Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/wwgYvnMQv1WnUKVFn4UEpZDDo9s.roa
File: wwgYvnMQv1WnUKVFn4UEpZDDo9s.roa (raw, json)
Hash identifier: bCxb8PPYIlV3FeOYqHYNCj973Q0D9/9U3Z4t4IsEoLI=
Subject key identifier: C3:08:18:BE:73:10:BF:55:A7:50:A5:45:9F:85:04:A5:90:C3:A3:DB
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01884DEA0E6215D7C329BA9103EB768F3229
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/wwgYvnMQv1WnUKVFn4UEpZDDo9s.roa
Signing time: Wed 24 May 2023 13:19:24 +0000
ROA not before: Wed 24 May 2023 13:19:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
95.82.32.0/21 maxlen: 24
37.128.252.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:4d:ea:0e:62:15:d7:c3:29:ba:91:03:eb:76:8f:32:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: May 24 13:19:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c30818be7310bf55a750a5459f8504a590c3a3db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:a8:a5:9a:f9:fe:99:cd:47:74:24:04:26:d8:
20:86:60:3b:ff:30:66:30:ff:4e:b8:f3:6b:8c:df:
c4:53:e4:81:77:ab:e4:2e:27:63:74:67:b2:9e:fe:
c5:38:96:98:05:e0:15:c8:1c:53:89:1d:00:a6:c4:
cc:73:ff:83:12:42:e9:5b:27:d4:a3:aa:aa:14:74:
0c:09:49:d4:40:4e:55:fe:fd:58:55:c5:ea:39:2c:
cf:53:3e:90:eb:2e:96:b9:3a:46:6a:67:be:e5:69:
40:34:a4:0c:45:23:f9:c7:9a:0b:78:1b:fc:90:14:
28:29:85:e8:a5:ab:28:d1:e7:40:0a:e4:76:49:64:
29:ec:15:1f:42:11:df:7b:e2:bf:65:18:50:7f:69:
fc:59:bd:43:a2:cd:82:4b:4e:30:79:06:a9:03:52:
7c:e6:69:3d:76:6c:ee:09:8e:74:65:ba:60:fb:08:
14:89:41:8d:19:b1:41:5c:56:9f:a0:e0:e3:1e:85:
0c:c1:5a:a2:6c:f7:e1:e1:27:5f:41:de:17:4d:7a:
e1:0a:31:99:7a:16:b0:9e:88:81:64:25:1b:cc:6d:
57:4d:91:04:de:52:a9:ad:0f:03:30:14:5f:b5:25:
f0:fb:c3:b9:82:ca:a2:bf:51:d5:6b:bc:f0:fa:13:
42:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:08:18:BE:73:10:BF:55:A7:50:A5:45:9F:85:04:A5:90:C3:A3:DB
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/wwgYvnMQv1WnUKVFn4UEpZDDo9s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/21
95.82.0.0/21
95.82.32.0/21
Signature Algorithm: sha256WithRSAEncryption
00:2d:90:7c:49:fe:5c:11:67:69:55:5e:71:9c:c8:11:77:35:
38:c2:ee:fa:0e:dc:d8:cd:38:38:e6:d1:27:1a:8a:92:76:25:
82:2b:3b:7f:d5:aa:0d:20:30:13:1c:d1:a7:76:71:71:24:b3:
c1:2e:2c:d6:9b:a5:c3:16:f2:b0:cd:9c:af:b2:fe:fd:31:3a:
2c:68:4f:b9:52:50:2e:ed:96:67:ee:dc:41:e0:d1:ec:8c:73:
72:df:41:ed:c9:25:7d:af:f0:5e:33:9f:b9:f0:aa:ae:7e:3c:
a0:dc:a3:c8:81:11:55:e9:4c:94:7f:7b:8f:b7:f8:28:be:2a:
c9:3d:af:dd:01:41:2d:3a:a8:5f:1d:21:a6:c8:dc:6a:c8:89:
f5:3e:0a:dd:7c:36:2d:15:d1:27:05:7c:c6:ad:48:5d:c2:b6:
8f:3c:1a:f2:95:93:e9:95:80:36:61:e6:07:aa:09:cc:22:48:
2e:b1:fa:6b:fc:09:d1:7f:59:34:28:bb:f2:5d:38:67:bd:75:
74:8f:9c:cf:2d:bf:5b:09:21:1c:6b:48:8a:f4:ce:35:88:37:
0f:fc:52:95:88:01:f0:61:69:40:a2:31:08:a6:38:aa:ac:43:
17:7d:38:4e:90:12:a2:a8:96:95:15:bf:64:71:a6:41:1c:86:
64:d3:5c:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYhN6g5iFdfDKbqRA+t2jzIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwNTI0MTMxOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzA4MThiZTczMTBiZjU1YTc1MGE1NDU5Zjg1MDRhNTkwYzNhM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqilmvn+mc1HdCQEJtgghmA7/zBm
MP9OuPNrjN/EU+SBd6vkLidjdGeynv7FOJaYBeAVyBxTiR0ApsTMc/+DEkLpWyfU
o6qqFHQMCUnUQE5V/v1YVcXqOSzPUz6Q6y6WuTpGame+5WlANKQMRSP5x5oLeBv8
kBQoKYXopaso0edACuR2SWQp7BUfQhHfe+K/ZRhQf2n8Wb1Dos2CS04weQapA1J8
5mk9dmzuCY50Zbpg+wgUiUGNGbFBXFafoODjHoUMwVqibPfh4SdfQd4XTXrhCjGZ
ehawnoiBZCUbzG1XTZEE3lKprQ8DMBRftSXw+8O5gsqiv1HVa7zw+hNCYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMMIGL5zEL9Vp1ClRZ+FBKWQw6PbMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvd3dnWXZuTVF2MVduVUtWRm40VUVwWkREbzlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJYD4AwQD
X1IAAwQDX1IgMA0GCSqGSIb3DQEBCwUAA4IBAQAALZB8Sf5cEWdpVV5xnMgRdzU4
wu76DtzYzTg45tEnGoqSdiWCKzt/1aoNIDATHNGndnFxJLPBLizWm6XDFvKwzZyv
sv79MTosaE+5UlAu7ZZn7txB4NHsjHNy30HtySV9r/BeM5+58Kqufjyg3KPIgRFV
6UyUf3uPt/govirJPa/dAUEtOqhfHSGmyNxqyIn1PgrdfDYtFdEnBXzGrUhdwraP
PBrylZPplYA2YeYHqgnMIkgusfpr/AnRf1k0KLvyXThnvXV0j5zPLb9bCSEca0iK
9M41iDcP/FKViAHwYWlAojEIpjiqrEMXfThOkBKiqJaVFb9kcaZBHIZk01wo
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:17:34 2025 by rpki-client