Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/Po8dWnRhuRza6l5rbb1k_BwIddE.roa
File: Po8dWnRhuRza6l5rbb1k_BwIddE.roa (raw, json)
Hash identifier: 4t6PTdRznqmLupkpAevhoDWBVpgEpAsHsfeSPlPoPhw=
Subject key identifier: 3E:8F:1D:5A:74:61:B9:1C:DA:EA:5E:6B:6D:BD:64:FC:1C:08:75:D1
Certificate issuer: /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial: 0189FE0EB75E7E3CB8B3091C8C972599F6A6
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/Po8dWnRhuRza6l5rbb1k_BwIddE.roa
Signing time: Wed 16 Aug 2023 11:15:24 +0000
ROA not before: Wed 16 Aug 2023 11:15:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20640
IP address blocks: 82.206.32.0/19 maxlen: 19
217.173.128.0/19 maxlen: 23
217.140.72.0/21 maxlen: 21
217.140.80.0/21 maxlen: 21
2001:4b88::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:fe:0e:b7:5e:7e:3c:b8:b3:09:1c:8c:97:25:99:f6:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Validity
Not Before: Aug 16 11:15:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3e8f1d5a7461b91cdaea5e6b6dbd64fc1c0875d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:22:b8:61:15:be:9e:a7:50:ac:89:cb:9b:a5:
65:ef:d0:3c:21:5f:dd:24:14:a8:eb:6e:ee:50:72:
98:d9:69:0d:12:5c:33:44:ee:0f:f7:ea:65:0b:cd:
45:ca:a5:d2:bc:e0:fb:b2:5b:1b:7f:77:e7:4a:76:
d0:1c:43:2f:2f:4a:f7:3c:47:8e:52:45:cf:e9:26:
e9:f8:47:44:db:18:08:95:43:2c:fd:a7:91:10:ee:
86:27:31:41:86:63:fa:ff:6e:9d:f9:a1:72:6e:6f:
c5:ca:b3:ab:ff:91:43:fa:4c:b4:6d:22:db:37:5b:
9d:47:9c:c4:31:0c:d2:66:6f:3d:13:5b:55:ad:a2:
6a:98:1f:44:a1:51:9e:27:02:24:60:f2:7e:f5:1a:
6a:b8:84:7b:b5:2d:a1:aa:55:0a:e6:29:cd:aa:31:
7c:68:34:66:00:2a:18:ce:65:33:dc:6b:86:7e:82:
5d:37:5f:21:20:f9:91:96:1f:e4:0c:37:f7:e7:53:
5b:bf:3e:6c:8e:8d:49:13:87:68:54:b2:71:61:3b:
6d:5d:fa:12:a0:a6:ed:ae:61:fa:fa:2b:1d:55:bd:
f5:aa:75:25:01:8f:8a:83:fc:1c:19:b0:d9:7f:da:
ab:2c:46:26:66:3b:65:46:da:c4:08:5b:57:1b:48:
8e:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:8F:1D:5A:74:61:B9:1C:DA:EA:5E:6B:6D:BD:64:FC:1C:08:75:D1
X509v3 Authority Key Identifier:
keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/Po8dWnRhuRza6l5rbb1k_BwIddE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.206.32.0/19
217.140.72.0-217.140.87.255
217.173.128.0/19
IPv6:
2001:4b88::/32
Signature Algorithm: sha256WithRSAEncryption
a9:81:4e:8c:27:9e:7e:4b:56:f2:68:29:4f:f5:a2:48:44:82:
9d:98:49:7d:dc:92:c6:64:bf:50:59:4c:17:3b:d7:8d:22:ff:
79:eb:88:5e:43:82:b2:c7:13:42:1f:a8:ff:af:91:0f:76:12:
73:e6:02:3e:3e:32:20:38:93:99:79:4d:e1:7a:9c:2b:76:05:
96:d8:31:bd:d9:fe:bb:27:ba:43:da:63:00:12:32:89:3b:d8:
2d:b2:98:e3:01:67:8b:a6:93:5d:fa:47:16:c4:48:c9:aa:fe:
7c:5c:a9:fe:c4:29:79:08:f6:c4:26:76:d6:de:82:93:5b:88:
aa:0d:73:42:f8:39:e8:26:ab:09:42:0c:59:1e:a1:5c:2b:3f:
f8:57:b9:95:34:56:59:44:e6:28:e3:f3:69:cf:5b:95:53:ec:
42:05:9f:0e:f5:2a:c7:dc:4a:96:21:c5:38:42:4a:b5:2a:97:
b9:54:20:9a:30:b7:44:8e:c6:a2:b7:7c:3a:25:51:cc:f4:28:
e6:b6:7b:40:ea:be:a1:5f:9e:69:9e:df:0a:e2:65:cb:17:5a:
55:37:52:e2:03:c7:4a:1b:c2:a8:b7:81:3e:5b:4d:1a:c8:ea:
11:a1:41:76:71:b8:2f:ed:2d:5d:53:7f:b5:b8:5c:45:65:00:
1d:12:0f:76
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYn+Drdefjy4swkcjJclmfamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjMwODE2MTExNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThmMWQ1YTc0NjFiOTFjZGFlYTVlNmI2ZGJkNjRmYzFjMDg3NWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSK4YRW+nqdQrInLm6Vl79A8IV/d
JBSo627uUHKY2WkNElwzRO4P9+plC81FyqXSvOD7slsbf3fnSnbQHEMvL0r3PEeO
UkXP6Sbp+EdE2xgIlUMs/aeREO6GJzFBhmP6/26d+aFybm/FyrOr/5FD+ky0bSLb
N1udR5zEMQzSZm89E1tVraJqmB9EoVGeJwIkYPJ+9RpquIR7tS2hqlUK5inNqjF8
aDRmACoYzmUz3GuGfoJdN18hIPmRlh/kDDf351Nbvz5sjo1JE4doVLJxYTttXfoS
oKbtrmH6+isdVb31qnUlAY+Kg/wcGbDZf9qrLEYmZjtlRtrECFtXG0iOwQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFD6PHVp0Ybkc2upea229ZPwcCHXRMB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvUG84ZFduUmh1UnphNmw1cmJiMWtfQndJZGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQFUs4gMAwD
BAPZjEgDBAPZjFADBAXZrYAwDQQCAAIwBwMFACABS4gwDQYJKoZIhvcNAQELBQAD
ggEBAKmBTownnn5LVvJoKU/1okhEgp2YSX3cksZkv1BZTBc7140i/3nriF5DgrLH
E0IfqP+vkQ92EnPmAj4+MiA4k5l5TeF6nCt2BZbYMb3Z/rsnukPaYwASMok72C2y
mOMBZ4umk136RxbESMmq/nxcqf7EKXkI9sQmdtbegpNbiKoNc0L4OegmqwlCDFke
oVwrP/hXuZU0VllE5ijj82nPW5VT7EIFnw71KsfcSpYhxThCSrUql7lUIJowt0SO
xqK3fDolUcz0KOa2e0DqvqFfnmme3wriZcsXWlU3UuIDx0obwqi3gT5bTRrI6hGh
QXZxuC/tLV1Tf7W4XEVlAB0SD3Y=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:24 2023 by rpki-client on console.sobornost.net