Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/ssY3l8jAGTVd1KMI8LrScmazTq4.roa
File: ssY3l8jAGTVd1KMI8LrScmazTq4.roa (raw, json)
Hash identifier: 6stc/58HwG3ofOCRa4ENIDb531f1OQgjmsEh3kxbP4Y=
Subject key identifier: B2:C6:37:97:C8:C0:19:35:5D:D4:A3:08:F0:BA:D2:72:66:B3:4E:AE
Certificate issuer: /CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Certificate serial: 018D356E360D440BE1E52E5DF12E84716777
Authority key identifier: C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/ssY3l8jAGTVd1KMI8LrScmazTq4.roa
Signing time: Tue 23 Jan 2024 08:27:11 +0000
ROA not before: Tue 23 Jan 2024 08:27:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49024
IP address blocks: 95.131.120.0/21 maxlen: 24
95.131.122.0/23 maxlen: 24
185.154.28.0/22 maxlen: 24
2a02:c49::/32 maxlen: 32
2a02:c4a::/31 maxlen: 31
2a02:c4a::/32 maxlen: 32
2a02:c4c::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:35:6e:36:0d:44:0b:e1:e5:2e:5d:f1:2e:84:71:67:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c02f59eca64293d2c916e7abb09e052e2cb1cb63
Validity
Not Before: Jan 23 08:27:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b2c63797c8c019355dd4a308f0bad27266b34eae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:00:43:65:50:94:ef:fd:98:b1:d5:e2:47:a2:
f6:7c:71:99:f1:df:a1:77:c3:de:2e:b0:23:cf:d9:
b2:43:10:af:76:d3:e6:f1:9b:0a:8d:ae:c6:91:12:
fa:a1:eb:64:01:db:1f:32:fd:80:dc:bd:a5:e4:88:
95:12:d6:63:c9:0e:04:9a:a4:67:9d:1e:4e:a6:74:
88:65:94:4d:8e:8c:08:82:01:e7:16:ac:5d:8a:02:
7b:0e:7a:37:b6:73:1b:ed:71:b0:46:18:aa:3d:9d:
ff:ac:ee:4e:9c:68:c8:a4:42:13:32:d1:08:79:0f:
8b:6d:fe:61:c2:40:bc:92:0b:5f:3b:de:aa:a1:82:
76:3d:24:ed:f5:2e:51:ae:0b:ec:f1:d8:90:9b:53:
1a:9a:9d:ca:eb:86:e1:ef:e5:72:3b:60:47:ff:d9:
5a:04:47:77:89:ca:97:d4:9c:1d:1f:72:5b:58:51:
a2:14:60:9a:0d:44:c9:16:9f:e1:29:fe:f0:6a:f2:
17:6d:33:6b:6d:4b:cd:54:c3:34:27:e6:47:93:7a:
14:05:05:33:7f:ab:3d:33:cc:ff:dd:2f:6e:3a:39:
5e:02:c3:66:40:7a:41:be:c2:6b:c1:24:13:f5:a9:
6a:f2:6e:90:28:99:25:13:b1:04:2b:c2:f9:87:27:
63:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:C6:37:97:C8:C0:19:35:5D:D4:A3:08:F0:BA:D2:72:66:B3:4E:AE
X509v3 Authority Key Identifier:
keyid:C0:2F:59:EC:A6:42:93:D2:C9:16:E7:AB:B0:9E:05:2E:2C:B1:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wC9Z7KZCk9LJFuersJ4FLiyxy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/ssY3l8jAGTVd1KMI8LrScmazTq4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/58b20a-452b-4f2b-aab5-7d13c072d96b/1/wC9Z7KZCk9LJFuersJ4FLiyxy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.120.0/21
