Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/1-ys5QzOQmsM32CbOlMqmbFXm7ic.roa
File: 1-ys5QzOQmsM32CbOlMqmbFXm7ic.roa (raw, json)
Hash identifier: +iyq+RpHdBvH5voDNVXYd0NS+3TaM0mAkgPRedXWekE=
Subject key identifier: FB:2B:39:43:33:90:9A:C3:37:D8:26:CE:94:CA:A6:6C:55:E6:EE:27
Certificate issuer: /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial: 0183217F6F6FB237CB5D009A58DE798BCC5B
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/1-ys5QzOQmsM32CbOlMqmbFXm7ic.roa
Signing time: Fri 09 Sep 2022 09:05:43 +0000
ROA not before: Fri 09 Sep 2022 09:05:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3302
IP address blocks: 194.20.0.0/16 maxlen: 24
194.21.0.0/18 maxlen: 24
194.21.128.0/18 maxlen: 24
195.62.224.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:21:7f:6f:6f:b2:37:cb:5d:00:9a:58:de:79:8b:cc:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Validity
Not Before: Sep 9 09:05:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fb2b394333909ac337d826ce94caa66c55e6ee27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:9a:74:c0:3f:6c:7f:72:c4:ae:f0:93:f7:04:
73:ce:0c:9c:fc:25:7f:59:99:92:56:64:bb:42:43:
a8:b9:e6:32:7a:1c:3b:b6:e5:c8:c7:f7:ad:99:7d:
10:97:f4:36:6e:d3:b4:d5:81:25:51:8f:90:6c:c4:
9d:5c:9b:d5:f6:44:e9:57:d7:14:ad:0d:ad:7c:e5:
27:2c:ef:98:9d:83:e2:8e:44:6f:2f:8a:31:5f:b5:
07:0f:f7:2b:5e:cc:95:01:83:fa:1b:cc:34:3b:22:
13:8c:a6:59:e9:da:9e:34:ff:f5:f3:b8:69:64:e2:
3c:d0:36:3a:f7:c9:8d:9a:ed:24:93:9e:33:7e:32:
e8:11:de:ee:8c:77:a9:cd:0d:b9:86:6a:1f:3e:ce:
fa:bf:58:f7:69:52:03:15:9b:cd:74:72:59:af:84:
e7:17:36:71:b2:ac:54:97:ac:f4:1b:f5:96:1d:35:
1d:e3:28:af:1b:28:f9:a9:aa:9d:d7:62:c3:8b:24:
18:3c:63:ac:bd:b0:67:e3:64:bc:3e:36:3a:6f:7e:
38:93:58:e3:ef:e4:51:9c:6e:48:a4:c7:11:66:a3:
91:16:e3:c3:f5:2c:c1:84:f1:61:8a:b3:6d:17:ec:
89:c8:82:84:db:f2:b5:7e:c8:a0:89:bd:5b:e2:69:
ce:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:2B:39:43:33:90:9A:C3:37:D8:26:CE:94:CA:A6:6C:55:E6:EE:27
X509v3 Authority Key Identifier:
keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/1-ys5QzOQmsM32CbOlMqmbFXm7ic.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.20.0.0-194.21.63.255
194.21.128.0/18
195.62.224.0/19
Signature Algorithm: sha256WithRSAEncryption
4f:bd:7b:8e:d3:b7:c6:19:18:0d:19:74:d3:6a:16:c6:6d:da:
ad:93:ed:d5:70:03:b9:c9:1e:95:03:0e:f1:c0:aa:7f:77:3f:
b2:5e:dd:02:2d:27:b4:cc:72:a4:d1:0f:f4:58:48:1b:33:9c:
74:a2:cf:98:22:c2:44:f2:3a:c8:5d:b4:57:fe:25:8f:1b:99:
38:03:b8:dc:73:fa:04:6d:67:cf:95:1b:96:45:85:27:05:5a:
1b:62:9e:b8:04:c8:6c:ed:38:3f:51:d6:9f:37:57:ed:5c:2c:
c2:1f:a5:ad:2d:fd:97:66:70:1d:be:28:d3:43:48:0a:cf:66:
5c:4c:7c:b2:e4:62:bb:05:3f:9e:3b:94:c5:91:93:31:71:e5:
b7:4a:3b:32:74:ce:e6:a1:c0:60:0a:a6:d0:8c:71:7a:b1:e3:
f7:6b:4c:de:e0:e7:50:6d:a6:e4:cd:9b:c6:31:7e:ab:91:78:
3f:36:05:2c:ed:57:83:2a:4f:0f:82:11:e6:ea:f6:98:bc:d2:
05:04:08:e1:61:25:71:68:80:58:f2:d2:ae:4d:ff:4b:e9:09:
bc:2b:6e:2d:e2:a2:66:47:73:29:c7:aa:8e:fa:70:64:b5:70:
f5:ef:90:4e:25:5f:ed:73:e6:92:55:9d:2c:75:f4:9b:5c:ad:
35:85:a7:a6
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYMhf29vsjfLXQCaWN55i8xbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjIwOTA5MDkwNTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjJiMzk0MzMzOTA5YWMzMzdkODI2Y2U5NGNhYTY2YzU1ZTZlZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJp0wD9sf3LErvCT9wRzzgyc/CV/
WZmSVmS7QkOoueYyehw7tuXIx/etmX0Ql/Q2btO01YElUY+QbMSdXJvV9kTpV9cU
rQ2tfOUnLO+YnYPijkRvL4oxX7UHD/crXsyVAYP6G8w0OyITjKZZ6dqeNP/187hp
ZOI80DY698mNmu0kk54zfjLoEd7ujHepzQ25hmofPs76v1j3aVIDFZvNdHJZr4Tn
FzZxsqxUl6z0G/WWHTUd4yivGyj5qaqd12LDiyQYPGOsvbBn42S8PjY6b344k1jj
7+RRnG5IpMcRZqORFuPD9SzBhPFhirNtF+yJyIKE2/K1fsigib1b4mnOrQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFPsrOUMzkJrDN9gmzpTKpmxV5u4nMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvMS15czVRek9RbXNNMzJDYk9sTXFtYkZYbTdpYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNmIvODA3ZWQ1LTUwYjMtNGU1Zi05MzY3LTViNWUzM2NlNzBh
ZC8xL2RUbTNvU05CZXFjWk1sbEdxb25nOHdxd3lnay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAyBggrBgEFBQcBBwEB/wQjMCEwHwQCAAEwGTALAwMCwhQD
BAbCFQADBAbCFYADBAXDPuAwDQYJKoZIhvcNAQELBQADggEBAE+9e47Tt8YZGA0Z
dNNqFsZt2q2T7dVwA7nJHpUDDvHAqn93P7Je3QItJ7TMcqTRD/RYSBsznHSiz5gi
wkTyOshdtFf+JY8bmTgDuNxz+gRtZ8+VG5ZFhScFWhtinrgEyGztOD9R1p83V+1c
LMIfpa0t/ZdmcB2+KNNDSArPZlxMfLLkYrsFP547lMWRkzFx5bdKOzJ0zuahwGAK
ptCMcXqx4/drTN7g51BtpuTNm8YxfquReD82BSztV4MqTw+CEebq9pi80gUECOFh
JXFogFjy0q5N/0vpCbwrbi3iomZHcynHqo76cGS1cPXvkE4lX+1z5pJVnSx19Jtc
rTWFp6Y=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:37 2023 by rpki-client on console.sobornost.net