Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/2rPcwxlXT4At5EqqG9CNAGaZLuE.roa
File: 2rPcwxlXT4At5EqqG9CNAGaZLuE.roa (raw, json)
Hash identifier: rL3XuxvIYvsSUGGPd5scSMd1Pux+wtOIdfsHq6yBJFE=
Subject key identifier: DA:B3:DC:C3:19:57:4F:80:2D:E4:4A:AA:1B:D0:8D:00:66:99:2E:E1
Certificate issuer: /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial: 0188B42E2606223F69637551586E103A9CD7
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/2rPcwxlXT4At5EqqG9CNAGaZLuE.roa
Signing time: Tue 13 Jun 2023 09:55:03 +0000
ROA not before: Tue 13 Jun 2023 09:55:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3302
IP address blocks: 185.82.0.0/22 maxlen: 22
213.136.128.0/18 maxlen: 24
217.29.160.0/20 maxlen: 20
193.219.30.0/24 maxlen: 24
194.20.0.0/16 maxlen: 24
213.149.192.0/19 maxlen: 19
212.90.0.0/19 maxlen: 24
194.21.0.0/18 maxlen: 24
194.21.128.0/18 maxlen: 24
194.153.192.0/20 maxlen: 24
83.211.0.0/16 maxlen: 24
212.110.0.0/19 maxlen: 24
62.94.0.0/16 maxlen: 24
194.153.212.0/23 maxlen: 24
195.62.224.0/19 maxlen: 24
194.153.208.0/22 maxlen: 24
213.198.128.0/18 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b4:2e:26:06:22:3f:69:63:75:51:58:6e:10:3a:9c:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Validity
Not Before: Jun 13 09:55:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dab3dcc319574f802de44aaa1bd08d0066992ee1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:b5:b2:26:b4:e4:72:00:d4:08:2c:65:a1:34:
e3:93:de:1f:90:15:27:c7:a3:7b:d2:3a:35:74:5c:
96:c4:c8:b7:93:d4:2a:91:51:a5:ba:04:c8:ff:12:
07:88:da:f8:22:26:fc:9a:53:4c:76:e4:6f:31:89:
5d:1b:d3:e9:76:73:e1:23:d2:a1:e7:e8:e0:72:41:
59:9b:e8:f4:3c:4d:c7:9e:f7:0a:c3:95:f6:3d:cb:
0f:ef:9f:85:ee:37:79:8d:4d:b2:b1:f5:1f:54:a8:
ce:60:b8:5a:1e:38:69:9b:d7:ad:51:f6:21:23:c8:
3b:d5:41:39:58:83:0e:7b:23:6b:2e:ca:45:c2:bd:
e0:28:33:1b:f9:41:18:45:95:5a:55:e3:71:d0:fd:
77:5b:96:ff:29:28:00:da:bd:b4:c7:9f:c6:d7:f8:
15:97:bb:3f:05:48:2f:89:7d:4d:11:d2:ff:e4:41:
ed:e1:03:da:9c:4c:89:86:70:62:c9:4f:bf:c6:4c:
82:38:af:b1:03:29:87:21:9f:af:56:70:95:04:1c:
75:a9:ff:23:f5:24:68:fe:fb:b9:12:53:a5:df:52:
eb:6d:04:92:29:31:53:b7:02:6e:da:44:87:bc:52:
3a:60:d7:54:98:6c:17:cb:b7:c2:9b:fb:be:0f:65:
90:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:B3:DC:C3:19:57:4F:80:2D:E4:4A:AA:1B:D0:8D:00:66:99:2E:E1
X509v3 Authority Key Identifier:
keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/2rPcwxlXT4At5EqqG9CNAGaZLuE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.94.0.0/16
83.211.0.0/16
185.82.0.0/22