185.154.28.0/22
IPv6:
2a02:c49::-2a02:c4f:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
75:3f:5a:9d:73:c3:3e:f7:84:cb:d3:9a:68:94:55:fb:fd:c7:
34:ce:12:f9:90:b3:c6:87:ec:c8:1f:71:6c:01:09:3e:94:63:
fc:ad:57:7d:e5:b3:5e:fe:25:6e:b7:df:e9:2a:a4:b6:2c:db:
90:65:df:26:24:02:3b:e9:74:36:e6:6e:cc:6e:56:03:a5:56:
0c:58:06:0c:2c:91:3b:fa:9e:64:8c:2f:38:0a:32:42:d3:9e:
74:13:82:4f:61:f5:0f:71:0e:4b:80:ad:94:ee:74:71:4c:74:
15:f4:71:c8:30:6a:7c:3a:8b:cb:c8:b8:e3:d3:f5:97:d6:f6:
51:6f:a9:23:94:af:cd:7b:31:db:ce:1b:e9:02:35:e1:85:27:
ed:bd:95:e3:c1:87:96:6c:52:12:d6:7f:af:1e:b4:04:d9:71:
e1:94:03:a5:8f:68:e2:cf:fa:33:e3:89:87:eb:7b:a9:69:86:
0a:ad:a0:43:99:f7:d7:7f:e7:d5:0a:bd:1f:77:77:2a:8c:47:
19:77:9d:d4:b2:37:ae:2a:45:8e:ed:cd:5c:84:d2:d1:bc:47:
12:b6:fd:04:ac:99:f4:d1:5a:8b:8c:70:74:8d:97:77:65:b3:
4e:dc:2b:c4:f4:c3:60:d6:63:cf:70:a1:82:6c:c6:c2:fd:0b:
f0:c4:33:a7
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY01bjYNRAvh5S5d8S6EcWd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMmY1OWVjYTY0MjkzZDJjOTE2ZTdhYmIwOWUwNTJlMmNi
MWNiNjMwHhcNMjQwMTIzMDgyNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmM2Mzc5N2M4YzAxOTM1NWRkNGEzMDhmMGJhZDI3MjY2YjM0ZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwBDZVCU7/2YsdXiR6L2fHGZ8d+h
d8PeLrAjz9myQxCvdtPm8ZsKja7GkRL6oetkAdsfMv2A3L2l5IiVEtZjyQ4EmqRn
nR5OpnSIZZRNjowIggHnFqxdigJ7Dno3tnMb7XGwRhiqPZ3/rO5OnGjIpEITMtEI
eQ+Lbf5hwkC8kgtfO96qoYJ2PSTt9S5Rrgvs8diQm1Mamp3K64bh7+VyO2BH/9la
BEd3icqX1JwdH3JbWFGiFGCaDUTJFp/hKf7wavIXbTNrbUvNVMM0J+ZHk3oUBQUz
f6s9M8z/3S9uOjleAsNmQHpBvsJrwSQT9alq8m6QKJklE7EEK8L5hydjowIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLLGN5fIwBk1XdSjCPC60nJms06uMB8GA1UdIwQY
MBaAFMAvWeymQpPSyRbnq7CeBS4ssctjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUt
N2QxM2MwNzJkOTZiLzEvc3NZM2w4akFHVFZkMUtNSThMclNjbWF6VHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS81OGIyMGEtNDUyYi00ZjJiLWFhYjUtN2QxM2MwNzJkOTZi
LzEvd0M5WjdLWkNrOUxKRnVlcnNKNEZMaXl4eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQDX4N4AwQC
uZocMBYEAgACMBAwDgMFACoCDEkDBQQqAgxAMA0GCSqGSIb3DQEBCwUAA4IBAQB1
P1qdc8M+94TL05polFX7/cc0zhL5kLPGh+zIH3FsAQk+lGP8rVd95bNe/iVut9/p
KqS2LNuQZd8mJAI76XQ25m7MblYDpVYMWAYMLJE7+p5kjC84CjJC0550E4JPYfUP
cQ5LgK2U7nRxTHQV9HHIMGp8OovLyLjj0/WX1vZRb6kjlK/NezHbzhvpAjXhhSft
vZXjwYeWbFIS1n+vHrQE2XHhlAOlj2jiz/oz44mH63upaYYKraBDmffXf+fVCr0f
d3cqjEcZd53UsjeuKkWO7c1chNLRvEcStv0ErJn00VqLjHB0jZd3ZbNO3CvE9MNg
1mPPcKGCbMbC/QvwxDOn
-----END CERTIFICATE-----
Generated at Sun Apr 20 15:32:42 2025 by rpki-client