Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2-4pQovpojW9qqllOQvZI6gR1Ag.roa
File: 2-4pQovpojW9qqllOQvZI6gR1Ag.roa (raw, json)
Hash identifier: 9JuOMTCDGqynPIMUjrmKp5C9zjzTM0VdHh2uUvQifyY=
Subject key identifier: DB:EE:29:42:8B:E9:A2:35:BD:AA:A9:65:39:0B:D9:23:A8:11:D4:08
Certificate issuer: /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial: 05A2210E
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2-4pQovpojW9qqllOQvZI6gR1Ag.roa
Signing time: Mon 27 Jun 2022 06:57:47 +0000
ROA not before: Mon 27 Jun 2022 06:57:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 51295
IP address blocks: 185.179.156.0/22 maxlen: 22
185.248.196.0/22 maxlen: 22
194.165.26.0/24 maxlen: 24
45.153.89.0/24 maxlen: 24
2a0a:8880:1::/48 maxlen: 48
2a0a:8880:2::/48 maxlen: 48
2a0a:8880:aaaa::/48 maxlen: 48
2a0f:4440:aaaa::/48 maxlen: 48
2a0f:4440:abcd::/48 maxlen: 48
2a0a:8880::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 94511374 (0x5a2210e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Validity
Not Before: Jun 27 06:57:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dbee29428be9a235bdaaa965390bd923a811d408
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:dd:34:38:21:78:a4:d5:e3:5f:4c:18:71:28:
00:77:e2:49:cc:b8:ad:2b:59:96:eb:8e:25:2e:9f:
92:a2:13:33:61:b8:27:e4:fc:a3:f4:da:b8:f0:ea:
ec:d8:60:b9:fa:36:75:25:35:c0:02:f8:ef:b3:8c:
52:88:55:24:ba:7c:1c:01:db:92:4a:5a:1c:1e:61:
03:52:02:54:5d:22:e3:db:bf:ca:40:c2:1b:6a:3d:
1b:0d:db:46:c2:cb:75:93:5b:fa:e4:d5:27:1a:cd:
ae:a0:a3:b0:9b:90:91:a3:11:16:fe:10:bc:cf:b3:
e0:f2:30:b6:32:2b:0b:09:1c:1c:5a:27:2b:c0:e1:
90:04:65:6a:6f:55:24:90:46:91:24:da:74:13:c5:
3b:c7:ed:46:be:e4:f6:5b:53:c2:59:c4:a6:43:64:
eb:66:aa:a1:39:e5:46:4c:cd:8a:61:4c:62:eb:f5:
5f:ed:e2:ea:97:2d:83:46:11:49:a2:0a:e8:ce:67:
7d:7f:2c:05:68:41:b1:62:58:4a:3d:05:d9:7d:a6:
04:c5:11:09:ca:a7:a0:a4:6f:c1:ff:76:bd:82:8e:
97:2f:b3:d2:2f:af:61:62:93:73:4f:8e:7f:e7:1a:
01:41:76:4d:6d:38:90:b5:e3:05:ad:3e:36:51:06:
d6:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:EE:29:42:8B:E9:A2:35:BD:AA:A9:65:39:0B:D9:23:A8:11:D4:08
X509v3 Authority Key Identifier:
keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2-4pQovpojW9qqllOQvZI6gR1Ag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.89.0/24
185.179.156.0/22
185.248.196.0/22
194.165.26.0/24
IPv6:
2a0a:8880::-2a0a:8880:2:ffff:ffff:ffff:ffff:ffff
2a0a:8880:aaaa::/48
2a0f:4440:aaaa::/48
2a0f:4440:abcd::/48
Signature Algorithm: sha256WithRSAEncryption
4c:d4:ad:f9:57:83:79:c1:4d:18:c5:59:10:eb:47:40:f5:30:
