Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/zI_ep5FGgC-9zCxMLTv3h5ECx0g.roa
File: zI_ep5FGgC-9zCxMLTv3h5ECx0g.roa (raw, json)
Hash identifier: ES0XFtpBeZ+3Clhme4hS98Fm/K20yUNDLJTXpiKfF8o=
Subject key identifier: CC:8F:DE:A7:91:46:80:2F:BD:CC:2C:4C:2D:3B:F7:87:91:02:C7:48
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018EA86833A0B694BCB9224F768DBEF6F939
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/zI_ep5FGgC-9zCxMLTv3h5ECx0g.roa
Signing time: Thu 04 Apr 2024 09:19:44 +0000
ROA not before: Thu 04 Apr 2024 09:19:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 95.82.16.0/20 maxlen: 24
109.111.60.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a8:68:33:a0:b6:94:bc:b9:22:4f:76:8d:be:f6:f9:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Apr 4 09:19:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cc8fdea79146802fbdcc2c4c2d3bf7879102c748
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:bc:e8:fb:50:01:8f:09:0a:86:8f:a9:3a:6e:
e2:56:1f:85:42:0e:2f:4e:43:25:de:51:9d:70:16:
95:26:b6:74:dc:8f:14:14:5e:bf:df:e9:c4:a6:e3:
f5:ae:d9:fe:e5:3b:8e:d8:c9:5d:31:7b:1e:f6:c3:
82:64:79:07:23:f3:47:89:97:63:17:82:ee:fc:0c:
c1:c2:2e:a6:c3:8a:6e:9b:da:a2:34:55:91:39:4a:
da:5a:d5:97:d8:32:d8:c5:d8:06:9d:c1:39:2d:bc:
aa:33:8f:38:58:2d:34:5b:24:f7:e8:f9:38:20:dd:
b0:11:7f:b8:ee:b3:86:aa:b6:fd:e6:56:dd:a7:0e:
7f:28:1a:c0:7f:27:d6:0a:30:f4:35:c2:6c:4b:83:
82:f5:d7:f5:fa:b4:2e:17:63:31:a4:4c:c7:a4:43:
3d:4e:82:3d:6b:27:cc:b6:aa:e7:d3:07:46:95:31:
fb:48:75:64:08:aa:c0:0f:16:7b:91:6e:5f:26:ea:
28:a2:3e:b7:d7:ed:89:50:22:28:dc:00:ce:48:8d:
51:06:0f:c0:7d:80:6b:4e:fd:73:ce:54:22:2a:82:
6f:24:c0:e4:59:00:99:ad:0c:aa:32:6e:e2:62:6d:
94:58:a2:91:57:ce:57:1e:47:0f:c5:cf:d8:ad:9f:
4f:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:8F:DE:A7:91:46:80:2F:BD:CC:2C:4C:2D:3B:F7:87:91:02:C7:48
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/zI_ep5FGgC-9zCxMLTv3h5ECx0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.16.0/20
109.111.60.0/22
Signature Algorithm: sha256WithRSAEncryption
59:38:f4:32:56:24:ee:ee:96:08:93:c2:f0:55:5e:a6:04:76:
97:2f:e3:7a:25:04:0b:ce:d1:45:cd:59:d7:32:f8:f3:ba:19:
bb:d4:3b:5f:10:2d:f3:6b:a7:23:8e:0b:a7:94:06:27:e5:69:
ad:a3:44:ff:d0:2a:76:7e:03:1e:d8:e9:3d:96:b2:d5:bc:32:
9b:7a:cb:32:0c:be:7a:7f:63:8d:fd:79:82:d4:c7:4c:e7:f1:
c8:f4:af:59:f9:67:09:49:c2:b0:b3:cd:7c:91:37:d0:de:5d:
81:07:7d:e0:89:94:50:4f:22:65:49:2e:3b:9c:2b:f5:09:5d:
8a:b8:06:96:c5:ea:65:02:9d:30:62:0d:9d:f4:fb:ff:8e:0a:
46:20:17:1a:0c:c0:0f:99:9d:e9:d7:b7:8f:ab:98:e0:11:4c:
14:cf:1a:ba:b3:c6:09:b2:68:91:0a:c6:2a:da:74:18:04:bb:
f0:1a:75:99:53:51:4b:48:3d:55:10:e2:3f:81:e9:75:3d:a4:
32:ae:79:9f:d1:b6:7f:02:9d:a8:84:e6:a4:70:b7:42:46:22:
61:94:bc:7a:25:10:f0:1e:42:e5:f4:a3:c6:54:a6:75:57:88:
a7:a4:89:f0:5f:0f:c7:5a:8c:9a:0f:4b:87:c0:fa:ee:9b:21:
88:8a:4d:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6oaDOgtpS8uSJPdo2+9vk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwNDA0MDkxOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzhmZGVhNzkxNDY4MDJmYmRjYzJjNGMyZDNiZjc4NzkxMDJjNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLzo+1ABjwkKho+pOm7iVh+FQg4v
TkMl3lGdcBaVJrZ03I8UFF6/3+nEpuP1rtn+5TuO2MldMXse9sOCZHkHI/NHiZdj
F4Lu/AzBwi6mw4pum9qiNFWROUraWtWX2DLYxdgGncE5LbyqM484WC00WyT36Pk4
IN2wEX+47rOGqrb95lbdpw5/KBrAfyfWCjD0NcJsS4OC9df1+rQuF2MxpEzHpEM9
ToI9ayfMtqrn0wdGlTH7SHVkCKrADxZ7kW5fJuoooj631+2JUCIo3ADOSI1RBg/A
fYBrTv1zzlQiKoJvJMDkWQCZrQyqMm7iYm2UWKKRV85XHkcPxc/YrZ9PvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMyP3qeRRoAvvcwsTC0794eRAsdIMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEveklfZXA1RkdnQy05ekN4TUxUdjNoNUVDeDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEX1IQAwQC
bW88MA0GCSqGSIb3DQEBCwUAA4IBAQBZOPQyViTu7pYIk8LwVV6mBHaXL+N6JQQL
ztFFzVnXMvjzuhm71DtfEC3za6cjjgunlAYn5Wmto0T/0Cp2fgMe2Ok9lrLVvDKb
essyDL56f2ON/XmC1MdM5/HI9K9Z+WcJScKws818kTfQ3l2BB33giZRQTyJlSS47
nCv1CV2KuAaWxeplAp0wYg2d9Pv/jgpGIBcaDMAPmZ3p17ePq5jgEUwUzxq6s8YJ
smiRCsYq2nQYBLvwGnWZU1FLSD1VEOI/gel1PaQyrnmf0bZ/Ap2ohOakcLdCRiJh
lLx6JRDwHkLl9KPGVKZ1V4inpInwXw/HWoyaD0uHwPrumyGIik3P
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:25:10 2025 by rpki-client