Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/b0r3SUbutdzEPcZXqgZRKQrm8uQ.roa
File: b0r3SUbutdzEPcZXqgZRKQrm8uQ.roa (raw, json)
Hash identifier: rdmi/irgK7jmZ+O2RbQ5suWrsn7tv9qm5fmP7kz4wBA=
Subject key identifier: 6F:4A:F7:49:46:EE:B5:DC:C4:3D:C6:57:AA:06:51:29:0A:E6:F2:E4
Certificate issuer: /CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
Certificate serial: 0185720C96D361180EFEDBAB99F7F6ACC753
Authority key identifier: 47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/b0r3SUbutdzEPcZXqgZRKQrm8uQ.roa
Signing time: Mon 02 Jan 2023 10:35:05 +0000
ROA not before: Mon 02 Jan 2023 10:35:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 138968
IP address blocks: 2.57.240.0/22 maxlen: 22
78.41.40.0/22 maxlen: 22
85.208.212.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:0c:96:d3:61:18:0e:fe:db:ab:99:f7:f6:ac:c7:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
Validity
Not Before: Jan 2 10:35:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6f4af74946eeb5dcc43dc657aa0651290ae6f2e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:2c:1b:c4:22:59:61:ac:c0:47:d1:9a:90:8d:
63:b5:06:2e:c9:ec:ac:b1:1d:38:9c:88:6d:dc:06:
07:6a:1b:ca:3a:54:c3:c9:04:c5:32:62:8e:b5:bb:
a7:05:e0:0a:20:d7:7e:d0:3d:75:90:a0:8b:0a:3c:
89:39:43:c8:0c:b6:fe:5d:6a:94:ef:80:8d:1a:ee:
65:5f:07:08:f1:de:3d:02:24:4d:2e:84:43:d5:e1:
d0:e3:01:af:76:92:1e:44:cb:f6:3f:be:1f:4e:82:
41:2a:16:92:58:a6:72:31:3a:e6:4b:a8:0a:3f:12:
c6:c2:1f:53:e1:51:d0:53:29:a2:43:7e:bb:6a:ab:
57:0b:50:20:06:a3:f6:c8:a8:d9:56:1f:9f:f7:c4:
1b:dc:97:f8:90:81:7c:d6:d0:b9:14:56:46:bb:77:
fe:1a:6b:e6:89:e7:d4:43:ab:40:c6:41:af:2a:25:
f0:e9:cf:ae:e7:31:4b:1a:44:f8:66:15:a6:66:2d:
13:f4:9d:a0:9f:92:9b:a3:03:96:e9:af:fb:2e:6c:
7f:54:26:a1:e9:ef:69:e8:89:b2:21:f6:d5:f1:af:
c4:ca:11:97:5f:1e:28:ac:bf:ac:bf:cb:eb:c3:2e:
ed:62:dd:10:97:1d:42:bc:9b:38:f7:74:af:39:a6:
f7:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:4A:F7:49:46:EE:B5:DC:C4:3D:C6:57:AA:06:51:29:0A:E6:F2:E4
X509v3 Authority Key Identifier:
keyid:47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/b0r3SUbutdzEPcZXqgZRKQrm8uQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.240.0/22
78.41.40.0/22
85.208.212.0/22
Signature Algorithm: sha256WithRSAEncryption
1f:be:5e:e0:f6:72:1a:69:c2:cd:82:31:50:4b:f3:54:02:41:
a1:14:f0:30:83:97:c0:4f:79:6c:46:2f:5c:06:40:7b:4e:9d:
67:aa:e5:cb:23:a4:82:b3:6d:63:da:88:ec:9f:a5:d1:b7:32:
d4:39:db:60:90:8b:1f:bb:0b:a6:33:54:fc:2a:fc:1c:ec:e0:
87:c1:5d:ac:2a:b0:a2:00:d3:ab:c0:6a:25:2b:10:bd:97:49:
0c:4a:ef:a4:b3:89:ca:f0:d9:d6:7a:57:36:72:80:66:25:32:
a3:8b:39:65:a3:9b:c0:02:31:85:d2:f0:b7:26:3f:62:f4:26:
00:b6:f3:83:f6:26:32:cd:44:53:9e:fd:3c:8e:0d:30:63:67:
40:d8:70:19:49:8f:cd:3a:60:06:27:d2:ee:c6:ef:f3:71:e6:
39:06:53:f6:7a:9d:ed:d1:11:12:14:9e:ea:19:8e:78:ce:78:
60:44:ab:05:c2:c4:eb:ef:e7:88:93:73:a9:b9:48:38:d6:7f:
e6:3c:2b:a5:09:65:c1:05:d9:76:aa:e7:7a:ba:ca:1b:b8:04:
20:a0:eb:22:a8:72:6a:c6:86:dc:da:70:2a:fd:88:fc:c9:a3:
a7:06:7e:e5:cf:26:48:52:50:60:c6:2f:e9:22:71:32:2b:4e:
f3:26:2d:98
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVyDJbTYRgO/turmff2rMdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MDVkM2M2YTViMDUxMjY4MmNkZmRmMzYzYjE5YTljNTY3
ZjFmNmMwHhcNMjMwMTAyMTAzNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjRhZjc0OTQ2ZWViNWRjYzQzZGM2NTdhYTA2NTEyOTBhZTZmMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCwbxCJZYazAR9GakI1jtQYuyeys
sR04nIht3AYHahvKOlTDyQTFMmKOtbunBeAKINd+0D11kKCLCjyJOUPIDLb+XWqU
74CNGu5lXwcI8d49AiRNLoRD1eHQ4wGvdpIeRMv2P74fToJBKhaSWKZyMTrmS6gK
PxLGwh9T4VHQUymiQ367aqtXC1AgBqP2yKjZVh+f98Qb3Jf4kIF81tC5FFZGu3f+
GmvmiefUQ6tAxkGvKiXw6c+u5zFLGkT4ZhWmZi0T9J2gn5KbowOW6a/7Lmx/VCah
6e9p6ImyIfbV8a/EyhGXXx4orL+sv8vrwy7tYt0Qlx1CvJs493SvOab3ewIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG9K90lG7rXcxD3GV6oGUSkK5vLkMB8GA1UdIwQY
MBaAFEcF08alsFEmgs3982OxmpxWfx9sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAt
MGRmYTZiMjJlZmYyLzEvYjByM1NVYnV0ZHpFUGNaWHFnWlJLUXJtOHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAtMGRmYTZiMjJlZmYy
LzEvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjnwAwQC
TikoAwQCVdDUMA0GCSqGSIb3DQEBCwUAA4IBAQAfvl7g9nIaacLNgjFQS/NUAkGh
FPAwg5fAT3lsRi9cBkB7Tp1nquXLI6SCs21j2ojsn6XRtzLUOdtgkIsfuwumM1T8
Kvwc7OCHwV2sKrCiANOrwGolKxC9l0kMSu+ks4nK8NnWelc2coBmJTKjizllo5vA
AjGF0vC3Jj9i9CYAtvOD9iYyzURTnv08jg0wY2dA2HAZSY/NOmAGJ9Luxu/zceY5
BlP2ep3t0RESFJ7qGY54znhgRKsFwsTr7+eIk3OpuUg41n/mPCulCWXBBdl2qud6
usobuAQgoOsiqHJqxobc2nAq/Yj8yaOnBn7lzyZIUlBgxi/pInEyK07zJi2Y
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:55 2023 by rpki-client on console.sobornost.net