62:f9:34:97:92:ae:01:a9:e3:d7:b2:ac:10:33:ee:ef:5a:9f:
eb:2d:90:8f:ba:d4:8a:fd:0c:b4:b9:73:5d:a3:e3:61:22:50:
23:f9:b3:0d:a8:05:f2:37:ad:62:86:98:b3:d1:b3:55:ed:87:
cd:ae:f9:91:0a:9f:3f:4a:42:39:f6:f7:a5:e5:a0:8f:87:c3:
ed:ea:59:7a:76:36:75:ad:8b:ee:b6:3e:4f:8a:45:71:59:06:
33:03:16:12:38:d0:2c:d7:9f:77:14:28:95:8e:a8:40:51:fa:
be:98:84:92:85:44:c8:fb:ab:12:ef:bb:a0:0f:42:1e:b9:d4:
88:2a:45:60:63:63:18:7a:13:e9:5d:58:7e:be:d4:16:8b:bd:
ab:93:37:ae:be:58:04:97:5a:70:0c:a0:ad:98:cb:09:7d:1f:
03:c1:c1:a1:34:18:59:73:8f:f4:a0:ac:a7:18:cb:5b:fd:49:
8f:1a:c5:56:6e:13:5e:bd:7c:40:7a:f6:c0:4c:7c:c2:2e:6c:
71:83:97:e6:03:fe:d5:d5:cb:5b:b5:97:38:05:59:23:54:2e:
d9:cf:0b:38:e6:d5:65:39:23:e0:84:ab:c8:4f:43:57:f5:f4:
1e:c5:e2:a8
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgIEBaIhDjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
OTgyNDdkM2Y4MTQ3MmRiYmEwNmRiZWE5YmQxOWM3ODVkMThiYWJlMB4XDTIyMDYy
NzA2NTc0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGJlZTI5NDI4YmU5
YTIzNWJkYWFhOTY1MzkwYmQ5MjNhODExZDQwODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIjdNDgheKTV419MGHEoAHfiScy4rStZluuOJS6fkqITM2G4
J+T8o/TauPDq7Nhgufo2dSU1wAL477OMUohVJLp8HAHbkkpaHB5hA1ICVF0i49u/
ykDCG2o9Gw3bRsLLdZNb+uTVJxrNrqCjsJuQkaMRFv4QvM+z4PIwtjIrCwkcHFon
K8DhkARlam9VJJBGkSTadBPFO8ftRr7k9ltTwlnEpkNk62aqoTnlRkzNimFMYuv1
X+3i6pctg0YRSaIK6M5nfX8sBWhBsWJYSj0F2X2mBMURCcqnoKRvwf92vYKOly+z
0i+vYWKTc0+Of+caAUF2TW04kLXjBa0+NlEG1vECAwEAAaOCAlAwggJMMB0GA1Ud
DgQWBBTb7ilCi+miNb2qqWU5C9kjqBHUCDAfBgNVHSMEGDAWgBTZgkfT+BRy27oG
2+qb0Zx4XRi6vjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJZSkgwX2dVY3R1NkJ0dnFtOUdjZUYwWXVyNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjgvNmRiYzk5LWJmYTktNGVmNy1hNzk4LWEzMDMyNjE1NjYwYy8x
LzItNHBRb3Zwb2pXOXFxbGxPUXZaSTZnUjFBZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjgv
NmRiYzk5LWJmYTktNGVmNy1hNzk4LWEzMDMyNjE1NjYwYy8xLzJZSkgwX2dVY3R1
NkJ0dnFtOUdjZUYwWXVyNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBm
BggrBgEFBQcBBwEB/wRXMFUwHgQCAAEwGAMEAC2ZWQMEArmznAMEArn4xAMEAMKl
GjAzBAIAAjAtMBADBQcqCoiAAwcAKgqIgAACAwcAKgqIgKqqAwcAKg9EQKqqAwcA
Kg9EQKvNMA0GCSqGSIb3DQEBCwUAA4IBAQBM1K35V4N5wU0YxVkQ60dA9TBi+TSX
kq4BqePXsqwQM+7vWp/rLZCPutSK/Qy0uXNdo+NhIlAj+bMNqAXyN61ihpiz0bNV
7YfNrvmRCp8/SkI59vel5aCPh8Pt6ll6djZ1rYvutj5PikVxWQYzAxYSONAs1593
FCiVjqhAUfq+mISShUTI+6sS77ugD0IeudSIKkVgY2MYehPpXVh+vtQWi72rkzeu
vlgEl1pwDKCtmMsJfR8DwcGhNBhZc4/0oKynGMtb/UmPGsVWbhNevXxAevbATHzC
Lmxxg5fmA/7V1ctbtZc4BVkjVC7Zzws45tVlOSPghKvIT0NX9fQexeKo
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:22 2023 by rpki-client on console.sobornost.net