Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/9XqYJj39f1qFBSQUHZXZCwens5A.roa
File: 9XqYJj39f1qFBSQUHZXZCwens5A.roa (raw, json)
Hash identifier: NcXxLvEhcP/cGPLSOoVwVdkEQVdqLjfGll/XwsNciYc=
Subject key identifier: F5:7A:98:26:3D:FD:7F:5A:85:05:24:14:1D:95:D9:0B:07:A7:B3:90
Certificate issuer: /CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Certificate serial: 018570C2C313C8219CD9AFCFFE6D9B1B30E7
Authority key identifier: AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/9XqYJj39f1qFBSQUHZXZCwens5A.roa
Signing time: Mon 02 Jan 2023 04:34:50 +0000
ROA not before: Mon 02 Jan 2023 04:34:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60783
IP address blocks: 185.25.232.0/22 maxlen: 24
185.198.208.0/22 maxlen: 24
2a0a:8fc0::/29 maxlen: 29
2a04:3480::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:c2:c3:13:c8:21:9c:d9:af:cf:fe:6d:9b:1b:30:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Validity
Not Before: Jan 2 04:34:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f57a98263dfd7f5a850524141d95d90b07a7b390
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:91:7f:8b:a4:dd:67:32:76:60:f4:4c:81:9b:
76:68:85:70:a6:35:e0:f0:8c:a4:05:d4:d4:b0:f1:
2e:45:7a:d9:54:90:b7:ca:f2:81:c6:8a:95:a9:1e:
5f:57:96:21:df:ab:c0:f8:40:53:92:b4:37:d0:69:
98:e0:1b:47:4d:4d:85:25:a6:70:db:12:16:f8:41:
94:c0:ba:5e:d0:5b:2c:80:83:8b:62:1f:d4:cf:7f:
d5:fc:04:f4:ff:68:a0:a3:ef:69:fb:c0:af:01:60:
2d:96:1c:0f:04:4c:c7:be:4d:56:06:0f:43:48:3d:
46:53:11:e9:d3:7a:3e:8a:6b:f3:fc:f9:d8:ef:dc:
37:69:89:60:ed:92:2b:2f:d7:32:2b:57:54:f1:cd:
ac:30:57:23:f8:ba:26:aa:d7:61:96:a6:c6:db:e6:
d9:8f:78:eb:e3:75:d1:fc:86:92:75:ae:82:f4:cf:
a8:10:c5:99:3b:b7:99:05:80:3c:61:de:62:5b:dd:
c5:e6:57:ec:54:2f:6f:ca:e4:8c:a4:da:98:04:ef:
84:1c:33:7a:72:d0:05:5b:99:50:21:4b:c6:80:15:
31:57:b8:ad:36:82:7a:ae:6e:a3:f9:64:a3:f1:e2:
7c:b6:ce:a5:87:bb:96:06:1f:1f:3f:a9:cf:cc:1c:
23:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:7A:98:26:3D:FD:7F:5A:85:05:24:14:1D:95:D9:0B:07:A7:B3:90
X509v3 Authority Key Identifier:
keyid:AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/9XqYJj39f1qFBSQUHZXZCwens5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.25.232.0/22
185.198.208.0/22
IPv6:
2a04:3480::/29
2a0a:8fc0::/29
Signature Algorithm: sha256WithRSAEncryption
ba:be:ee:96:a0:47:4b:da:1d:58:e2:6c:67:8a:9f:dc:58:bb:
