Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/wb5k4jdI9F3Kzff2Qfwe53F-5eo.roa
File: wb5k4jdI9F3Kzff2Qfwe53F-5eo.roa (raw, json)
Hash identifier: ZHnK8uSBRPP+gZxsINpgyfPIeYJnvoZ9vwQMW4CYXX8=
Subject key identifier: C1:BE:64:E2:37:48:F4:5D:CA:CD:F7:F6:41:FC:1E:E7:71:7E:E5:EA
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018D86B6604762B23B44755F5D51104A3C1A
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/wb5k4jdI9F3Kzff2Qfwe53F-5eo.roa
Signing time: Thu 08 Feb 2024 03:15:15 +0000
ROA not before: Thu 08 Feb 2024 03:15:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/21 maxlen: 24
95.82.8.0/21 maxlen: 24
95.82.32.0/21 maxlen: 21
109.111.32.0/20 maxlen: 24
176.221.16.0/21 maxlen: 21
193.176.96.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:86:b6:60:47:62:b2:3b:44:75:5f:5d:51:10:4a:3c:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Feb 8 03:15:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c1be64e23748f45dcacdf7f641fc1ee7717ee5ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:aa:06:7d:96:53:1c:fd:3d:c7:08:6c:ba:94:
fa:1e:c2:7e:60:bb:2f:96:f6:39:ce:c7:42:94:2c:
af:f0:de:9f:7e:f1:e1:4f:11:76:cd:9f:a8:16:9f:
91:94:99:53:c6:81:a8:2d:ae:30:af:44:b5:d4:d5:
78:f1:a5:24:9f:a9:5f:62:86:e8:67:5b:40:a7:ec:
68:8a:f3:bd:f7:06:72:d8:77:2e:66:39:e7:66:bb:
f6:5e:68:4d:f1:e8:0e:98:5e:cd:9d:8c:f2:dc:bc:
5b:84:ef:f7:fd:eb:c7:e4:be:f8:45:fe:50:40:8e:
d9:1d:d9:11:67:bb:63:c1:1d:71:05:d0:02:e2:2f:
bb:ee:7a:ec:bd:19:8c:07:5d:51:aa:e6:60:35:31:
41:fc:a3:82:cd:65:36:57:fa:8f:44:16:2b:aa:44:
cd:fc:52:f2:10:e8:26:4b:0f:a1:60:56:83:8a:f2:
8a:a9:2c:c1:df:31:a7:86:23:54:7f:95:f9:82:f2:
04:60:cc:34:55:05:52:96:20:bd:f2:0a:c4:7f:64:
89:68:72:b3:7b:65:f7:cd:99:83:75:c4:8e:ff:f7:
be:97:4c:ae:54:a3:3f:4c:e1:cf:71:2a:65:7e:ff:
26:06:76:30:d4:4f:b5:8c:48:f6:f0:ac:c9:c3:28:
6c:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:BE:64:E2:37:48:F4:5D:CA:CD:F7:F6:41:FC:1E:E7:71:7E:E5:EA
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/wb5k4jdI9F3Kzff2Qfwe53F-5eo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
95.82.32.0/21
109.111.32.0/20
176.221.16.0/21
193.176.96.0/24
Signature Algorithm: sha256WithRSAEncryption
46:a2:62:fc:de:77:15:79:ec:01:dc:b1:0f:04:d9:a3:10:08:
d5:83:ed:0a:3b:da:e0:ca:a5:d7:6d:4c:48:2b:4c:8b:39:dd:
1e:11:ee:f4:3e:fe:0e:b3:eb:af:33:2b:d8:14:c3:4f:11:da:
35:99:b5:73:04:98:a1:72:22:ad:35:c3:6d:92:97:83:02:ec:
dc:c7:91:fc:04:28:1e:1a:2d:52:7e:56:c1:65:be:5b:3e:30:
2b:86:13:43:1d:bd:69:3c:3b:e0:b0:c6:59:18:76:60:8c:9e:
76:50:cd:99:4f:d9:90:0a:69:ca:73:fd:19:11:0e:27:63:e8:
35:23:1d:38:b5:8d:96:88:da:10:24:41:bd:46:59:6b:ae:6c:
47:cb:b8:95:5e:38:33:c6:81:2c:9b:c2:f9:0c:65:89:7a:a3:
b0:de:b1:b8:a1:bf:2e:a7:74:18:3c:58:a6:e1:a6:b9:fb:6b:
2d:16:2e:a4:b4:e9:95:d8:9f:88:1f:1d:d3:a1:c9:99:7f:e8:
88:7e:dd:d0:ab:7c:7d:1a:c1:9f:97:3b:59:d0:ad:bf:fd:e1:
2e:3c:ca:23:09:d8:09:ec:f4:38:da:d3:08:d0:fc:68:8b:f2:
98:82:e6:19:71:a0:4c:2a:a8:60:7f:e9:e5:7c:b2:18:50:21:
b9:51:2d:e1
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY2GtmBHYrI7RHVfXVEQSjwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMjA4MDMxNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWJlNjRlMjM3NDhmNDVkY2FjZGY3ZjY0MWZjMWVlNzcxN2VlNWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqoGfZZTHP09xwhsupT6HsJ+YLsv
lvY5zsdClCyv8N6ffvHhTxF2zZ+oFp+RlJlTxoGoLa4wr0S11NV48aUkn6lfYobo
Z1tAp+xoivO99wZy2HcuZjnnZrv2XmhN8egOmF7NnYzy3LxbhO/3/evH5L74Rf5Q
QI7ZHdkRZ7tjwR1xBdAC4i+77nrsvRmMB11RquZgNTFB/KOCzWU2V/qPRBYrqkTN
/FLyEOgmSw+hYFaDivKKqSzB3zGnhiNUf5X5gvIEYMw0VQVSliC98grEf2SJaHKz
e2X3zZmDdcSO//e+l0yuVKM/TOHPcSplfv8mBnYw1E+1jEj28KzJwyhs1QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMG+ZOI3SPRdys339kH8HudxfuXqMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvd2I1azRqZEk5RjNLemZmMlFmd2U1M0YtNWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCJYD4AwQE
X1IAAwQDX1IgAwQEbW8gAwQDsN0QAwQAwbBgMA0GCSqGSIb3DQEBCwUAA4IBAQBG
omL83ncVeewB3LEPBNmjEAjVg+0KO9rgyqXXbUxIK0yLOd0eEe70Pv4Os+uvMyvY
FMNPEdo1mbVzBJihciKtNcNtkpeDAuzcx5H8BCgeGi1SflbBZb5bPjArhhNDHb1p
PDvgsMZZGHZgjJ52UM2ZT9mQCmnKc/0ZEQ4nY+g1Ix04tY2WiNoQJEG9RllrrmxH
y7iVXjgzxoEsm8L5DGWJeqOw3rG4ob8up3QYPFim4aa5+2stFi6ktOmV2J+IHx3T
ocmZf+iIft3Qq3x9GsGflztZ0K2//eEuPMojCdgJ7PQ42tMI0Pxoi/KYguYZcaBM
Kqhgf+nlfLIYUCG5US3h
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:16:49 2025 by rpki-client