Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/RO1RywcSTuClkaOTXV9fyxdsePQ.roa
File: RO1RywcSTuClkaOTXV9fyxdsePQ.roa (raw, json)
Hash identifier: TzgCo9gPrwFYx+lidpRU31/9J2wLuARu0tzD35Y5Cbk=
Subject key identifier: 44:ED:51:CB:07:12:4E:E0:A5:91:A3:93:5D:5F:5F:CB:17:6C:78:F4
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 0186F3CF3128F853B40D2412914C6766E210
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/RO1RywcSTuClkaOTXV9fyxdsePQ.roa
Signing time: Sat 18 Mar 2023 08:21:27 +0000
ROA not before: Sat 18 Mar 2023 08:21:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39521
IP address blocks: 95.82.56.0/21 maxlen: 24
37.128.252.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:f3:cf:31:28:f8:53:b4:0d:24:12:91:4c:67:66:e2:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Mar 18 08:21:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=44ed51cb07124ee0a591a3935d5f5fcb176c78f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:95:8a:a0:4b:d3:80:e9:83:2a:63:39:f5:a5:
36:ef:ff:6f:3e:cc:f0:31:f0:04:3a:6a:dd:61:18:
cc:d9:cd:f7:6d:73:86:0c:0c:1e:8f:9c:8d:6d:e2:
f7:e3:9d:4c:e8:8b:00:46:07:09:ed:4a:0b:5c:ae:
39:4c:32:cd:1d:9b:7a:bb:a5:2e:70:fd:9c:e6:67:
22:a3:01:fa:37:54:69:2f:a8:60:21:66:2c:7e:3d:
94:c1:dd:1f:0e:36:ae:f3:a5:ef:b5:c0:fe:cd:a8:
77:f9:e9:cd:13:ea:80:d9:e0:51:7f:07:9e:fa:d2:
b4:41:72:bf:87:64:27:c4:96:60:af:72:7d:fe:b2:
06:ed:40:f9:04:82:f6:52:98:23:09:ca:68:44:69:
c8:e5:4e:31:c2:aa:25:bc:5e:bf:7b:26:1f:f8:4e:
7d:3a:d0:f1:8e:28:f7:d4:a0:70:3a:68:5a:0f:09:
26:19:de:87:7b:f1:4a:9f:55:a5:97:f6:e6:df:11:
d1:b6:94:f1:de:3d:3f:60:71:b8:2f:eb:81:af:93:
fc:9e:b0:a5:10:37:95:6d:eb:64:f3:bc:26:e5:27:
c2:28:69:75:ed:cc:ee:c4:cf:82:7a:b4:86:47:b7:
26:43:94:3f:a1:5c:81:13:8b:57:b9:3f:c4:97:d7:
b2:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:ED:51:CB:07:12:4E:E0:A5:91:A3:93:5D:5F:5F:CB:17:6C:78:F4
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/RO1RywcSTuClkaOTXV9fyxdsePQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/21
95.82.56.0/21
Signature Algorithm: sha256WithRSAEncryption
33:a2:1b:fb:09:44:8f:c6:53:ad:78:bf:d3:78:6a:8a:60:a9:
8e:9f:3d:7a:fb:0a:c3:e7:3a:0f:e3:80:0b:6d:c4:06:7b:7d:
13:53:d0:55:b1:2a:14:fa:28:81:ec:a2:18:dc:a9:0c:5a:7a:
5c:49:cd:4f:53:b9:2a:eb:b7:45:a9:96:e2:8e:99:8b:12:51:
e1:63:c9:d7:47:8f:60:f2:ba:f6:bf:4e:5b:e7:2a:cb:47:e2:
63:fc:49:a0:c9:29:1a:cb:05:bb:6a:af:25:6a:ab:ca:d8:c8:
45:2e:f3:3a:05:1c:8c:8c:2d:49:31:db:97:b1:f9:39:39:96:
e0:64:b9:1a:e6:00:fb:31:5e:63:da:5d:65:9b:d9:b7:08:40:
15:bb:fb:61:ff:89:27:17:2a:d1:2f:10:22:c7:e1:23:b9:66:
fe:45:24:92:4d:58:83:d4:1e:a2:f8:d7:80:30:6f:dc:82:c3:
c9:02:e9:f2:dd:ff:c0:bd:cb:82:6b:f5:33:c7:b9:f7:44:49:
5b:29:3c:1d:37:c8:66:ee:bc:78:33:2b:92:a8:e7:6b:f2:2f:
ff:05:77:0e:65:4d:e9:bd:e9:4f:4c:e6:56:4e:df:c1:03:21:
67:33:ab:be:9f:aa:f7:2c:19:9c:05:a6:27:5f:bd:00:34:07:
34:2d:f6:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYbzzzEo+FO0DSQSkUxnZuIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwMzE4MDgyMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGVkNTFjYjA3MTI0ZWUwYTU5MWEzOTM1ZDVmNWZjYjE3NmM3OGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpWKoEvTgOmDKmM59aU27/9vPszw
MfAEOmrdYRjM2c33bXOGDAwej5yNbeL3451M6IsARgcJ7UoLXK45TDLNHZt6u6Uu
cP2c5mciowH6N1RpL6hgIWYsfj2Uwd0fDjau86XvtcD+zah3+enNE+qA2eBRfwee
+tK0QXK/h2QnxJZgr3J9/rIG7UD5BIL2UpgjCcpoRGnI5U4xwqolvF6/eyYf+E59
OtDxjij31KBwOmhaDwkmGd6He/FKn1Wll/bm3xHRtpTx3j0/YHG4L+uBr5P8nrCl
EDeVbetk87wm5SfCKGl17czuxM+CerSGR7cmQ5Q/oVyBE4tXuT/El9eyDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFETtUcsHEk7gpZGjk11fX8sXbHj0MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvUk8xUnl3Y1NUdUNsa2FPVFhWOWZ5eGRzZVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJYD4AwQD
X1I4MA0GCSqGSIb3DQEBCwUAA4IBAQAzohv7CUSPxlOteL/TeGqKYKmOnz16+wrD
5zoP44ALbcQGe30TU9BVsSoU+iiB7KIY3KkMWnpcSc1PU7kq67dFqZbijpmLElHh
Y8nXR49g8rr2v05b5yrLR+Jj/EmgySkaywW7aq8laqvK2MhFLvM6BRyMjC1JMduX
sfk5OZbgZLka5gD7MV5j2l1lm9m3CEAVu/th/4knFyrRLxAix+EjuWb+RSSSTViD
1B6i+NeAMG/cgsPJAuny3f/AvcuCa/Uzx7n3RElbKTwdN8hm7rx4MyuSqOdr8i//
BXcOZU3pvelPTOZWTt/BAyFnM6u+n6r3LBmcBaYnX70ANAc0LfaD
-----END CERTIFICATE-----
Generated at Mon Apr 28 00:31:03 2025 by rpki-client