Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/y9J08y4cRoGRDyajJrqcY0EJIBs.roa
File: y9J08y4cRoGRDyajJrqcY0EJIBs.roa (raw, json)
Hash identifier: lBAhLAFMRfrVciFvrfrRu7se3SnLIqN/dGNNYMUIaXo=
Subject key identifier: CB:D2:74:F3:2E:1C:46:81:91:0F:26:A3:26:BA:9C:63:41:09:20:1B
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018B135610A0E49C57826223AEEDBC77F908
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/y9J08y4cRoGRDyajJrqcY0EJIBs.roa
Signing time: Mon 09 Oct 2023 07:28:09 +0000
ROA not before: Mon 09 Oct 2023 07:28:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 95.82.0.0/21 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.24.0/21 maxlen: 21
176.221.28.0/22 maxlen: 24
37.128.248.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:13:56:10:a0:e4:9c:57:82:62:23:ae:ed:bc:77:f9:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Oct 9 07:28:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cbd274f32e1c4681910f26a326ba9c634109201b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:2f:d4:6b:ca:a2:e8:7b:e9:2c:fb:8a:1d:8b:
cf:4a:f2:b7:65:06:47:81:2a:2a:66:89:5a:df:7e:
de:cd:e1:f3:12:f3:42:ae:3e:d9:6d:47:09:2e:51:
f0:cc:53:b3:7e:14:b1:dd:35:9f:70:4b:75:ff:c6:
ba:e5:79:7b:9b:7c:0e:a3:ac:e7:ef:2d:a0:7c:9b:
49:58:b9:18:60:50:a8:e4:63:10:d9:63:f8:70:29:
e7:af:bc:1a:b9:2d:2e:f2:39:24:a1:02:5b:7c:d6:
5c:98:38:c7:12:9b:78:75:76:3a:43:b2:e1:5f:15:
9e:8c:38:8d:8d:67:ed:79:17:53:32:6b:e7:e3:0c:
8d:39:47:7e:09:4f:8b:52:23:d6:5d:a0:ec:f9:54:
0b:86:7c:3d:5a:41:1d:54:28:34:a1:f1:2f:09:2c:
53:f3:48:c9:4c:d1:f0:d1:66:80:eb:01:1c:48:a2:
f4:10:b8:f6:ee:30:b7:6f:0e:92:76:4f:d4:17:8f:
4c:03:bc:41:b7:3c:b3:d7:2d:e3:55:7c:06:0e:5d:
54:95:d4:e2:24:74:33:d9:ba:44:81:4d:f6:fa:c7:
e1:00:ac:7d:fd:63:34:7f:27:b3:78:e0:a2:3d:83:
8f:61:42:5a:4d:59:77:f1:82:0d:93:ac:9f:fa:1d:
3a:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:D2:74:F3:2E:1C:46:81:91:0F:26:A3:26:BA:9C:63:41:09:20:1B
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/y9J08y4cRoGRDyajJrqcY0EJIBs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/21
176.221.16.0/20
Signature Algorithm: sha256WithRSAEncryption
12:01:d5:9c:de:4f:2a:09:ec:58:42:e2:70:5b:4b:4c:1e:2c:
a7:14:61:52:70:15:3d:11:b5:c4:b2:d6:6f:99:f6:69:88:06:
a9:ba:d6:cd:27:73:86:38:a0:51:96:2f:f2:64:6d:5b:ca:66:
00:77:3c:e3:61:20:d7:81:31:31:73:9b:ce:3c:59:e0:35:50:
92:d3:ca:ff:56:3e:c2:5b:d5:fd:4a:31:18:56:d0:e1:39:23:
da:66:f2:0f:06:cf:4c:13:11:25:4b:d3:cc:9a:f4:69:9b:d9:
66:29:0f:a3:dc:87:97:55:00:dc:99:89:45:c2:b1:df:ff:87:
d0:c8:8c:73:fc:5e:4a:c7:34:b9:16:ca:cc:42:35:84:7a:fc:
c7:6d:2f:2e:a5:72:47:f4:d6:db:d2:54:8b:b8:c8:f3:3a:02:
f2:1f:be:ae:7f:fa:fc:c7:c6:49:9c:86:b3:cb:89:1a:77:2e:
34:ca:b6:ee:f3:a2:1c:11:63:dc:17:9f:17:8d:94:cb:b4:49:
4d:43:d0:c6:ba:f1:39:a0:e7:d7:bf:a2:80:cb:53:e4:5d:f6:
83:d8:08:c3:c9:6c:c7:c4:d2:a3:de:a9:3e:8d:af:06:cc:44:
3a:a7:82:41:f4:62:f4:72:ef:48:52:9e:cc:2e:2e:16:f2:19:
b8:b8:1a:c1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYsTVhCg5JxXgmIjru28d/kIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjMxMDA5MDcyODA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmQyNzRmMzJlMWM0NjgxOTEwZjI2YTMyNmJhOWM2MzQxMDkyMDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4i/Ua8qi6HvpLPuKHYvPSvK3ZQZH
gSoqZola337ezeHzEvNCrj7ZbUcJLlHwzFOzfhSx3TWfcEt1/8a65Xl7m3wOo6zn
7y2gfJtJWLkYYFCo5GMQ2WP4cCnnr7wauS0u8jkkoQJbfNZcmDjHEpt4dXY6Q7Lh
XxWejDiNjWfteRdTMmvn4wyNOUd+CU+LUiPWXaDs+VQLhnw9WkEdVCg0ofEvCSxT
80jJTNHw0WaA6wEcSKL0ELj27jC3bw6Sdk/UF49MA7xBtzyz1y3jVXwGDl1UldTi
JHQz2bpEgU32+sfhAKx9/WM0fyezeOCiPYOPYUJaTVl38YINk6yf+h06bQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMvSdPMuHEaBkQ8moya6nGNBCSAbMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEveTlKMDh5NGNSb0dSRHlhakpycWNZMEVKSUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCJYD4AwQD
X1IAAwQEsN0QMA0GCSqGSIb3DQEBCwUAA4IBAQASAdWc3k8qCexYQuJwW0tMHiyn
FGFScBU9EbXEstZvmfZpiAaputbNJ3OGOKBRli/yZG1bymYAdzzjYSDXgTExc5vO
PFngNVCS08r/Vj7CW9X9SjEYVtDhOSPaZvIPBs9MExElS9PMmvRpm9lmKQ+j3IeX
VQDcmYlFwrHf/4fQyIxz/F5KxzS5FsrMQjWEevzHbS8upXJH9Nbb0lSLuMjzOgLy
H76uf/r8x8ZJnIazy4kady40yrbu86IcEWPcF58XjZTLtElNQ9DGuvE5oOfXv6KA
y1PkXfaD2AjDyWzHxNKj3qk+ja8GzEQ6p4JB9GL0cu9IUp7MLi4W8hm4uBrB
-----END CERTIFICATE-----
Generated at Sun Apr 27 22:09:48 2025 by rpki-client