Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/6c0e22-fb61-49db-b065-993cd8388fd5/1/rNwBGhFIR425hsa7VXLohw3WbI8.roa
File: rNwBGhFIR425hsa7VXLohw3WbI8.roa (raw, json)
Hash identifier: 5hlwE/4nGMW90cUFx8jklHI+HWdrNxEGplBTI/2AngA=
Subject key identifier: AC:DC:01:1A:11:48:47:8D:B9:86:C6:BB:55:72:E8:87:0D:D6:6C:8F
Certificate issuer: /CN=0c6f182804b56e508aa372c03cceb73ef8c2c68b
Certificate serial: 018CC2DB52AB4DE4A2AFB345CB92F74AE3FE
Authority key identifier: 0C:6F:18:28:04:B5:6E:50:8A:A3:72:C0:3C:CE:B7:3E:F8:C2:C6:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DG8YKAS1blCKo3LAPM63PvjCxos.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/6c0e22-fb61-49db-b065-993cd8388fd5/1/rNwBGhFIR425hsa7VXLohw3WbI8.roa
Signing time: Mon 01 Jan 2024 02:30:02 +0000
ROA not before: Mon 01 Jan 2024 02:30:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29061
IP address blocks: 95.87.95.0/24 maxlen: 24
95.87.93.0/24 maxlen: 24
95.87.92.0/24 maxlen: 24
95.87.94.0/24 maxlen: 24
92.62.64.0/21 maxlen: 24
92.62.64.0/20 maxlen: 24
92.62.66.0/23 maxlen: 23
92.62.65.0/24 maxlen: 24
95.87.72.0/21 maxlen: 24
95.87.72.0/22 maxlen: 22
95.87.76.0/22 maxlen: 22
95.87.80.0/20 maxlen: 24
95.87.80.0/21 maxlen: 21
95.87.88.0/22 maxlen: 22
185.53.229.0/24 maxlen: 24
185.53.228.0/22 maxlen: 22
185.53.228.0/24 maxlen: 24
185.53.231.0/24 maxlen: 24
185.53.230.0/24 maxlen: 24
217.29.17.0/24 maxlen: 24
217.29.16.0/24 maxlen: 24
217.29.16.0/21 maxlen: 24
217.29.16.0/20 maxlen: 24
217.29.24.0/24 maxlen: 24
217.29.23.0/24 maxlen: 24
217.29.24.0/21 maxlen: 21
217.29.20.0/24 maxlen: 24
217.29.22.0/24 maxlen: 24
217.29.21.0/24 maxlen: 24
217.29.19.0/24 maxlen: 24
217.29.18.0/24 maxlen: 24
217.29.26.0/24 maxlen: 24
217.29.25.0/24 maxlen: 24
217.29.31.0/24 maxlen: 24
217.29.27.0/24 maxlen: 24
217.29.28.0/24 maxlen: 24
2a02:820::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:db:52:ab:4d:e4:a2:af:b3:45:cb:92:f7:4a:e3:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c6f182804b56e508aa372c03cceb73ef8c2c68b
Validity
Not Before: Jan 1 02:30:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=acdc011a1148478db986c6bb5572e8870dd66c8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:8e:8f:42:9b:ef:ec:72:cf:4b:d5:51:3b:f8:
bd:47:fe:e4:88:5d:de:fc:2f:6c:86:ab:e0:3c:77:
a0:71:57:40:0a:31:2b:48:1e:b5:59:f2:73:f2:97:
df:48:0b:03:74:33:d2:ee:b3:b8:93:e7:40:65:c4:
e7:d1:44:20:27:45:5f:84:bd:79:e0:8c:4b:f0:b3:
33:e4:1b:3e:cd:0f:ad:de:1e:c2:6a:b8:de:3c:f4:
1f:3d:79:60:d4:69:52:25:f2:9b:b0:82:08:5b:fd:
48:77:71:c2:58:c7:e8:42:7d:1e:16:25:96:09:c8:
20:c0:41:9a:06:67:a9:4b:d2:c7:c9:32:7f:67:0d:
b6:1b:2b:88:6a:d2:37:68:b1:93:63:87:25:9a:03:
21:ae:0d:79:c6:bd:56:fe:74:99:26:57:c1:e7:56:
a1:d8:93:d3:ba:c2:d1:d1:da:29:36:b4:f8:53:cd:
23:9c:cc:6f:3a:28:aa:fb:5b:35:5f:7c:f5:5f:77:
45:27:31:e3:6f:37:c3:7c:83:e0:ef:a5:d8:26:32:
03:63:9c:4e:1b:a6:a2:b7:0c:86:20:d7:c9:5f:f0:
d4:2f:cc:dd:6a:93:5e:cb:9a:54:25:8a:d3:8b:81:
e0:3e:8e:a3:71:aa:47:2a:80:77:6c:69:fd:9a:21:
47:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:DC:01:1A:11:48:47:8D:B9:86:C6:BB:55:72:E8:87:0D:D6:6C:8F
X509v3 Authority Key Identifier:
