Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/xE_N-3vZkzPzYhvHuCyridQg9NM.roa
File: xE_N-3vZkzPzYhvHuCyridQg9NM.roa (raw, json)
Hash identifier: THUNdFDl8286GeA0lvq1sL0cJL3Qif6fbzo1Yk/lWDo=
Subject key identifier: C4:4F:CD:FB:7B:D9:93:33:F3:62:1B:C7:B8:2C:AB:89:D4:20:F4:D3
Certificate issuer: /CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Certificate serial: 0186E02F40348CE5CC1C36A328E5D96EADB5
Authority key identifier: 6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/xE_N-3vZkzPzYhvHuCyridQg9NM.roa
Signing time: Tue 14 Mar 2023 12:53:58 +0000
ROA not before: Tue 14 Mar 2023 12:53:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39216
IP address blocks: 188.72.4.0/24 maxlen: 24
188.72.3.0/24 maxlen: 24
188.72.2.0/24 maxlen: 24
188.72.7.0/24 maxlen: 24
188.72.6.0/24 maxlen: 24
188.72.5.0/24 maxlen: 24
185.72.253.0/24 maxlen: 24
185.72.252.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e0:2f:40:34:8c:e5:cc:1c:36:a3:28:e5:d9:6e:ad:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6cb0dec13df205a66ec5227925b8f56bdb09f499
Validity
Not Before: Mar 14 12:53:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c44fcdfb7bd99333f3621bc7b82cab89d420f4d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:0b:56:38:39:c3:0f:bd:73:8f:60:cb:be:3f:
81:94:1a:29:92:3a:2b:16:75:31:08:c1:34:1e:7d:
68:c4:d0:c6:e7:81:2c:59:df:85:d4:a8:01:76:c1:
fe:4a:ea:54:5d:28:bf:32:ed:e7:eb:d1:af:28:f6:
94:2e:0c:fe:12:14:2d:71:fc:da:85:16:d8:93:c4:
23:7c:3a:28:4b:ac:be:c1:e7:0d:fc:be:69:f2:d7:
5a:7c:00:5a:b9:a9:9a:a1:ee:14:4a:56:69:5f:c4:
db:cd:ba:68:89:24:ff:fb:84:aa:b8:4a:de:dc:c2:
9e:23:57:1b:14:58:60:85:04:fc:63:f5:b1:88:95:
3b:d5:d9:23:df:58:4e:5b:4d:33:2b:56:58:fd:4f:
34:4d:37:5c:de:d6:f3:78:41:70:ad:d9:69:a9:fb:
76:76:65:b5:95:02:2f:71:4e:bd:38:85:9f:fa:77:
dc:71:ba:2a:a1:0a:73:88:cf:e8:19:45:e5:d6:db:
06:3f:b0:c2:c6:9b:98:89:ec:af:5e:5a:7b:3b:48:
10:1e:c6:c3:b1:dc:7a:bc:cc:d7:b1:c5:0c:c2:3c:
02:33:2d:54:84:11:af:ad:6a:d1:70:b5:cc:44:1d:
35:ae:0b:3f:aa:c8:c4:52:12:55:0f:7a:7a:aa:24:
71:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:4F:CD:FB:7B:D9:93:33:F3:62:1B:C7:B8:2C:AB:89:D4:20:F4:D3
X509v3 Authority Key Identifier:
keyid:6C:B0:DE:C1:3D:F2:05:A6:6E:C5:22:79:25:B8:F5:6B:DB:09:F4:99
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/xE_N-3vZkzPzYhvHuCyridQg9NM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ca46fc-3847-4f1d-9ce4-52b9e6a16350/1/bLDewT3yBaZuxSJ5Jbj1a9sJ9Jk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.72.252.0/23
