki-client