Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/aW6uDcblHrMjMIACsFXepWpL_oM.roa
File: aW6uDcblHrMjMIACsFXepWpL_oM.roa (raw, json)
Hash identifier: sjB3ArBjcAleLFHQJgCQ05ULb91ilCYuKFEZFSjySkY=
Subject key identifier: 69:6E:AE:0D:C6:E5:1E:B3:23:30:80:02:B0:55:DE:A5:6A:4B:FE:83
Certificate issuer: /CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Certificate serial: 0189F43AE70345D7DF469EA06A7803AE93D1
Authority key identifier: 84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/aW6uDcblHrMjMIACsFXepWpL_oM.roa
Signing time: Mon 14 Aug 2023 13:27:27 +0000
ROA not before: Mon 14 Aug 2023 13:27:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20640
IP address blocks: 82.206.32.0/19 maxlen: 19
217.140.64.0/19 maxlen: 22
217.173.128.0/19 maxlen: 23
217.140.72.0/21 maxlen: 21
217.140.80.0/21 maxlen: 21
2001:4b88::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:f4:3a:e7:03:45:d7:df:46:9e:a0:6a:78:03:ae:93:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84470af0d89d785ba18ba617dc09e3f72c5996f3
Validity
Not Before: Aug 14 13:27:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=696eae0dc6e51eb323308002b055dea56a4bfe83
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:14:c4:22:96:de:ea:3f:34:d1:60:51:f4:77:
9a:ca:c6:9b:9a:c7:74:1a:da:49:26:85:d8:36:b8:
94:be:47:44:29:4c:62:08:4e:ab:bf:25:46:aa:22:
e8:9a:a8:59:f0:ab:66:ac:01:c5:6e:d4:0c:62:63:
a2:45:d8:0b:9b:47:ee:50:51:8b:2f:21:e8:95:3a:
3c:4a:e6:1e:64:e3:bf:5b:cf:fe:7f:3a:af:3e:07:
3d:31:b9:89:c1:98:04:5d:94:24:bd:f8:df:8e:39:
da:43:0e:d8:44:63:f3:19:39:79:5e:a5:e0:91:e6:
7f:a5:d2:6e:0f:ed:d1:09:19:3d:5e:3b:b7:c9:e6:
41:5c:53:47:9d:a1:3e:7f:57:e7:f8:f6:cc:65:b0:
39:17:0d:49:07:89:7b:b2:a7:70:2a:6a:8c:88:9e:
86:bc:ab:e7:86:1c:c5:4f:c0:aa:72:69:14:8e:6c:
f2:ca:2a:c2:81:55:10:75:79:f4:c2:5a:c5:58:25:
fd:89:91:28:95:f5:2b:a0:43:53:d2:ac:2f:80:c4:
13:77:76:77:0c:2c:99:a9:f9:39:e2:ba:0e:f0:55:
22:f0:25:1e:25:b2:2d:c6:34:49:c9:2b:55:e0:d3:
01:f9:93:62:bd:43:5a:ca:9a:b5:34:fe:63:2f:62:
f3:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:6E:AE:0D:C6:E5:1E:B3:23:30:80:02:B0:55:DE:A5:6A:4B:FE:83
X509v3 Authority Key Identifier:
keyid:84:47:0A:F0:D8:9D:78:5B:A1:8B:A6:17:DC:09:E3:F7:2C:59:96:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEcK8NideFuhi6YX3Anj9yxZlvM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/aW6uDcblHrMjMIACsFXepWpL_oM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/15/660f1d-5753-4516-8002-e76e3e293e02/1/hEcK8NideFuhi6YX3Anj9yxZlvM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.206.32.0/19
