Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/u0URWID0473t4nMX1uqg8do41-g.roa
File: u0URWID0473t4nMX1uqg8do41-g.roa (raw, json)
Hash identifier: 0oJPrnwUG42yOaHx8pCz8BqPmaOzQLvCgGVWAxBtLJ4=
Subject key identifier: BB:45:11:58:80:F4:E3:BD:ED:E2:73:17:D6:EA:A0:F1:DA:38:D7:E8
Certificate issuer: /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial: 03BF1F6C
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/u0URWID0473t4nMX1uqg8do41-g.roa
Signing time: Sat 01 Jan 2022 14:08:27 +0000
ROA not before: Sat 01 Jan 2022 14:08:27 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209709
IP address blocks: 195.69.78.0/24 maxlen: 24
195.69.77.0/24 maxlen: 24
185.170.108.0/22 maxlen: 22
91.247.40.0/21 maxlen: 21
91.247.48.0/22 maxlen: 22
185.99.28.0/22 maxlen: 22
5.182.12.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 62857068 (0x3bf1f6c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
Validity
Not Before: Jan 1 14:08:27 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bb45115880f4e3bdede27317d6eaa0f1da38d7e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:50:37:fa:a1:08:29:a7:91:1a:b5:89:d6:86:
54:a9:16:a7:96:2c:c5:39:8e:c8:98:af:aa:d7:7d:
80:3a:57:c2:c5:27:25:57:19:5f:4c:d2:fa:28:58:
45:f2:61:ff:1d:ca:02:85:24:71:f0:e0:1a:77:92:
6b:8c:58:c3:34:ed:9e:7d:6e:df:a9:99:de:be:e5:
d3:db:60:9c:cf:04:d5:c1:f5:41:1d:08:d4:b7:fe:
ca:d6:9a:52:44:f3:67:da:1b:c4:53:6b:4d:0d:a7:
32:7a:be:20:b3:ab:01:b9:d5:73:d1:4c:f1:1d:44:
ce:1d:13:87:11:a5:fe:ed:a4:6a:3f:e4:de:d8:9c:
8f:41:b3:07:6b:db:6b:13:a5:41:a1:12:09:18:84:
db:cd:43:61:f2:1e:21:a8:7f:85:30:5a:bc:0d:6b:
d1:db:3c:1f:75:86:9f:ae:58:ec:ce:ad:44:c5:a9:
1f:f6:39:2e:60:c1:9f:f6:0e:42:84:82:f3:79:64:
91:2e:29:84:84:36:27:36:48:32:18:ab:56:db:ea:
33:6f:38:46:99:f6:8c:96:f7:50:57:d5:95:de:04:
85:ef:39:84:89:ac:ff:06:e4:2c:45:d8:70:65:80:
7d:91:f0:08:51:c1:71:f8:74:6a:17:5f:38:1c:7d:
7e:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:45:11:58:80:F4:E3:BD:ED:E2:73:17:D6:EA:A0:F1:DA:38:D7:E8
X509v3 Authority Key Identifier:
keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/u0URWID0473t4nMX1uqg8do41-g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.12.0/22
91.247.40.0-91.247.51.255
185.99.28.0/22
185.170.108.0/22
195.69.77.0-195.69.78.255
Signature Algorithm: sha256WithRSAEncryption
53:98:a4:64:9f:4c:50:9b:dd:27:fc:e2:d1:ad:28:8c:c2:a2:
60:68:40:f1:f5:66:39:31:00:25:11:b5:4e:ed:45:11:6e:70:
7b:92:58:5f:f8:1e:da:78:c1:5e:c0:28:e6:7a:0f:25:8e:bf:
