Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/xtRGTDm0Zp2rhfenjXk-XNOhfuc.roa
File: xtRGTDm0Zp2rhfenjXk-XNOhfuc.roa (raw, json)
Hash identifier: KgUisa6hL9Dnr5yjdYGeRdE2YuyTUCE5JJ2x/+DrSJg=
Subject key identifier: C6:D4:46:4C:39:B4:66:9D:AB:85:F7:A7:8D:79:3E:5C:D3:A1:7E:E7
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0190C8EB7D4AE86BA13D7BBBB0366C5C1A2C
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/xtRGTDm0Zp2rhfenjXk-XNOhfuc.roa
Signing time: Fri 19 Jul 2024 02:56:34 +0000
ROA not before: Fri 19 Jul 2024 02:56:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.40.0/22 maxlen: 24
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
176.221.26.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:c8:eb:7d:4a:e8:6b:a1:3d:7b:bb:b0:36:6c:5c:1a:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jul 19 02:56:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c6d4464c39b4669dab85f7a78d793e5cd3a17ee7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:82:49:46:13:a7:15:6c:14:f5:3a:eb:9f:f1:
a0:f2:63:cb:2c:33:fe:b3:a2:fe:85:72:d6:d2:76:
04:96:ce:b4:80:e4:e8:a7:68:ab:2d:2f:8d:79:e0:
71:e4:ad:34:50:70:dc:8c:31:ff:32:14:af:30:07:
f8:b5:bf:18:56:b0:42:c0:3f:31:14:d2:44:01:70:
82:cc:cc:0e:40:a4:a0:2f:b5:ea:ab:49:11:35:f0:
5b:6e:b4:8f:a1:bc:57:64:4b:40:19:a4:8a:14:a4:
23:b2:fc:e1:7d:97:b0:62:04:b8:50:65:47:12:1b:
57:5c:6f:b6:d3:f0:4a:8e:ea:51:b8:27:66:69:4e:
7c:17:a7:f9:11:c7:b7:f1:11:57:74:f1:32:c9:f4:
a7:da:1a:dd:8b:c3:82:a2:6c:00:9e:14:09:00:b7:
c1:aa:7b:4c:3c:cc:cc:a2:37:74:09:9f:23:72:57:
d9:79:24:47:5e:4e:24:82:82:fd:b1:a0:8b:76:ce:
28:9a:ae:63:57:6b:5b:0e:68:54:c7:e5:7d:3a:10:
fe:cc:1d:bc:a6:bb:51:2b:0c:51:ab:5f:d7:05:28:
fe:ec:d0:7a:25:79:34:f7:e6:16:1d:4f:d6:80:e2:
a6:cd:20:3b:24:56:35:3e:38:1c:1f:b6:29:39:f1:
74:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:D4:46:4C:39:B4:66:9D:AB:85:F7:A7:8D:79:3E:5C:D3:A1:7E:E7
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/xtRGTDm0Zp2rhfenjXk-XNOhfuc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/20
109.111.32.0/20
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
18:e1:f6:06:35:46:5b:7d:df:4a:9a:d8:65:d2:b0:2b:13:f2:
12:5a:ee:7c:f6:3a:82:86:52:99:52:bc:1f:be:c1:c3:98:b6:
6c:66:a5:eb:07:ec:cc:c0:8a:7d:19:4b:e4:13:d0:98:86:bf:
67:87:f2:50:91:53:32:66:c9:f3:23:e9:28:84:b7:fd:56:15:
fd:21:2c:df:b2:53:22:20:39:70:ac:78:ec:4f:43:10:0a:db:
f0:88:24:c4:18:8c:c7:64:18:f2:69:47:f4:40:03:38:b2:4e:
60:be:f3:01:23:a6:66:a2:c7:d1:18:93:70:70:ab:78:95:bd:
9e:23:ed:53:a7:8a:46:1d:64:1c:71:c0:cf:f0:ed:d6:17:74:
56:bc:2d:3a:48:47:03:e0:89:13:e5:4a:7f:db:5a:a6:4f:1d:
9d:22:15:bd:78:34:25:df:3c:38:af:f9:9b:8b:db:6b:5e:84:
e6:98:70:14:57:7f:df:93:87:59:e8:4d:e7:7e:7b:73:a6:f0:
37:90:dc:ba:cd:ef:1a:3f:0b:a9:16:5f:05:22:4d:86:7c:82:
56:4a:c2:6d:8b:a7:7a:a6:79:73:05:d4:2f:15:a5:de:51:65:
10:a0:63:9b:89:00:e2:a0:b0:32:08:38:e5:07:1f:b4:20:99:
f4:ed:65:61
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZDI631K6GuhPXu7sDZsXBosMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNzE5MDI1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQ0NDY0YzM5YjQ2NjlkYWI4NWY3YTc4ZDc5M2U1Y2QzYTE3ZWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoJJRhOnFWwU9Trrn/Gg8mPLLDP+
s6L+hXLW0nYEls60gOTop2irLS+NeeBx5K00UHDcjDH/MhSvMAf4tb8YVrBCwD8x
FNJEAXCCzMwOQKSgL7Xqq0kRNfBbbrSPobxXZEtAGaSKFKQjsvzhfZewYgS4UGVH
EhtXXG+20/BKjupRuCdmaU58F6f5Ece38RFXdPEyyfSn2hrdi8OComwAnhQJALfB
qntMPMzMojd0CZ8jclfZeSRHXk4kgoL9saCLds4omq5jV2tbDmhUx+V9OhD+zB28
prtRKwxRq1/XBSj+7NB6JXk09+YWHU/WgOKmzSA7JFY1PjgcH7YpOfF0nwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFMbURkw5tGadq4X3p415PlzToX7nMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEveHRSR1REbTBacDJyaGZlbmpYay1YTk9oZnVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEX1IAAwQE
bW8gMAwDBAKw3RQDBAKw3RgwDQYJKoZIhvcNAQELBQADggEBABjh9gY1Rlt930qa
2GXSsCsT8hJa7nz2OoKGUplSvB++wcOYtmxmpesH7MzAin0ZS+QT0JiGv2eH8lCR
UzJmyfMj6SiEt/1WFf0hLN+yUyIgOXCseOxPQxAK2/CIJMQYjMdkGPJpR/RAAziy
TmC+8wEjpmaix9EYk3Bwq3iVvZ4j7VOnikYdZBxxwM/w7dYXdFa8LTpIRwPgiRPl
Sn/bWqZPHZ0iFb14NCXfPDiv+ZuL22tehOaYcBRXf9+Th1noTed+e3Om8DeQ3LrN
7xo/C6kWXwUiTYZ8glZKwm2Lp3qmeXMF1C8Vpd5RZRCgY5uJAOKgsDIIOOUHH7Qg
mfTtZWE=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:23:08 2025 by rpki-client