217.140.64.0/19
217.173.128.0/19
IPv6:
2001:4b88::/32
Signature Algorithm: sha256WithRSAEncryption
22:3b:5d:c6:78:da:0a:78:8b:29:1a:61:b9:7d:f9:04:3e:de:
02:98:46:ef:25:2f:82:08:4b:b1:28:e8:9b:91:eb:ee:da:a6:
b2:fa:3b:8c:03:b7:6c:90:c5:42:c9:65:26:a6:95:7a:14:37:
cc:62:c5:a3:f5:04:01:c2:8f:3d:eb:89:44:3f:72:2a:ab:ea:
cc:b9:9a:b5:9d:e2:0d:fa:94:5e:56:d7:23:eb:20:a8:04:74:
69:16:bb:92:b1:aa:f9:73:dc:b8:00:4c:a8:04:e3:97:1b:38:
04:d0:91:a4:57:37:e4:7c:51:f1:50:c1:44:2a:34:71:4e:31:
4c:d8:da:46:d1:fd:57:dd:3a:71:32:d4:7a:a6:81:db:61:f7:
b7:29:cd:a0:41:cb:cb:2e:08:9c:f9:9c:52:2e:43:ba:89:5e:
99:d7:0f:65:99:71:37:c4:c2:1b:3e:88:b5:8c:a5:03:f2:47:
f7:ae:2b:f8:ba:55:d4:dd:bf:57:dc:5f:70:94:ac:ac:eb:7a:
9a:38:6b:c2:60:eb:6d:2c:f7:df:6a:5c:84:45:1c:f1:ac:cf:
0f:96:30:f3:90:e5:5a:2a:fd:84:38:79:8a:24:ca:b7:15:50:
69:de:b6:17:8c:8d:b1:d5:ce:b0:66:7c:f3:91:fb:5f:14:b7:
29:9e:62:9a
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYn0OucDRdffRp6gangDrpPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDcwYWYwZDg5ZDc4NWJhMThiYTYxN2RjMDllM2Y3MmM1
OTk2ZjMwHhcNMjMwODE0MTMyNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTZlYWUwZGM2ZTUxZWIzMjMzMDgwMDJiMDU1ZGVhNTZhNGJmZTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthTEIpbe6j800WBR9Heaysabmsd0
GtpJJoXYNriUvkdEKUxiCE6rvyVGqiLomqhZ8KtmrAHFbtQMYmOiRdgLm0fuUFGL
LyHolTo8SuYeZOO/W8/+fzqvPgc9MbmJwZgEXZQkvfjfjjnaQw7YRGPzGTl5XqXg
keZ/pdJuD+3RCRk9Xju3yeZBXFNHnaE+f1fn+PbMZbA5Fw1JB4l7sqdwKmqMiJ6G
vKvnhhzFT8CqcmkUjmzyyirCgVUQdXn0wlrFWCX9iZEolfUroENT0qwvgMQTd3Z3
DCyZqfk54roO8FUi8CUeJbItxjRJyStV4NMB+ZNivUNaypq1NP5jL2LzeQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGlurg3G5R6zIzCAArBV3qVqS/6DMB8GA1UdIwQY
MBaAFIRHCvDYnXhboYumF9wJ4/csWZbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDIt
ZTc2ZTNlMjkzZTAyLzEvYVc2dURjYmxIck1qTUlBQ3NGWGVwV3BMX29NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82NjBmMWQtNTc1My00NTE2LTgwMDItZTc2ZTNlMjkzZTAy
LzEvaEVjSzhOaWRlRnVoaTZZWDNBbmo5eXhabHZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFUs4gAwQF
2YxAAwQF2a2AMA0EAgACMAcDBQAgAUuIMA0GCSqGSIb3DQEBCwUAA4IBAQAiO13G
eNoKeIspGmG5ffkEPt4CmEbvJS+CCEuxKOibkevu2qay+juMA7dskMVCyWUmppV6
FDfMYsWj9QQBwo8964lEP3Iqq+rMuZq1neIN+pReVtcj6yCoBHRpFruSsar5c9y4
AEyoBOOXGzgE0JGkVzfkfFHxUMFEKjRxTjFM2NpG0f1X3TpxMtR6poHbYfe3Kc2g
QcvLLgic+ZxSLkO6iV6Z1w9lmXE3xMIbPoi1jKUD8kf3riv4ulXU3b9X3F9wlKys
63qaOGvCYOttLPffalyERRzxrM8PljDzkOVaKv2EOHmKJMq3FVBp3rYXjI2x1c6w
ZnzzkftfFLcpnmKa
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:24 2023 by rpki-client on console.sobornost.net