Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/d-cB-GWYbJs4TdR0jLMAFKBM9zI.roa
File: d-cB-GWYbJs4TdR0jLMAFKBM9zI.roa (raw, json)
Hash identifier: p+5pKv6RgaMZWAvsNYge7YulNE25unUDJ6WaiA5UAdQ=
Subject key identifier: 77:E7:01:F8:65:98:6C:9B:38:4D:D4:74:8C:B3:00:14:A0:4C:F7:32
Certificate issuer: /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial: 018748DCAE2D15804679A3842BFFFEF892E8
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/d-cB-GWYbJs4TdR0jLMAFKBM9zI.roa
Signing time: Mon 03 Apr 2023 20:43:54 +0000
ROA not before: Mon 03 Apr 2023 20:43:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3302
IP address blocks: 194.20.0.0/16 maxlen: 24
213.149.192.0/19 maxlen: 19
212.90.0.0/19 maxlen: 24
185.82.0.0/22 maxlen: 22
194.21.0.0/18 maxlen: 24
194.21.128.0/18 maxlen: 24
194.153.192.0/20 maxlen: 24
213.136.128.0/18 maxlen: 24
212.110.0.0/19 maxlen: 24
195.62.224.0/19 maxlen: 24
213.198.128.0/18 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:48:dc:ae:2d:15:80:46:79:a3:84:2b:ff:fe:f8:92:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Validity
Not Before: Apr 3 20:43:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=77e701f865986c9b384dd4748cb30014a04cf732
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:00:4e:6c:64:45:23:65:64:86:24:85:09:72:
5e:34:08:62:24:c4:30:f3:71:92:a1:e9:f3:0c:5b:
f7:a5:ab:98:56:7c:7b:97:86:7b:ae:28:ca:c4:02:
75:2c:1e:80:e8:1f:98:53:f2:d8:b2:96:67:e4:8b:
d9:a0:a5:73:dc:60:21:23:02:95:20:80:35:3d:88:
45:00:91:8e:5a:9b:a1:06:25:75:38:53:fa:77:a9:
3b:8b:aa:f3:c9:ae:9e:6c:88:e2:36:c4:5c:cc:16:
b4:df:fc:88:f7:cf:05:b6:cd:b5:d0:85:3a:8c:3f:
0f:83:82:c5:06:4e:70:bd:5a:61:ee:0d:a0:ab:57:
e8:62:1a:56:91:00:59:9b:01:08:50:2b:08:3e:7a:
f9:b6:6d:b5:09:b3:99:9f:72:f7:4d:d7:c5:1c:3b:
4f:90:78:49:b6:8a:27:61:c2:cf:3e:28:73:ba:18:
b5:33:a5:ec:20:4a:54:68:ac:7c:5e:c4:60:c3:aa:
cd:92:2f:b7:bb:9f:58:1e:05:46:e3:89:c2:b5:6a:
59:1e:57:1f:c3:9b:67:5b:a6:1d:7b:84:d2:ef:d0:
f2:11:a1:c1:32:c2:82:af:95:59:5f:50:b4:69:6d:
f0:86:f0:0d:4e:23:7b:e9:86:51:2f:4d:d2:ba:ec:
87:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:E7:01:F8:65:98:6C:9B:38:4D:D4:74:8C:B3:00:14:A0:4C:F7:32
X509v3 Authority Key Identifier:
keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/d-cB-GWYbJs4TdR0jLMAFKBM9zI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.82.0.0/22
194.20.0.0-194.21.63.255
194.21.128.0/18