193.219.30.0/24
194.20.0.0-194.21.63.255
194.21.128.0/18
194.153.192.0-194.153.213.255
195.62.224.0/19
212.90.0.0/19
212.110.0.0/19
213.136.128.0/18
213.149.192.0/19
213.198.128.0/18
217.29.160.0/20
Signature Algorithm: sha256WithRSAEncryption
b4:83:e2:1e:46:a3:a4:b0:12:28:67:b8:ee:52:45:06:21:78:
0e:8b:eb:ab:ad:4c:36:e7:41:23:6a:4c:57:cf:63:16:21:00:
3b:be:b8:24:98:ac:d0:d8:93:9f:25:ef:b4:78:ae:fd:e0:49:
a6:51:92:43:a2:7f:4b:96:ab:9e:02:ff:8c:8b:74:2b:69:6c:
85:1a:d2:74:87:e2:72:f3:28:e1:8a:75:75:29:a5:ef:ff:1c:
c2:79:5f:90:cb:be:8a:4e:45:c7:82:25:71:72:5a:2b:e2:b0:
db:1f:a3:c1:50:b7:2e:e3:b8:1b:44:36:6d:d3:96:e2:c9:64:
57:ad:a5:8a:b7:64:40:ec:d9:0a:8c:e8:22:65:91:a0:11:09:
82:ea:d2:5d:48:1e:39:fa:99:f8:5a:32:70:bf:f8:36:b6:4a:
f6:b2:f8:0e:15:c7:2a:39:ce:13:c8:64:f6:50:58:f3:3c:af:
a3:e1:6b:e5:7e:2c:43:84:d0:7a:f7:c6:13:c6:bb:93:86:a7:
a9:da:06:e0:92:a0:00:4d:cf:60:88:2a:0f:c7:38:cf:26:9f:
d9:6b:d8:d5:03:cc:71:0a:e5:ee:d9:49:30:b0:26:67:f1:01:
d2:08:f2:bf:4c:97:ec:89:e8:da:d9:02:fc:23:6c:a1:9c:16:
a9:31:90:14
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYi0LiYGIj9pY3VRWG4QOpzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjMwNjEzMDk1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWIzZGNjMzE5NTc0ZjgwMmRlNDRhYWExYmQwOGQwMDY2OTkyZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLWyJrTkcgDUCCxloTTjk94fkBUn
x6N70jo1dFyWxMi3k9QqkVGlugTI/xIHiNr4Iib8mlNMduRvMYldG9PpdnPhI9Kh
5+jgckFZm+j0PE3HnvcKw5X2PcsP75+F7jd5jU2ysfUfVKjOYLhaHjhpm9etUfYh
I8g71UE5WIMOeyNrLspFwr3gKDMb+UEYRZVaVeNx0P13W5b/KSgA2r20x5/G1/gV
l7s/BUgviX1NEdL/5EHt4QPanEyJhnBiyU+/xkyCOK+xAymHIZ+vVnCVBBx1qf8j
9SRo/vu5ElOl31LrbQSSKTFTtwJu2kSHvFI6YNdUmGwXy7fCm/u+D2WQuwIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFNqz3MMZV0+ALeRKqhvQjQBmmS7hMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvMnJQY3d4bFhUNEF0NUVxcUc5Q05BR2FaTHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBnBAIAATBhAwMAPl4DAwBT
0wMEArlSAAMEAMHbHjALAwMCwhQDBAbCFQADBAbCFYAwDAMEBsKZwAMEAcKZ1AME
BcM+4AMEBdRaAAMEBdRuAAMEBtWIgAMEBdWVwAMEBtXGgAMEBNkdoDANBgkqhkiG
9w0BAQsFAAOCAQEAtIPiHkajpLASKGe47lJFBiF4Dovrq61MNudBI2pMV89jFiEA
O764JJis0NiTnyXvtHiu/eBJplGSQ6J/S5arngL/jIt0K2lshRrSdIficvMo4Yp1
dSml7/8cwnlfkMu+ik5Fx4IlcXJaK+Kw2x+jwVC3LuO4G0Q2bdOW4slkV62lirdk
QOzZCozoImWRoBEJgurSXUgeOfqZ+FoycL/4NrZK9rL4DhXHKjnOE8hk9lBY8zyv
o+Fr5X4sQ4TQevfGE8a7k4anqdoG4JKgAE3PYIgqD8c4zyaf2WvY1QPMcQrl7tlJ
MLAmZ/EB0gjyv0yX7Ino2tkC/CNsoZwWqTGQFA==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:37 2023 by rpki-client on console.sobornost.net