keyid:0C:6F:18:28:04:B5:6E:50:8A:A3:72:C0:3C:CE:B7:3E:F8:C2:C6:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DG8YKAS1blCKo3LAPM63PvjCxos.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/6c0e22-fb61-49db-b065-993cd8388fd5/1/rNwBGhFIR425hsa7VXLohw3WbI8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/6c0e22-fb61-49db-b065-993cd8388fd5/1/DG8YKAS1blCKo3LAPM63PvjCxos.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.62.64.0/20
95.87.72.0-95.87.95.255
185.53.228.0/22
217.29.16.0/20
IPv6:
2a02:820::/32
Signature Algorithm: sha256WithRSAEncryption
c7:87:0b:7b:db:e0:c8:dc:9d:20:f4:7a:32:58:4e:de:77:0e:
df:ea:cc:3c:b9:80:37:93:1c:96:42:3d:dc:51:4e:31:f4:4c:
cf:81:95:c2:dd:9c:8c:99:b7:df:5f:ab:b5:07:b7:2e:2b:c6:
9c:d6:72:ea:1d:09:33:ac:8d:b3:a3:1e:ef:49:57:bb:00:6e:
db:2d:8e:44:d2:8a:e2:6e:99:29:49:d8:65:05:7b:87:80:19:
ca:d2:b4:62:51:1b:86:2e:18:2f:a1:4b:2d:3e:81:c9:d1:56:
77:6d:77:b0:37:69:7c:9a:be:74:e0:41:8c:36:b2:f7:a1:ac:
f5:f3:c1:6e:05:66:81:5e:a7:21:bc:d4:d9:b2:2b:28:6c:5a:
c2:9f:9a:ce:d2:6c:1e:5e:dd:af:1f:31:5c:f6:9a:dc:6a:d8:
13:29:21:1f:c4:23:44:1a:62:95:db:98:bc:f0:d2:be:27:1c:
17:2f:a2:0f:50:34:50:f2:0c:56:e9:39:eb:d2:ec:4c:cb:92:
7d:e1:69:c7:6a:30:3c:f0:a6:e5:52:cf:29:00:0c:73:ff:e6:
c2:4f:ef:6d:2c:10:61:a2:2f:0a:0e:0d:13:9a:69:03:a0:46:
d9:b2:33:bc:5b:f4:a1:a8:e9:68:48:de:70:85:73:e4:30:96:
ed:ae:81:83
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzC21KrTeSir7NFy5L3SuP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNmYxODI4MDRiNTZlNTA4YWEzNzJjMDNjY2ViNzNlZjhj
MmM2OGIwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2RjMDExYTExNDg0NzhkYjk4NmM2YmI1NTcyZTg4NzBkZDY2YzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI6PQpvv7HLPS9VRO/i9R/7kiF3e
/C9shqvgPHegcVdACjErSB61WfJz8pffSAsDdDPS7rO4k+dAZcTn0UQgJ0VfhL15
4IxL8LMz5Bs+zQ+t3h7CarjePPQfPXlg1GlSJfKbsIIIW/1Id3HCWMfoQn0eFiWW
CcggwEGaBmepS9LHyTJ/Zw22GyuIatI3aLGTY4clmgMhrg15xr1W/nSZJlfB51ah
2JPTusLR0dopNrT4U80jnMxvOiiq+1s1X3z1X3dFJzHjbzfDfIPg76XYJjIDY5xO
G6aitwyGINfJX/DUL8zdapNey5pUJYrTi4HgPo6jcapHKoB3bGn9miFHcQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFKzcARoRSEeNuYbGu1Vy6IcN1myPMB8GA1UdIwQY
MBaAFAxvGCgEtW5QiqNywDzOtz74wsaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREc4WUtBUzFibENLbzNMQVBNNjNQdmpDeG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC82YzBlMjItZmI2MS00OWRiLWIwNjUt
OTkzY2Q4Mzg4ZmQ1LzEvck53QkdoRklSNDI1aHNhN1ZYTG9odzNXYkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC82YzBlMjItZmI2MS00OWRiLWIwNjUtOTkzY2Q4Mzg4ZmQ1
LzEvREc4WUtBUzFibENLbzNMQVBNNjNQdmpDeG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQEXD5AMAwD
BANfV0gDBAVfV0ADBAK5NeQDBATZHRAwDQQCAAIwBwMFACoCCCAwDQYJKoZIhvcN
AQELBQADggEBAMeHC3vb4MjcnSD0ejJYTt53Dt/qzDy5gDeTHJZCPdxRTjH0TM+B
lcLdnIyZt99fq7UHty4rxpzWcuodCTOsjbOjHu9JV7sAbtstjkTSiuJumSlJ2GUF
e4eAGcrStGJRG4YuGC+hSy0+gcnRVndtd7A3aXyavnTgQYw2svehrPXzwW4FZoFe
pyG81NmyKyhsWsKfms7SbB5e3a8fMVz2mtxq2BMpIR/EI0QaYpXbmLzw0r4nHBcv
og9QNFDyDFbpOevS7EzLkn3hacdqMDzwpuVSzykADHP/5sJP720sEGGiLwoODROa
aQOgRtmyM7xb9KGo6WhI3nCFc+Qwlu2ugYM=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:30:12 2025 by rpki-client