Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/u-WJ2urTxy5KtjPm6SPcpd0iHM8.roa
File: u-WJ2urTxy5KtjPm6SPcpd0iHM8.roa (raw, json)
Hash identifier: IKRvs8PoOLmqIMNWCWJeOwv8SSc7GnJhDh2PYUcX1mc=
Subject key identifier: BB:E5:89:DA:EA:D3:C7:2E:4A:B6:33:E6:E9:23:DC:A5:DD:22:1C:CF
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 019263A71B3DC532B5987377D6BE429FB7C8
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/u-WJ2urTxy5KtjPm6SPcpd0iHM8.roa
Signing time: Sun 06 Oct 2024 21:05:48 +0000
ROA not before: Sun 06 Oct 2024 21:05:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.34.0/23 maxlen: 24
109.111.40.0/22 maxlen: 24
109.111.42.0/23 maxlen: 24
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:63:a7:1b:3d:c5:32:b5:98:73:77:d6:be:42:9f:b7:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Oct 6 21:05:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bbe589daead3c72e4ab633e6e923dca5dd221ccf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:0c:e6:1d:03:27:ce:52:c6:a1:a9:86:7d:b8:
0c:9b:59:d1:36:38:b8:9a:50:ed:d1:7c:df:5c:3c:
19:2e:49:63:af:24:84:a2:b2:0c:40:96:56:4c:14:
9f:3e:e4:14:37:97:0f:eb:39:de:b2:0a:23:dd:70:
97:4e:a8:7f:7a:5a:d1:d8:29:5a:4d:e6:8f:1b:2e:
fa:2a:ef:a2:54:61:f1:b2:de:cd:95:b6:b8:e2:6c:
d8:90:41:19:fd:3d:0f:8b:75:21:71:fc:b7:45:c3:
ae:36:d2:83:63:f4:30:bb:4a:65:a6:b1:b0:10:38:
cd:26:87:14:35:37:23:5a:34:b3:f8:30:42:9d:25:
4b:93:1c:49:6a:f6:25:36:2c:a8:9d:56:1e:cd:89:
89:ee:9a:e4:d5:41:7a:97:a1:9e:a8:47:be:9b:84:
9e:2c:58:93:e4:b8:ed:15:d0:00:14:56:05:75:e9:
aa:39:2d:69:36:fa:00:92:94:99:16:3e:f8:b6:15:
00:7c:9d:42:62:8a:8b:af:da:8d:29:4b:83:9c:1d:
67:b4:b5:2c:13:8c:62:7b:39:e1:2b:93:64:ff:e4:
a9:ab:ef:fc:63:04:75:8d:e1:82:cc:7c:13:ad:31:
67:a6:ca:66:7c:c2:17:20:fb:8a:4e:58:7d:b6:3e:
96:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:E5:89:DA:EA:D3:C7:2E:4A:B6:33:E6:E9:23:DC:A5:DD:22:1C:CF
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/u-WJ2urTxy5KtjPm6SPcpd0iHM8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/20
109.111.32.0/20
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
63:27:b2:23:44:2f:51:e7:f2:42:c5:10:ab:db:5b:f7:44:7a:
24:fe:c0:0e:d9:94:6e:cd:bf:62:f2:25:1f:98:cc:3b:d7:95:
15:df:3a:72:96:d6:01:69:eb:3a:ae:67:b1:3c:17:78:96:48:
2f:5d:99:15:51:58:84:a6:07:b9:17:68:ca:72:47:fb:9d:54:
bb:89:d3:b1:14:f2:fc:07:76:26:fb:50:ef:8d:63:52:12:be:
f4:85:ad:70:89:a3:55:0a:d6:94:77:21:df:db:d3:8b:f9:c6:
a7:87:e6:f7:cb:7c:04:de:00:63:22:1b:3f:de:db:46:48:50:
ff:fb:8f:d5:47:69:0a:3f:12:bc:88:d7:01:8e:bc:a2:8a:00:
f4:2f:d1:af:62:39:85:d6:42:ae:10:61:ae:bd:ee:12:fa:6c:
6f:ce:1b:02:af:d3:f0:51:ac:ae:30:67:07:88:82:67:1c:6b:
19:f1:bc:83:ca:6a:c0:9e:7c:df:74:80:71:d3:55:f0:94:ab:
14:fc:f2:02:dd:1e:66:3c:3d:23:25:1f:fc:4c:55:79:de:f4:
66:72:59:a9:1e:a3:5f:30:3a:cd:f7:41:b1:07:80:ad:1c:85:
b1:7c:bb:97:7f:ac:5d:0d:7f:cd:91:96:0b:c5:42:12:e4:d5:
ad:40:d2:e7
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZJjpxs9xTK1mHN31r5Cn7fIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQxMDA2MjEwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmU1ODlkYWVhZDNjNzJlNGFiNjMzZTZlOTIzZGNhNWRkMjIxY2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8gzmHQMnzlLGoamGfbgMm1nRNji4
mlDt0XzfXDwZLkljrySEorIMQJZWTBSfPuQUN5cP6znesgoj3XCXTqh/elrR2Cla
TeaPGy76Ku+iVGHxst7Nlba44mzYkEEZ/T0Pi3Uhcfy3RcOuNtKDY/Qwu0plprGw
EDjNJocUNTcjWjSz+DBCnSVLkxxJavYlNiyonVYezYmJ7prk1UF6l6GeqEe+m4Se
LFiT5LjtFdAAFFYFdemqOS1pNvoAkpSZFj74thUAfJ1CYoqLr9qNKUuDnB1ntLUs
E4xieznhK5Nk/+Spq+/8YwR1jeGCzHwTrTFnpspmfMIXIPuKTlh9tj6W0QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLvlidrq08cuSrYz5ukj3KXdIhzPMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvdS1XSjJ1clR4eTVLdGpQbTZTUGNwZDBpSE04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEX1IAAwQE
bW8gMAwDBAKw3RQDBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAGMnsiNEL1Hn8kLF
EKvbW/dEeiT+wA7ZlG7Nv2LyJR+YzDvXlRXfOnKW1gFp6zquZ7E8F3iWSC9dmRVR
WISmB7kXaMpyR/udVLuJ07EU8vwHdib7UO+NY1ISvvSFrXCJo1UK1pR3Id/b04v5
xqeH5vfLfATeAGMiGz/e20ZIUP/7j9VHaQo/EryI1wGOvKKKAPQv0a9iOYXWQq4Q
Ya697hL6bG/OGwKv0/BRrK4wZweIgmccaxnxvIPKasCefN90gHHTVfCUqxT88gLd
HmY8PSMlH/xMVXne9GZyWakeo18wOs33QbEHgK0chbF8u5d/rF0Nf82RlgvFQhLk
1a1A0uc=
-----END CERTIFICATE-----
Generated at Wed May 7 01:10:28 2025 by rpki-client