Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/TjPtO20_qhBYqobu1aod6fpmvgw.roa
File: TjPtO20_qhBYqobu1aod6fpmvgw.roa (raw, json)
Hash identifier: oJBxoNgHu+tXKA2awLm6vT6uyx8rqHYSBtALX3TBra0=
Subject key identifier: 4E:33:ED:3B:6D:3F:AA:10:58:AA:86:EE:D5:AA:1D:E9:FA:66:BE:0C
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018948D786AB9393B0DCAFE73F5516B225A4
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/TjPtO20_qhBYqobu1aod6fpmvgw.roa
Signing time: Wed 12 Jul 2023 06:43:51 +0000
ROA not before: Wed 12 Jul 2023 06:43:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
193.176.96.0/24 maxlen: 24
95.82.32.0/21 maxlen: 24
37.128.252.0/22 maxlen: 24
37.128.248.0/23 maxlen: 24
37.128.248.0/22 maxlen: 24
37.128.254.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:48:d7:86:ab:93:93:b0:dc:af:e7:3f:55:16:b2:25:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Jul 12 06:43:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4e33ed3b6d3faa1058aa86eed5aa1de9fa66be0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:48:1c:95:0b:07:01:c8:0c:fb:5a:0a:36:1b:
c4:58:3c:04:f5:b3:7c:7d:1b:4b:45:9c:ac:46:a9:
df:ad:76:06:75:85:4d:a7:e0:8b:ff:ab:1b:06:58:
c7:da:0c:5e:d3:a3:60:ec:92:07:eb:27:12:36:41:
e7:ab:9a:cc:85:18:73:dd:6e:11:3c:32:e4:54:c9:
f6:e4:18:98:c2:af:2c:60:aa:bb:40:3d:25:af:8c:
81:fe:ea:7d:09:f0:12:8b:df:72:02:cc:92:cb:16:
ef:c4:98:7f:5d:3d:e4:ec:84:47:69:4d:30:f7:0e:
d8:1a:93:10:46:b4:af:7b:34:18:89:14:b0:8e:1b:
a5:6b:19:7d:12:78:a5:3c:4d:57:e4:d8:48:7c:51:
75:fd:50:a7:2e:99:c2:b5:3b:f6:db:9e:21:52:a5:
67:9a:2f:82:dc:d7:2d:02:f5:2d:c2:59:30:73:0a:
1a:04:66:f1:ea:6e:fb:96:a7:42:18:24:68:60:6c:
39:04:4c:79:6b:90:c8:17:b4:b5:af:3f:be:9e:56:
26:af:5a:8a:5e:ea:aa:33:f3:e1:c8:a9:65:12:a7:
d5:81:d3:b0:94:1b:a0:82:ef:94:4f:6a:c4:66:f6:
3a:4d:1a:4f:e8:a5:9c:e9:a2:b6:de:86:6d:cb:11:
26:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:33:ED:3B:6D:3F:AA:10:58:AA:86:EE:D5:AA:1D:E9:FA:66:BE:0C
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/TjPtO20_qhBYqobu1aod6fpmvgw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/21
95.82.0.0/21
95.82.32.0/21
193.176.96.0/24
Signature Algorithm: sha256WithRSAEncryption
31:97:b3:28:85:6b:cc:7c:4f:e2:63:7f:00:1e:6e:16:6f:9d:
cf:59:ec:5a:71:7c:06:d3:ac:3c:02:87:f7:c2:7c:b9:0b:8b:
87:55:4f:28:c5:2d:3b:d1:2b:a5:3e:8b:07:3c:74:80:49:ec:
1b:82:ae:76:63:b9:93:c0:5a:6b:65:e7:1a:af:36:f1:d7:37:
dc:8c:55:0e:e9:4c:46:57:45:9b:bb:e2:86:98:d5:aa:82:22:
cf:33:26:2c:23:55:57:a5:72:57:6b:54:c4:d5:c4:12:ff:09:
50:5c:0f:36:bc:35:7b:85:5d:d8:f0:6e:eb:0a:d1:27:56:a6:
89:15:a5:51:2b:99:d6:58:a0:3d:25:dd:ae:e9:b7:be:b3:1f:
48:2c:4c:ba:33:b2:fc:75:a4:83:f9:97:7c:e9:ba:c8:ab:77:
d7:b4:f6:81:19:58:da:a5:03:fa:ee:1c:a9:f9:d8:0f:52:98:
07:07:58:0e:aa:2a:09:ed:73:95:9b:c8:69:0c:f5:42:ae:45:
e9:48:a6:4c:00:35:85:d9:5c:33:64:5d:42:b6:e0:91:77:76:
4e:12:7c:71:e5:1a:1b:ef:e3:6b:8e:12:e1:91:55:4e:f9:82:
13:d1:c7:8e:7c:94:9d:f2:15:71:78:b7:84:f0:a1:83:b4:9c:
bf:75:4d:12
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYlI14ark5Ow3K/nP1UWsiWkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMwNzEyMDY0MzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTMzZWQzYjZkM2ZhYTEwNThhYTg2ZWVkNWFhMWRlOWZhNjZiZTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUgclQsHAcgM+1oKNhvEWDwE9bN8
fRtLRZysRqnfrXYGdYVNp+CL/6sbBljH2gxe06Ng7JIH6ycSNkHnq5rMhRhz3W4R
PDLkVMn25BiYwq8sYKq7QD0lr4yB/up9CfASi99yAsySyxbvxJh/XT3k7IRHaU0w
9w7YGpMQRrSvezQYiRSwjhulaxl9EnilPE1X5NhIfFF1/VCnLpnCtTv2254hUqVn
mi+C3NctAvUtwlkwcwoaBGbx6m77lqdCGCRoYGw5BEx5a5DIF7S1rz++nlYmr1qK
XuqqM/PhyKllEqfVgdOwlBuggu+UT2rEZvY6TRpP6KWc6aK23oZtyxEm3wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFE4z7TttP6oQWKqG7tWqHen6Zr4MMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvVGpQdE8yMF9xaEJZcW9idTFhb2Q2ZnBtdmd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDJYD4AwQD
X1IAAwQDX1IgAwQAwbBgMA0GCSqGSIb3DQEBCwUAA4IBAQAxl7MohWvMfE/iY38A
Hm4Wb53PWexacXwG06w8Aof3wny5C4uHVU8oxS070SulPosHPHSASewbgq52Y7mT
wFprZecarzbx1zfcjFUO6UxGV0Wbu+KGmNWqgiLPMyYsI1VXpXJXa1TE1cQS/wlQ
XA82vDV7hV3Y8G7rCtEnVqaJFaVRK5nWWKA9Jd2u6be+sx9ILEy6M7L8daSD+Zd8
6brIq3fXtPaBGVjapQP67hyp+dgPUpgHB1gOqioJ7XOVm8hpDPVCrkXpSKZMADWF
2VwzZF1CtuCRd3ZOEnxx5Rob7+NrjhLhkVVO+YIT0ceOfJSd8hVxeLeE8KGDtJy/
dU0S
-----END CERTIFICATE-----
Generated at Mon Apr 28 00:53:37 2025 by rpki-client