Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/tnY8z9EvgS8GfrtiLSPiGDcyJDE.roa
File: tnY8z9EvgS8GfrtiLSPiGDcyJDE.roa (raw, json)
Hash identifier: kHd9ZHGLw7dLqjUJDacziQ1ascimwSCOEpr3njoIFPQ=
Subject key identifier: B6:76:3C:CF:D1:2F:81:2F:06:7E:BB:62:2D:23:E2:18:37:32:24:31
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018A8F07A742D3EE4AC5349DD018AD882ED1
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/tnY8z9EvgS8GfrtiLSPiGDcyJDE.roa
Signing time: Wed 13 Sep 2023 14:52:38 +0000
ROA not before: Wed 13 Sep 2023 14:52:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21507
IP address blocks: 79.73.128.0/17 maxlen: 24
79.73.64.0/18 maxlen: 24
88.104.0.0/15 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:8f:07:a7:42:d3:ee:4a:c5:34:9d:d0:18:ad:88:2e:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Sep 13 14:52:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b6763ccfd12f812f067ebb622d23e21837322431
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:64:6b:a3:40:35:c9:3e:51:43:5e:9e:12:ac:
c9:00:a6:8c:85:c9:58:08:ed:0d:f5:f9:3d:21:38:
58:5f:2c:df:bb:48:82:8e:30:0e:f7:a3:c2:fd:22:
d2:e2:27:0a:6d:c1:f0:9b:41:8f:6f:b9:71:a1:a8:
7f:4b:8a:25:f9:e2:0c:2f:9e:fd:94:bd:f5:3c:00:
13:6a:a0:2e:47:9c:9d:b0:4a:7f:bb:2a:eb:29:39:
51:61:d3:bf:6d:75:c0:62:60:2c:04:56:ec:a8:a2:
01:da:e7:a9:31:52:27:fd:95:32:20:5c:96:bd:8a:
ad:ea:01:c3:53:9d:44:af:b8:e1:4f:75:01:b1:fb:
b0:18:ba:70:ec:b8:1e:c3:98:d6:e9:75:4c:2e:8f:
b2:45:46:17:c6:5a:03:52:40:c7:b8:3e:36:30:40:
33:4c:36:35:65:77:2b:d7:bb:1e:f8:84:bf:37:79:
95:53:ba:8c:db:b6:05:87:85:ce:05:08:34:47:84:
3d:0a:c2:a5:fc:55:6e:20:f7:8f:98:80:10:4f:f6:
08:b7:05:85:b9:f4:19:ac:3f:23:78:30:fe:48:2a:
db:f2:61:98:bd:37:7c:64:7b:78:b3:e8:78:07:f8:
be:f5:0c:5c:9b:46:ae:1d:cc:2f:57:50:c4:f5:71:
7e:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:76:3C:CF:D1:2F:81:2F:06:7E:BB:62:2D:23:E2:18:37:32:24:31
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/tnY8z9EvgS8GfrtiLSPiGDcyJDE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.73.64.0-79.73.255.255
88.104.0.0/15
Signature Algorithm: sha256WithRSAEncryption
7a:ed:bc:54:ba:89:5a:1b:a0:53:09:63:3d:64:23:78:20:dd:
cd:a6:cb:89:69:e9:67:58:6a:63:dd:47:5e:4a:dc:ce:1e:74:
d2:49:45:79:74:3f:e6:4d:9f:98:42:76:68:1c:94:b5:75:56:
e3:a5:e9:20:f9:bd:42:73:75:82:dd:ba:63:14:91:ba:3b:2e:
33:39:79:a4:dc:19:b9:13:09:55:dc:24:98:a9:ed:3b:f0:2c:
50:e8:10:5b:66:58:a5:82:79:c0:2d:f7:3b:28:e8:fa:c5:a6:
ea:eb:7d:8b:eb:ac:2b:59:c8:b8:b2:40:9c:3c:2e:ba:a3:68:
6d:33:e7:98:d6:d5:65:14:84:dd:7b:2f:d8:f4:81:2b:65:00:
c3:62:d7:d1:b3:9f:6d:0b:5c:e2:46:25:25:ce:08:5d:71:85:
4c:db:49:29:bd:90:54:f1:e4:9c:d9:c4:be:11:1c:2b:73:df:
30:79:25:78:c0:b8:0a:ae:e2:a0:7c:99:23:ca:bf:4b:ce:48:
e8:2e:aa:93:85:20:b0:d7:08:16:69:0e:f8:af:24:97:5a:7b:
49:fb:3e:b9:1a:07:c4:cb:49:ff:97:61:14:d0:9c:0f:4f:d7:
b2:a2:c1:be:c5:20:69:98:2e:e7:cf:b3:be:23:c0:22:7b:df:
28:03:80:c2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYqPB6dC0+5KxTSd0BitiC7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMwOTEzMTQ1MjM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc2M2NjZmQxMmY4MTJmMDY3ZWJiNjIyZDIzZTIxODM3MzIyNDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGRro0A1yT5RQ16eEqzJAKaMhclY
CO0N9fk9IThYXyzfu0iCjjAO96PC/SLS4icKbcHwm0GPb7lxoah/S4ol+eIML579
lL31PAATaqAuR5ydsEp/uyrrKTlRYdO/bXXAYmAsBFbsqKIB2uepMVIn/ZUyIFyW
vYqt6gHDU51Er7jhT3UBsfuwGLpw7Lgew5jW6XVMLo+yRUYXxloDUkDHuD42MEAz
TDY1ZXcr17se+IS/N3mVU7qM27YFh4XOBQg0R4Q9CsKl/FVuIPePmIAQT/YItwWF
ufQZrD8jeDD+SCrb8mGYvTd8ZHt4s+h4B/i+9Qxcm0auHcwvV1DE9XF+5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLZ2PM/RL4EvBn67Yi0j4hg3MiQxMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvdG5ZOHo5RXZnUzhHZnJ0aUxTUGlHRGN5SkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASMAsDBAZPSUAD
AwFPSAMDAVhoMA0GCSqGSIb3DQEBCwUAA4IBAQB67bxUuolaG6BTCWM9ZCN4IN3N
psuJaelnWGpj3UdeStzOHnTSSUV5dD/mTZ+YQnZoHJS1dVbjpekg+b1Cc3WC3bpj
FJG6Oy4zOXmk3Bm5EwlV3CSYqe078CxQ6BBbZlilgnnALfc7KOj6xabq632L66wr
Wci4skCcPC66o2htM+eY1tVlFITdey/Y9IErZQDDYtfRs59tC1ziRiUlzghdcYVM
20kpvZBU8eSc2cS+ERwrc98weSV4wLgKruKgfJkjyr9LzkjoLqqThSCw1wgWaQ74
rySXWntJ+z65GgfEy0n/l2EU0JwPT9eyosG+xSBpmC7nz7O+I8Aie98oA4DC
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:33 2023 by rpki-client on console.sobornost.net