194.153.192.0/20
195.62.224.0/19
212.90.0.0/19
212.110.0.0/19
213.136.128.0/18
213.149.192.0/19
213.198.128.0/18
Signature Algorithm: sha256WithRSAEncryption
5c:79:a5:02:80:40:b5:b7:08:4f:77:d5:d2:d5:75:a6:48:f8:
52:ce:cf:ed:93:96:f7:18:02:7e:94:aa:fa:0f:e2:5e:6f:0d:
58:81:5f:dc:7e:56:05:df:d1:0a:c9:db:c4:e3:57:58:c2:32:
00:79:1e:6b:ab:e6:50:36:52:61:2f:9e:1e:64:51:d7:36:cd:
14:a4:16:8a:a2:69:85:65:b9:4c:32:1d:04:3e:a8:61:10:9f:
e1:da:4f:2b:a0:9a:42:ba:49:33:cc:b5:40:36:9a:f4:45:42:
7c:d6:cf:09:39:ca:66:26:5a:e1:c3:8c:b0:b3:62:6a:16:dc:
9c:08:da:90:ca:e9:63:6f:44:17:16:d1:27:38:3e:6a:93:60:
14:fb:ed:4a:83:19:7e:49:4a:9a:73:a7:72:74:09:d5:83:a8:
7f:e3:34:f3:f6:b9:18:19:7c:5d:f7:8b:fc:d9:71:e7:43:28:
50:e8:b0:2f:68:de:37:00:b5:50:74:a8:d1:f0:a5:4c:ee:5c:
08:37:a4:8b:1c:0a:5f:6d:8d:e3:56:c4:8a:ae:6b:75:d0:36:
be:6d:37:11:ca:5a:08:da:92:6c:ee:45:c6:e7:15:db:37:d4:
34:dd:08:0d:d7:36:d4:bf:98:04:6f:26:7d:06:61:43:9e:12:
11:33:70:a5
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYdI3K4tFYBGeaOEK//++JLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjMwNDAzMjA0MzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U3MDFmODY1OTg2YzliMzg0ZGQ0NzQ4Y2IzMDAxNGEwNGNmNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQBObGRFI2VkhiSFCXJeNAhiJMQw
83GSoenzDFv3pauYVnx7l4Z7rijKxAJ1LB6A6B+YU/LYspZn5IvZoKVz3GAhIwKV
IIA1PYhFAJGOWpuhBiV1OFP6d6k7i6rzya6ebIjiNsRczBa03/yI988Fts210IU6
jD8Pg4LFBk5wvVph7g2gq1foYhpWkQBZmwEIUCsIPnr5tm21CbOZn3L3TdfFHDtP
kHhJtoonYcLPPihzuhi1M6XsIEpUaKx8XsRgw6rNki+3u59YHgVG44nCtWpZHlcf
w5tnW6Yde4TS79DyEaHBMsKCr5VZX1C0aW3whvANTiN76YZRL03SuuyHTQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFHfnAfhlmGybOE3UdIyzABSgTPcyMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvZC1jQi1HV1liSnM0VGRSMGpMTUFGS0JNOXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAATBDAwQCuVIAMAsD
AwLCFAMEBsIVAAMEBsIVgAMEBMKZwAMEBcM+4AMEBdRaAAMEBdRuAAMEBtWIgAME
BdWVwAMEBtXGgDANBgkqhkiG9w0BAQsFAAOCAQEAXHmlAoBAtbcIT3fV0tV1pkj4
Us7P7ZOW9xgCfpSq+g/iXm8NWIFf3H5WBd/RCsnbxONXWMIyAHkea6vmUDZSYS+e
HmRR1zbNFKQWiqJphWW5TDIdBD6oYRCf4dpPK6CaQrpJM8y1QDaa9EVCfNbPCTnK
ZiZa4cOMsLNiahbcnAjakMrpY29EFxbRJzg+apNgFPvtSoMZfklKmnOncnQJ1YOo
f+M08/a5GBl8XfeL/Nlx50MoUOiwL2jeNwC1UHSo0fClTO5cCDekixwKX22N41bE
iq5rddA2vm03EcpaCNqSbO5FxucV2zfUNN0IDdc21L+YBG8mfQZhQ54SETNwpQ==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:37 2023 by rpki-client on console.sobornost.net