31:ab:d3:e0:fe:ab:9b:3f:1d:63:4d:ac:f7:72:c4:20:0f:72:
99:b4:c2:49:32:b7:c2:14:a0:c4:1d:1e:63:ec:f9:3b:e0:23:
ec:ac:c4:c6:ae:99:44:03:ca:f9:70:bd:c8:f2:5b:87:04:ed:
d1:ae:73:92:ef:e3:5b:7a:f6:8e:2b:f5:51:3c:8e:fa:40:55:
ee:c7:10:b9:3d:ed:db:56:4a:95:d3:00:4f:53:5a:c5:79:e5:
0c:66:70:ba:77:34:1f:e2:b4:49:88:3c:61:6b:8c:7f:c1:7b:
ef:e1:e2:bc:50:9e:4d:80:dc:bd:51:1f:43:bd:e6:c9:14:b9:
22:0a:4c:f6:a3:de:be:d9:cc:3e:74:79:fe:79:5d:78:85:77:
37:08:b1:af:eb:33:3d:2b:0e:91:f5:ea:a4:74:80:07:b1:58:
23:27:91:22:65:61:32:8a:b5:eb:86:30:f5:96:44:1f:e8:9f:
df:68:91:92:82:6f:78:f1:ae:6e:91:ea:f5:5e:04:ed:94:f5:
6a:29:a0:10
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIEA78fbDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MTAyMWIyNTIyMjI5OTdiZmUzM2I3ZTRiMzE1YWM4ZDVlMDY3OTU0MB4XDTIyMDEw
MTE0MDgyN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmI0NTExNTg4MGY0
ZTNiZGVkZTI3MzE3ZDZlYWEwZjFkYTM4ZDdlODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANxQN/qhCCmnkRq1idaGVKkWp5YsxTmOyJivqtd9gDpXwsUn
JVcZX0zS+ihYRfJh/x3KAoUkcfDgGneSa4xYwzTtnn1u36mZ3r7l09tgnM8E1cH1
QR0I1Lf+ytaaUkTzZ9obxFNrTQ2nMnq+ILOrAbnVc9FM8R1Ezh0ThxGl/u2kaj/k
3ticj0GzB2vbaxOlQaESCRiE281DYfIeIah/hTBavA1r0ds8H3WGn65Y7M6tRMWp
H/Y5LmDBn/YOQoSC83lkkS4phIQ2JzZIMhirVtvqM284Rpn2jJb3UFfVld4Ehe85
hIms/wbkLEXYcGWAfZHwCFHBcfh0ahdfOBx9fhcCAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBS7RRFYgPTjve3icxfW6qDx2jjX6DAfBgNVHSMEGDAWgBQhAhslIiKZe/4z
t+SzFayNXgZ5VDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lRSWJKU0lpbVh2LU03ZmtzeFdzalY0R2VWUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWQvNTkyOTRjLTBmMjQtNDBjNS1iNWMzLTZlYWM2MmU2MGRmNy8x
L3UwVVJXSUQwNDczdDRuTVgxdXFnOGRvNDEtZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQv
NTkyOTRjLTBmMjQtNDBjNS1iNWMzLTZlYWM2MmU2MGRmNy8xL0lRSWJKU0lpbVh2
LU03ZmtzeFdzalY0R2VWUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwNAQCAAEwLgMEAgW2DDAMAwQDW/coAwQCW/cwAwQC
uWMcAwQCuapsMAwDBADDRU0DBADDRU4wDQYJKoZIhvcNAQELBQADggEBAFOYpGSf
TFCb3Sf84tGtKIzComBoQPH1ZjkxACURtU7tRRFucHuSWF/4Htp4wV7AKOZ6DyWO
vzGr0+D+q5s/HWNNrPdyxCAPcpm0wkkyt8IUoMQdHmPs+TvgI+ysxMaumUQDyvlw
vcjyW4cE7dGuc5Lv41t69o4r9VE8jvpAVe7HELk97dtWSpXTAE9TWsV55QxmcLp3
NB/itEmIPGFrjH/Be+/h4rxQnk2A3L1RH0O95skUuSIKTPaj3r7ZzD50ef55XXiF
dzcIsa/rMz0rDpH16qR0gAexWCMnkSJlYTKKteuGMPWWRB/on99okZKCb3jxrm6R
6vVeBO2U9WopoBA=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:03 2023 by rpki-client on console.sobornost.net