Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/pKKiXQFQdaIgGirKn2ceEAgVIYI.roa
File: pKKiXQFQdaIgGirKn2ceEAgVIYI.roa (raw, json)
Hash identifier: E18l1VG+3AJ4ZgWoj1FOltKnZk1f8VB6rYMcvyOu6pg=
Subject key identifier: A4:A2:A2:5D:01:50:75:A2:20:1A:2A:CA:9F:67:1E:10:08:15:21:82
Certificate issuer: /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial: 018570B98B38AF114D2317608FAB7BDA1C1F
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/pKKiXQFQdaIgGirKn2ceEAgVIYI.roa
Signing time: Mon 02 Jan 2023 04:24:45 +0000
ROA not before: Mon 02 Jan 2023 04:24:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15589
IP address blocks: 81.92.32.0/20 maxlen: 24
213.136.128.0/18 maxlen: 24
217.15.208.0/20 maxlen: 24
212.90.0.0/19 maxlen: 24
213.183.128.0/19 maxlen: 24
194.153.192.0/20 maxlen: 24
83.211.0.0/16 maxlen: 24
212.110.0.0/19 maxlen: 24
194.153.208.0/22 maxlen: 24
62.94.0.0/16 maxlen: 24
194.153.212.0/23 maxlen: 24
213.198.128.0/18 maxlen: 24
2001:750::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:b9:8b:38:af:11:4d:23:17:60:8f:ab:7b:da:1c:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Validity
Not Before: Jan 2 04:24:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a4a2a25d015075a2201a2aca9f671e1008152182
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:41:fd:1a:9b:0d:9f:da:b4:01:72:a1:db:50:
ee:76:32:af:2d:5a:3f:83:3b:2f:54:b2:53:b8:01:
3d:01:a1:a4:54:33:87:8a:92:aa:ff:da:63:91:ad:
de:97:6a:de:e5:a5:fe:ba:b5:74:d6:85:08:54:54:
9b:f7:87:8a:ca:bf:4f:69:7d:da:e7:6f:df:66:21:
9b:1f:99:c6:b0:86:30:fc:e9:6a:d7:4c:14:28:57:
fe:b7:b9:92:44:4c:b2:3b:37:97:76:0c:1d:a1:bc:
0b:bb:a2:cf:4d:4f:3a:18:c3:3b:7b:13:58:a5:ee:
23:e6:70:ef:bd:8d:71:67:0c:39:36:22:36:4a:e2:
28:e5:b4:ef:9d:2d:9f:15:90:d8:cd:81:10:79:04:
ed:46:dc:40:13:61:8b:19:b0:54:71:db:d1:6e:54:
f7:1f:e9:8b:88:c7:41:0c:31:14:13:67:1f:c6:e8:
d4:c7:1c:a5:c0:cb:ec:41:68:9f:e8:5f:9a:15:b8:
c1:f2:7f:14:f8:76:fc:4e:cd:4b:50:ca:c8:69:99:
98:ac:97:41:7f:31:10:f4:d0:09:e8:8f:75:a6:c7:
fa:a6:4f:f7:8e:e0:65:bb:25:9e:69:45:b6:06:32:
d5:54:b4:e6:a8:e0:f2:18:60:17:04:2b:c8:66:dc:
3a:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:A2:A2:5D:01:50:75:A2:20:1A:2A:CA:9F:67:1E:10:08:15:21:82
X509v3 Authority Key Identifier:
keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/pKKiXQFQdaIgGirKn2ceEAgVIYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.94.0.0/16
81.92.32.0/20
83.211.0.0/16