188.72.2.0-188.72.7.255
Signature Algorithm: sha256WithRSAEncryption
b9:26:d8:c8:1a:c8:b2:0d:71:89:32:b9:c8:3c:e6:c8:e2:c1:
a9:7a:78:af:2f:b4:09:b0:e2:37:28:60:36:3f:23:4a:fa:89:
79:10:d4:88:5a:cf:a9:cd:88:7b:3d:4b:c5:93:e3:fa:9f:dd:
87:e3:d1:27:48:45:9d:6d:39:fa:ad:44:9d:21:ca:d6:76:b1:
35:f4:a1:56:fd:db:46:fa:48:39:78:8e:4e:a3:09:38:34:15:
b9:b7:48:a7:2d:a3:57:c8:de:68:07:1e:aa:26:66:cf:48:49:
92:bb:51:43:3a:36:ae:d6:2a:a7:d2:88:62:e8:f3:53:99:30:
c1:1f:7c:e9:f2:d9:6c:37:45:4a:0a:13:06:ed:1d:11:a9:02:
b6:eb:96:fa:43:62:5e:94:bd:d7:c9:2f:3f:47:61:5c:ee:90:
3d:17:ac:94:c9:88:40:f8:bb:14:19:8b:7d:13:2d:84:86:83:
97:a3:75:e2:3d:ab:ad:0c:ae:68:ec:1a:46:ac:03:1f:f5:96:
c8:f1:34:1c:10:87:ff:ed:d9:cb:08:05:42:1a:06:d0:8f:bf:
ec:a6:31:3e:ca:a2:9d:d8:b8:b1:03:7d:2f:8e:0d:14:eb:82:
09:8e:3b:0d:6c:98:53:aa:95:f5:49:19:91:af:a5:a1:e9:39:
1f:89:eb:e8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYbgL0A0jOXMHDajKOXZbq21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYjBkZWMxM2RmMjA1YTY2ZWM1MjI3OTI1YjhmNTZiZGIw
OWY0OTkwHhcNMjMwMzE0MTI1MzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDRmY2RmYjdiZDk5MzMzZjM2MjFiYzdiODJjYWI4OWQ0MjBmNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggtWODnDD71zj2DLvj+BlBopkjor
FnUxCME0Hn1oxNDG54EsWd+F1KgBdsH+SupUXSi/Mu3n69GvKPaULgz+EhQtcfza
hRbYk8QjfDooS6y+wecN/L5p8tdafABauamaoe4USlZpX8TbzbpoiST/+4SquEre
3MKeI1cbFFhghQT8Y/WxiJU71dkj31hOW00zK1ZY/U80TTdc3tbzeEFwrdlpqft2
dmW1lQIvcU69OIWf+nfccboqoQpziM/oGUXl1tsGP7DCxpuYieyvXlp7O0gQHsbD
sdx6vMzXscUMwjwCMy1UhBGvrWrRcLXMRB01rgs/qsjEUhJVD3p6qiRxeQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMRPzft72ZMz82Ibx7gsq4nUIPTTMB8GA1UdIwQY
MBaAFGyw3sE98gWmbsUieSW49WvbCfSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQt
NTJiOWU2YTE2MzUwLzEveEVfTi0zdlprelB6WWh2SHVDeXJpZFFnOU5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9jYTQ2ZmMtMzg0Ny00ZjFkLTljZTQtNTJiOWU2YTE2MzUw
LzEvYkxEZXdUM3lCYVp1eFNKNUpiajFhOXNKOUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBuUj8MAwD
BAG8SAIDBAO8SAAwDQYJKoZIhvcNAQELBQADggEBALkm2MgayLINcYkyucg85sji
wal6eK8vtAmw4jcoYDY/I0r6iXkQ1Ihaz6nNiHs9S8WT4/qf3Yfj0SdIRZ1tOfqt
RJ0hytZ2sTX0oVb920b6SDl4jk6jCTg0Fbm3SKcto1fI3mgHHqomZs9ISZK7UUM6
Nq7WKqfSiGLo81OZMMEffOny2Ww3RUoKEwbtHRGpArbrlvpDYl6UvdfJLz9HYVzu
kD0XrJTJiED4uxQZi30TLYSGg5ejdeI9q60MrmjsGkasAx/1lsjxNBwQh//t2csI
BUIaBtCPv+ymMT7Kop3YuLEDfS+ODRTrggmOOw1smFOqlfVJGZGvpaHpOR+J6+g=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:29 2023 by rpki-client on console.sobornost.net