Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/1c5TAUi3uKI73rAxNI-1mZ6vIEw.roa
File: 1c5TAUi3uKI73rAxNI-1mZ6vIEw.roa (raw, json)
Hash identifier: SKOQTpx+keEuXXDlWe1PXPxf6UCtycm11S66o6o2DKQ=
Subject key identifier: D5:CE:53:01:48:B7:B8:A2:3B:DE:B0:31:34:8F:B5:99:9E:AF:20:4C
Certificate issuer: /CN=5353a9a85fa11fc4bf156fab4d8d84a08e5d66f9
Certificate serial: 018A94EE74F1DEF953DCC198760628A7FF93
Authority key identifier: 53:53:A9:A8:5F:A1:1F:C4:BF:15:6F:AB:4D:8D:84:A0:8E:5D:66:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U1OpqF-hH8S_FW-rTY2EoI5dZvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/1c5TAUi3uKI73rAxNI-1mZ6vIEw.roa
Signing time: Thu 14 Sep 2023 18:22:50 +0000
ROA not before: Thu 14 Sep 2023 18:22:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 24642
IP address blocks: 77.233.32.0/19 maxlen: 19
185.70.212.0/22 maxlen: 23
81.18.160.0/20 maxlen: 20
2001:1aa8::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:94:ee:74:f1:de:f9:53:dc:c1:98:76:06:28:a7:ff:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5353a9a85fa11fc4bf156fab4d8d84a08e5d66f9
Validity
Not Before: Sep 14 18:22:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d5ce530148b7b8a23bdeb031348fb5999eaf204c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:17:d3:3a:3b:ba:d3:fc:0c:4d:b1:e0:7c:f3:
cf:51:4b:31:78:fc:61:3a:75:0e:0f:d2:8f:1b:24:
1d:f9:1d:78:f5:50:62:6a:f3:f0:a5:ef:62:15:82:
8f:6f:61:1f:20:62:e7:b3:ad:72:f9:9a:c5:04:5c:
fb:ee:3e:b6:c2:85:8e:f8:9d:1b:3b:fc:54:f5:cf:
e4:ae:14:0a:a8:15:ed:fa:48:c6:3c:03:62:e6:b7:
49:da:1e:2e:0e:da:ef:a8:49:a4:77:71:b9:35:28:
b6:e4:0f:c3:06:80:4a:62:67:2b:15:f8:74:3a:a7:
f2:98:b5:f4:e9:6c:cf:34:ed:ae:bb:e8:25:91:1c:
62:b9:0c:34:8f:bd:5a:1a:36:a4:cb:ba:c0:28:7f:
b6:ab:a4:81:39:3f:30:96:e2:c2:08:a8:54:61:3e:
93:95:41:77:44:fb:34:69:24:1e:cd:9f:14:db:78:
af:94:ac:55:f5:72:96:a5:35:14:03:b1:c8:ce:02:
e7:77:2e:9a:b5:24:56:0b:52:69:0e:ac:75:4f:10:
2d:07:76:c5:20:6f:04:d8:db:ce:f8:22:c5:21:f9:
94:9c:22:b8:5b:8c:ef:5e:14:42:2d:43:a7:d5:04:
bd:39:69:cc:b0:ce:49:4e:45:d7:90:d7:25:eb:b6:
53:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:CE:53:01:48:B7:B8:A2:3B:DE:B0:31:34:8F:B5:99:9E:AF:20:4C
X509v3 Authority Key Identifier:
keyid:53:53:A9:A8:5F:A1:1F:C4:BF:15:6F:AB:4D:8D:84:A0:8E:5D:66:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U1OpqF-hH8S_FW-rTY2EoI5dZvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/1c5TAUi3uKI73rAxNI-1mZ6vIEw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/b929ce-ec17-4d50-a6ae-79d934e4a99a/1/U1OpqF-hH8S_FW-rTY2EoI5dZvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.233.32.0/19
81.18.160.0/20