194.153.192.0-194.153.213.255
212.90.0.0/19
212.110.0.0/19
213.136.128.0/18
213.183.128.0/19
213.198.128.0/18
217.15.208.0/20
IPv6:
2001:750::/29
Signature Algorithm: sha256WithRSAEncryption
93:e3:bb:8b:b7:2c:46:74:fd:37:3b:e1:5a:d7:cc:06:a5:77:
ad:ab:c1:21:89:fe:10:04:af:42:77:0d:3d:99:fc:2d:0a:b2:
70:71:c3:a6:e7:f1:11:b3:42:f4:d3:40:20:e8:65:07:58:de:
d2:7d:07:66:bd:05:5e:f0:11:07:4e:ae:35:4c:bb:70:de:49:
08:8f:74:15:38:1a:05:99:c8:f0:ad:0d:c9:27:ef:8d:4f:64:
6d:b3:d2:40:89:1d:1b:82:16:1b:08:10:e2:17:23:31:44:29:
19:d2:66:49:b9:ab:57:ad:64:73:20:cf:dc:d2:f3:8d:5c:36:
0f:5d:48:0f:37:de:c8:30:90:76:d9:22:02:b2:d0:32:9c:aa:
85:e4:3e:3f:e8:de:66:c9:96:eb:15:64:7b:7e:bf:d7:8c:8f:
1b:7b:36:af:fe:b1:02:7e:21:ff:3f:db:d3:14:c3:74:30:88:
71:94:3b:a1:b8:69:2c:ac:34:ef:96:c3:e1:f1:37:16:61:ac:
ef:0f:a9:19:ca:19:35:57:b4:08:c2:9b:7d:fa:b2:81:f5:31:
e3:8d:89:de:1a:ab:b6:11:38:4d:0b:19:61:7a:e4:ab:ec:97:
60:9c:05:32:d9:e2:71:7d:4a:fe:38:05:0a:2f:97:75:cd:41:
8e:16:5d:4f
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVwuYs4rxFNIxdgj6t72hwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjMwMTAyMDQyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGEyYTI1ZDAxNTA3NWEyMjAxYTJhY2E5ZjY3MWUxMDA4MTUyMTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyUH9GpsNn9q0AXKh21DudjKvLVo/
gzsvVLJTuAE9AaGkVDOHipKq/9pjka3el2re5aX+urV01oUIVFSb94eKyr9PaX3a
52/fZiGbH5nGsIYw/Olq10wUKFf+t7mSREyyOzeXdgwdobwLu6LPTU86GMM7exNY
pe4j5nDvvY1xZww5NiI2SuIo5bTvnS2fFZDYzYEQeQTtRtxAE2GLGbBUcdvRblT3
H+mLiMdBDDEUE2cfxujUxxylwMvsQWif6F+aFbjB8n8U+Hb8Ts1LUMrIaZmYrJdB
fzEQ9NAJ6I91psf6pk/3juBluyWeaUW2BjLVVLTmqODyGGAXBCvIZtw6OwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFKSiol0BUHWiIBoqyp9nHhAIFSGCMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvcEtLaVhRRlFkYUlnR2lyS24yY2VFQWdWSVlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwMAPl4DBARR
XCADAwBT0zAMAwQGwpnAAwQBwpnUAwQF1FoAAwQF1G4AAwQG1YiAAwQF1beAAwQG
1caAAwQE2Q/QMA0EAgACMAcDBQMgAQdQMA0GCSqGSIb3DQEBCwUAA4IBAQCT47uL
tyxGdP03O+Fa18wGpXetq8Ehif4QBK9Cdw09mfwtCrJwccOm5/ERs0L000Ag6GUH
WN7SfQdmvQVe8BEHTq41TLtw3kkIj3QVOBoFmcjwrQ3JJ++NT2Rts9JAiR0bghYb
CBDiFyMxRCkZ0mZJuatXrWRzIM/c0vONXDYPXUgPN97IMJB22SICstAynKqF5D4/
6N5myZbrFWR7fr/XjI8bezav/rECfiH/P9vTFMN0MIhxlDuhuGksrDTvlsPh8TcW
YazvD6kZyhk1V7QIwpt9+rKB9THjjYneGqu2EThNCxlheuSr7JdgnAUy2eJxfUr+
OAUKL5d1zUGOFl1P
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:37 2023 by rpki-client on console.sobornost.net