64:57:2b:c7:22:7a:a2:fb:94:21:2c:1e:f8:30:89:bb:f6:ca:
14:02:ff:41:71:83:37:1b:71:5b:56:a6:2a:04:18:68:c5:16:
ca:ac:50:e5:7b:b7:ed:ad:b5:14:fe:7f:d5:20:08:06:f1:4e:
7e:97:23:b4:09:73:61:17:4e:43:b6:5c:8e:9d:04:ef:33:76:
44:8f:78:ca:dd:d6:1e:b3:cf:2b:5c:a7:a5:ea:78:1b:78:c6:
9d:67:00:34:63:3d:57:78:e8:bb:93:a9:51:0d:c6:e8:3b:76:
a9:42:c0:4a:fe:fe:11:a3:6d:7a:3d:da:49:97:56:e5:21:7f:
0b:60:3b:f8:1e:b5:74:7d:f5:9e:b1:7a:d5:5c:90:2f:e2:c4:
f8:a3:9a:40:f7:1b:3e:82:8d:7e:e6:94:1d:3b:99:9a:5b:10:
60:27:25:6b:ab:d8:54:69:3d:b4:97:c8:7c:bc:0c:3a:7d:47:
bd:9a:ad:b7:34:c6:c8:76:83:23:91:17:d6:87:fd:1e:75:a3:
0e:8e:ed:70:1e:6b:f6:91:a7:ac:7d:f8:fc:dd:be:49:ff:37:
ea:06:9a:5e:9f:a7:ac:e3:c9:7c:c2:45:32:10:d8:6f:a3:c4:
17:b3:81:75
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVwwsMTyCGc2a/P/m2bGzDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYjFkYjBlMDA4MjA4NzZkZmEyMGJlYzliNzE5YWE3OTVh
Y2MxZGUwHhcNMjMwMTAyMDQzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTdhOTgyNjNkZmQ3ZjVhODUwNTI0MTQxZDk1ZDkwYjA3YTdiMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ZF/i6TdZzJ2YPRMgZt2aIVwpjXg
8IykBdTUsPEuRXrZVJC3yvKBxoqVqR5fV5Yh36vA+EBTkrQ30GmY4BtHTU2FJaZw
2xIW+EGUwLpe0FssgIOLYh/Uz3/V/AT0/2igo+9p+8CvAWAtlhwPBEzHvk1WBg9D
SD1GUxHp03o+imvz/PnY79w3aYlg7ZIrL9cyK1dU8c2sMFcj+LomqtdhlqbG2+bZ
j3jr43XR/IaSda6C9M+oEMWZO7eZBYA8Yd5iW93F5lfsVC9vyuSMpNqYBO+EHDN6
ctAFW5lQIUvGgBUxV7itNoJ6rm6j+WSj8eJ8ts6lh7uWBh8fP6nPzBwj7wIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPV6mCY9/X9ahQUkFB2V2QsHp7OQMB8GA1UdIwQY
MBaAFKqx2w4Aggh236IL7JtxmqeVrMHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGIt
MjNlMzgxMzY1MWQ0LzEvOVhxWUpqMzlmMXFGQlNRVUhaWFpDd2VuczVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGItMjNlMzgxMzY1MWQ0
LzEvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuRnoAwQC
ucbQMBQEAgACMA4DBQMqBDSAAwUDKgqPwDANBgkqhkiG9w0BAQsFAAOCAQEAur7u
lqBHS9odWOJsZ4qf3Fi7ZFcrxyJ6ovuUISwe+DCJu/bKFAL/QXGDNxtxW1amKgQY
aMUWyqxQ5Xu37a21FP5/1SAIBvFOfpcjtAlzYRdOQ7Zcjp0E7zN2RI94yt3WHrPP
K1ynpep4G3jGnWcANGM9V3jou5OpUQ3G6Dt2qULASv7+EaNtej3aSZdW5SF/C2A7
+B61dH31nrF61VyQL+LE+KOaQPcbPoKNfuaUHTuZmlsQYCcla6vYVGk9tJfIfLwM
On1HvZqttzTGyHaDI5EX1of9HnWjDo7tcB5r9pGnrH34/N2+Sf836gaaXp+nrOPJ
fMJFMhDYb6PEF7OBdQ==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:26 2023 by rpki-client on console.sobornost.net