Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/LuO5QszTjqlCkxSbCYDEuKyjMxA.roa
File: LuO5QszTjqlCkxSbCYDEuKyjMxA.roa (raw, json)
Hash identifier: kNC4X2kZWXQO1TBWjzzs7ncj5lRjoW4b/1zb07Nn3rI=
Subject key identifier: 2E:E3:B9:42:CC:D3:8E:A9:42:93:14:9B:09:80:C4:B8:AC:A3:33:10
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018964791FB208035765B2B02378C1D8617E
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/LuO5QszTjqlCkxSbCYDEuKyjMxA.roa
Signing time: Mon 17 Jul 2023 15:30:06 +0000
ROA not before: Mon 17 Jul 2023 15:30:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202656
IP address blocks: 94.154.190.0/24 maxlen: 24
45.86.171.0/24 maxlen: 24
194.59.187.0/24 maxlen: 24
45.95.29.0/24 maxlen: 24
193.187.105.0/24 maxlen: 24
45.128.125.0/24 maxlen: 24
45.128.127.0/24 maxlen: 24
45.128.126.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:64:79:1f:b2:08:03:57:65:b2:b0:23:78:c1:d8:61:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jul 17 15:30:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2ee3b942ccd38ea94293149b0980c4b8aca33310
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:9b:d3:a6:4b:f6:ea:70:21:24:6b:5f:09:fd:
5d:ca:5a:5d:29:99:10:83:8f:47:08:14:5a:59:e9:
70:55:c9:63:aa:11:6c:19:bd:65:de:5f:2b:8c:fa:
3a:fb:08:29:8b:43:dd:3c:33:04:78:91:55:3d:0f:
12:46:6e:9d:c8:76:de:cb:ac:7a:63:92:21:17:c2:
ef:98:79:ae:25:7e:c7:43:ed:b9:7f:16:94:5e:ec:
64:d7:63:a4:34:65:01:d9:e7:ca:e3:d1:06:03:24:
f1:40:55:cc:d8:54:bb:11:ba:4b:37:20:eb:1d:16:
64:89:83:07:a4:1d:14:30:38:f8:49:e1:e8:56:d2:
06:b3:78:af:a5:6c:d6:79:c2:69:7e:fc:70:1d:8c:
14:3e:02:9a:1c:19:57:e7:34:0f:03:f8:aa:7e:51:
45:e6:ab:4a:40:1a:01:f2:cd:05:de:3a:56:bd:74:
02:59:30:ce:0d:9a:44:bd:42:6b:22:32:5c:8e:1d:
96:a7:ad:63:91:b0:b4:99:b6:c8:45:9a:73:34:45:
64:64:c8:b6:ea:59:f7:bf:0a:af:5d:ad:96:58:f3:
56:0b:57:39:f0:03:86:1a:ff:7d:27:6f:7f:63:b5:
66:34:e4:95:63:b8:97:da:65:5e:77:03:61:38:23:
39:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:E3:B9:42:CC:D3:8E:A9:42:93:14:9B:09:80:C4:B8:AC:A3:33:10
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/LuO5QszTjqlCkxSbCYDEuKyjMxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.171.0/24
45.95.29.0/24
45.128.125.0-45.128.127.255
94.154.190.0/24
193.187.105.0/24
194.59.187.0/24
Signature Algorithm: sha256WithRSAEncryption
ce:08:62:bb:0b:e8:41:99:69:aa:ec:84:59:96:2b:c3:55:08:
50:2e:f5:76:75:42:8a:7f:47:ab:a5:fc:a1:69:08:f4:68:6f:
5a:77:aa:5c:1b:fd:19:57:c9:dd:eb:c1:b2:2d:b5:f5:5e:37:
2d:d3:b9:6b:e8:09:a3:1c:b5:5a:f8:93:5a:62:2a:b1:cf:92:
e3:b5:09:2e:af:25:8a:7d:7c:90:04:43:51:c0:59:e6:0e:8d:
91:b2:00:51:5d:53:21:85:6a:87:66:d2:3d:3f:d2:5d:ec:a8:
98:95:a0:cf:93:09:10:e3:3b:7c:e6:8f:a1:49:77:39:bb:da:
ba:ba:3c:74:90:7c:16:da:52:20:66:23:8e:34:e9:a3:6b:4b:
ce:0f:2d:ce:6d:9c:ed:f2:f5:4b:c0:50:4a:b4:2f:ce:25:78:
ea:a6:9f:3f:28:95:a6:98:51:87:b1:52:58:e5:49:aa:97:9a:
d8:25:50:53:b6:36:72:87:05:71:37:3d:75:82:3e:fc:1b:a1:
93:0a:2b:e8:ab:d8:ae:4a:a1:e0:16:8d:73:95:8c:c0:f3:54:
9f:24:6d:e0:88:4e:39:b0:ec:78:8d:8c:73:c9:87:5f:ef:76:
70:1e:18:f9:a2:fa:fa:26:54:3e:a8:c6:34:eb:f0:90:4d:7d:
e4:b0:16:b5
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYlkeR+yCANXZbKwI3jB2GF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwNzE3MTUzMDA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWUzYjk0MmNjZDM4ZWE5NDI5MzE0OWIwOTgwYzRiOGFjYTMzMzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJvTpkv26nAhJGtfCf1dylpdKZkQ
g49HCBRaWelwVcljqhFsGb1l3l8rjPo6+wgpi0PdPDMEeJFVPQ8SRm6dyHbey6x6
Y5IhF8LvmHmuJX7HQ+25fxaUXuxk12OkNGUB2efK49EGAyTxQFXM2FS7EbpLNyDr
HRZkiYMHpB0UMDj4SeHoVtIGs3ivpWzWecJpfvxwHYwUPgKaHBlX5zQPA/iqflFF
5qtKQBoB8s0F3jpWvXQCWTDODZpEvUJrIjJcjh2Wp61jkbC0mbbIRZpzNEVkZMi2
6ln3vwqvXa2WWPNWC1c58AOGGv99J29/Y7VmNOSVY7iX2mVedwNhOCM5PwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFC7juULM046pQpMUmwmAxLisozMQMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvTHVPNVFzelRqcWxDa3hTYkNZREV1S3lqTXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQALVarAwQA
LV8dMAwDBAAtgH0DBActgAADBABemr4DBADBu2kDBADCO7swDQYJKoZIhvcNAQEL
BQADggEBAM4IYrsL6EGZaarshFmWK8NVCFAu9XZ1Qop/R6ul/KFpCPRob1p3qlwb
/RlXyd3rwbIttfVeNy3TuWvoCaMctVr4k1piKrHPkuO1CS6vJYp9fJAEQ1HAWeYO
jZGyAFFdUyGFaodm0j0/0l3sqJiVoM+TCRDjO3zmj6FJdzm72rq6PHSQfBbaUiBm
I4406aNrS84PLc5tnO3y9UvAUEq0L84leOqmnz8olaaYUYexUljlSaqXmtglUFO2
NnKHBXE3PXWCPvwboZMKK+ir2K5KoeAWjXOVjMDzVJ8kbeCITjmw7HiNjHPJh1/v
dnAeGPmi+vomVD6oxjTr8JBNfeSwFrU=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:08 2023 by rpki-client on console.sobornost.net