Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/alPWJP9ms7haH6aukQfypxF2XMI.roa
File: alPWJP9ms7haH6aukQfypxF2XMI.roa (raw, json)
Hash identifier: nF757BZCdmTW5q9rhHEYNKxev1hIDql08wYk+GDibFw=
Subject key identifier: 6A:53:D6:24:FF:66:B3:B8:5A:1F:A6:AE:91:07:F2:A7:11:76:5C:C2
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 01930414F07914609CF9631142153B0D7A2B
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/alPWJP9ms7haH6aukQfypxF2XMI.roa
Signing time: Thu 07 Nov 2024 00:45:01 +0000
ROA not before: Thu 07 Nov 2024 00:45:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/20 maxlen: 20
109.111.32.0/20 maxlen: 24
109.111.34.0/23 maxlen: 24
109.111.40.0/22 maxlen: 24
109.111.40.0/23 maxlen: 24
109.111.42.0/23 maxlen: 24
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
176.221.26.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:04:14:f0:79:14:60:9c:f9:63:11:42:15:3b:0d:7a:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Nov 7 00:45:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6a53d624ff66b3b85a1fa6ae9107f2a711765cc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:a2:63:21:61:54:d6:a2:a8:0d:69:0d:2f:aa:
73:ec:2b:9d:e6:b0:60:fc:27:89:c1:c7:8d:01:a7:
fa:20:4d:41:79:5f:43:eb:21:e2:e8:da:a7:77:4b:
ff:82:d0:c4:55:06:e0:68:7c:e7:59:27:dc:ca:0f:
e3:1d:a4:7f:ed:c8:63:b4:fc:48:82:02:49:6a:65:
ed:c7:d1:d9:d6:a0:37:c1:d5:28:c5:75:d2:7f:3a:
9d:15:0e:08:08:ad:8a:73:b8:f0:9c:f9:8f:4b:f1:
29:b0:b4:83:29:f5:eb:14:ba:53:e1:6e:76:48:bb:
90:cf:5b:0e:26:cc:58:69:ff:7c:4b:9e:1c:9e:12:
5f:a0:b3:d3:66:c1:12:24:1c:37:1f:4f:54:5e:0b:
07:c9:18:22:d0:1f:79:36:eb:57:72:ff:9e:cc:74:
78:8f:43:dd:5c:52:81:ef:a2:1a:f4:20:6f:ee:f0:
ce:03:36:44:a9:b0:ef:40:d6:15:a0:ae:a2:7c:54:
87:b7:8d:0d:be:05:88:59:84:db:54:07:af:ce:1b:
a5:4c:ab:c6:35:ae:2a:45:93:fc:5c:38:48:72:c4:
a1:ec:5c:77:7e:cb:c6:51:fd:b3:8e:18:42:ff:f9:
7e:e7:bd:52:37:2c:64:d7:4d:5e:b2:1c:54:0a:f5:
94:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:53:D6:24:FF:66:B3:B8:5A:1F:A6:AE:91:07:F2:A7:11:76:5C:C2
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/alPWJP9ms7haH6aukQfypxF2XMI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.82.0.0/20
109.111.32.0/20
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
71:40:ef:dc:03:80:62:f8:2b:6d:f9:1e:4d:f7:97:f4:d8:47:
b6:65:e8:15:70:cf:aa:a9:14:ef:e4:da:4e:a3:fa:3b:31:2d:
84:a9:ac:ef:26:23:79:69:6e:bf:44:e2:a5:97:37:5f:7b:8e:
4f:97:1e:ec:a3:14:32:8d:4f:36:ce:b9:f3:5e:14:92:2d:f9:
e6:e5:83:f3:8d:c5:fb:a8:6b:df:e1:b5:13:2b:53:75:af:51:
09:02:8f:00:3f:31:ec:43:77:22:44:87:17:82:8c:64:b3:45:
f1:bf:ec:f5:d4:5c:2a:e2:e8:68:5a:d4:c4:b2:3d:1d:be:96:
6b:27:a8:4c:80:8f:da:48:00:21:94:f8:64:64:23:01:2f:3b:
d1:aa:af:a6:55:27:22:c6:c3:f2:d5:68:2c:d6:fa:61:1b:41:
6b:38:6e:ca:ea:b8:f6:4b:6c:76:5f:9d:a0:9d:c4:6a:68:7b:
20:8d:80:04:0b:47:bd:c4:c7:59:f9:c0:85:b7:c8:17:c1:29:
f9:e9:ff:96:57:d9:0c:bd:19:84:8e:aa:0e:1a:61:cb:ac:9a:
d1:d0:45:82:42:51:aa:65:2d:6b:ff:1c:b3:70:42:9f:0f:d7:
43:bb:e2:ee:9b:3e:d7:3f:e3:b6:b7:32:cd:c5:e1:95:de:a1:
15:51:8e:f3
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZMEFPB5FGCc+WMRQhU7DXorMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQxMTA3MDA0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTUzZDYyNGZmNjZiM2I4NWExZmE2YWU5MTA3ZjJhNzExNzY1Y2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6JjIWFU1qKoDWkNL6pz7Cud5rBg
/CeJwceNAaf6IE1BeV9D6yHi6Nqnd0v/gtDEVQbgaHznWSfcyg/jHaR/7chjtPxI
ggJJamXtx9HZ1qA3wdUoxXXSfzqdFQ4ICK2Kc7jwnPmPS/EpsLSDKfXrFLpT4W52
SLuQz1sOJsxYaf98S54cnhJfoLPTZsESJBw3H09UXgsHyRgi0B95NutXcv+ezHR4
j0PdXFKB76Ia9CBv7vDOAzZEqbDvQNYVoK6ifFSHt40NvgWIWYTbVAevzhulTKvG
Na4qRZP8XDhIcsSh7Fx3fsvGUf2zjhhC//l+571SNyxk101eshxUCvWUdQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFGpT1iT/ZrO4Wh+mrpEH8qcRdlzCMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvYWxQV0pQOW1zN2hhSDZhdWtRZnlweEYyWE1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQEX1IAAwQE
bW8gMAwDBAKw3RQDBAKw3RgwDQYJKoZIhvcNAQELBQADggEBAHFA79wDgGL4K235
Hk33l/TYR7Zl6BVwz6qpFO/k2k6j+jsxLYSprO8mI3lpbr9E4qWXN197jk+XHuyj
FDKNTzbOufNeFJIt+eblg/ONxfuoa9/htRMrU3WvUQkCjwA/MexDdyJEhxeCjGSz
RfG/7PXUXCri6Gha1MSyPR2+lmsnqEyAj9pIACGU+GRkIwEvO9Gqr6ZVJyLGw/LV
aCzW+mEbQWs4bsrquPZLbHZfnaCdxGpoeyCNgAQLR73Ex1n5wIW3yBfBKfnp/5ZX
2Qy9GYSOqg4aYcusmtHQRYJCUaplLWv/HLNwQp8P10O74u6bPtc/47a3Ms3F4ZXe
oRVRjvM=
-----END CERTIFICATE-----
Generated at Mon Apr 28 09:29:16 2025 by rpki-client