185.70.212.0/22
IPv6:
2001:1aa8::/32
Signature Algorithm: sha256WithRSAEncryption
20:e2:7a:81:e2:7b:4c:21:6d:dd:0e:d3:ca:4c:54:90:bc:66:
e6:f8:c6:a4:94:df:cb:e3:36:f9:71:fb:05:8a:03:2c:25:20:
9d:c6:10:e4:fb:09:45:e8:89:a5:63:95:40:dd:c5:62:18:16:
01:1c:ac:5a:58:fc:a5:80:82:f1:3d:df:a8:bf:37:52:03:f8:
0e:ab:c6:cf:50:fa:15:ba:6a:d3:c3:48:fc:52:6e:cf:70:4f:
ed:e4:97:0a:38:38:6d:9c:ce:28:68:30:0b:87:c4:96:8f:f8:
e1:8a:30:c8:dc:db:d1:af:74:cb:1f:69:e3:23:e3:6b:5e:b9:
36:f3:5f:8f:b1:3b:e8:6f:44:6c:a7:6b:45:5f:77:a5:de:c7:
07:4a:22:49:11:62:7f:71:02:41:c8:72:aa:c6:2f:c8:2d:b3:
c4:81:8d:15:29:fa:ba:7b:f6:2b:20:54:1d:13:51:79:1e:4a:
35:f7:19:a0:07:6f:21:b7:91:cd:1a:b7:c8:81:96:3a:54:fd:
e0:de:db:3b:fc:33:51:63:f8:a9:bd:17:2f:9d:af:a9:12:52:
df:97:fd:b2:ac:92:93:c4:21:b5:5c:a1:dc:54:f7:f4:80:2d:
16:64:72:00:b0:0f:79:a0:af:04:d1:b7:05:68:80:d0:e7:b3:
61:0c:09:70
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYqU7nTx3vlT3MGYdgYop/+TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNTNhOWE4NWZhMTFmYzRiZjE1NmZhYjRkOGQ4NGEwOGU1
ZDY2ZjkwHhcNMjMwOTE0MTgyMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWNlNTMwMTQ4YjdiOGEyM2JkZWIwMzEzNDhmYjU5OTllYWYyMDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRfTOju60/wMTbHgfPPPUUsxePxh
OnUOD9KPGyQd+R149VBiavPwpe9iFYKPb2EfIGLns61y+ZrFBFz77j62woWO+J0b
O/xU9c/krhQKqBXt+kjGPANi5rdJ2h4uDtrvqEmkd3G5NSi25A/DBoBKYmcrFfh0
OqfymLX06WzPNO2uu+glkRxiuQw0j71aGjaky7rAKH+2q6SBOT8wluLCCKhUYT6T
lUF3RPs0aSQezZ8U23ivlKxV9XKWpTUUA7HIzgLndy6atSRWC1JpDqx1TxAtB3bF
IG8E2NvO+CLFIfmUnCK4W4zvXhRCLUOn1QS9OWnMsM5JTkXXkNcl67ZT8wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNXOUwFIt7iiO96wMTSPtZmeryBMMB8GA1UdIwQY
MBaAFFNTqahfoR/EvxVvq02NhKCOXWb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTFPcHFGLWhIOFNfRlctclRZMkVvSTVkWnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9iOTI5Y2UtZWMxNy00ZDUwLWE2YWUt
NzlkOTM0ZTRhOTlhLzEvMWM1VEFVaTN1S0k3M3JBeE5JLTFtWjZ2SUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9iOTI5Y2UtZWMxNy00ZDUwLWE2YWUtNzlkOTM0ZTRhOTlh
LzEvVTFPcHFGLWhIOFNfRlctclRZMkVvSTVkWnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQFTekgAwQE
URKgAwQCuUbUMA0EAgACMAcDBQAgARqoMA0GCSqGSIb3DQEBCwUAA4IBAQAg4nqB
4ntMIW3dDtPKTFSQvGbm+MaklN/L4zb5cfsFigMsJSCdxhDk+wlF6ImlY5VA3cVi
GBYBHKxaWPylgILxPd+ovzdSA/gOq8bPUPoVumrTw0j8Um7PcE/t5JcKODhtnM4o
aDALh8SWj/jhijDI3NvRr3TLH2njI+NrXrk281+PsTvob0Rsp2tFX3el3scHSiJJ
EWJ/cQJByHKqxi/ILbPEgY0VKfq6e/YrIFQdE1F5Hko19xmgB28ht5HNGrfIgZY6
VP3g3ts7/DNRY/ipvRcvna+pElLfl/2yrJKTxCG1XKHcVPf0gC0WZHIAsA95oK8E
0bcFaIDQ57NhDAlw
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:08 2023 by rpki-client on console.sobornost.net