Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/waalVdaKxpLgD5OV98uU95mHF2Y.roa
File: waalVdaKxpLgD5OV98uU95mHF2Y.roa (raw, json)
Hash identifier: p9Y4lE6IIumxoqqkxWjSC0MnDKkLAlqDEWZckI8S6hM=
Subject key identifier: C1:A6:A5:55:D6:8A:C6:92:E0:0F:93:95:F7:CB:94:F7:99:87:17:66
Certificate issuer: /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial: 018570B987B90699636EB4226AEABD903A6E
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/waalVdaKxpLgD5OV98uU95mHF2Y.roa
Signing time: Mon 02 Jan 2023 04:24:45 +0000
ROA not before: Mon 02 Jan 2023 04:24:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3302
IP address blocks: 194.20.0.0/16 maxlen: 24
194.21.0.0/18 maxlen: 24
194.21.128.0/18 maxlen: 24
195.62.224.0/19 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:b9:87:b9:06:99:63:6e:b4:22:6a:ea:bd:90:3a:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Validity
Not Before: Jan 2 04:24:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c1a6a555d68ac692e00f9395f7cb94f799871766
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:66:4a:cd:3b:e5:6f:04:c0:74:a2:05:00:04:
2a:05:1e:95:73:de:c3:0d:dd:4e:9e:d8:7e:55:93:
bb:ce:19:20:a2:5f:c8:7c:89:cf:92:49:33:65:b9:
5d:cd:03:01:e0:eb:3f:15:b2:11:11:cb:4d:da:b9:
2b:37:cc:9a:95:cf:db:6d:18:38:0a:2b:d0:cc:73:
3d:3d:eb:38:83:14:29:41:f7:a8:3c:d1:b8:c1:5b:
e5:33:b2:b6:c5:1c:9a:38:1d:8c:64:19:7c:35:c1:
b8:30:6c:e8:df:ab:c9:2b:8d:dc:ec:9d:9e:f8:5d:
48:e3:0d:c6:c3:75:06:cc:9c:17:38:98:8f:32:d7:
0e:93:63:bc:13:57:e7:df:df:81:1b:32:54:db:1a:
fb:66:b8:66:23:e9:82:74:e8:2b:60:ef:65:8b:d6:
25:4f:ff:ba:3b:0d:18:67:45:fb:55:07:2e:7b:6b:
d3:73:24:83:a6:ed:13:75:79:26:f3:9b:01:1f:b5:
f7:4d:41:35:a9:88:e1:d7:5c:d1:f7:18:7c:56:98:
9e:ad:9d:e7:58:7d:44:a2:b7:42:90:6a:01:aa:bd:
5a:e8:e7:7f:05:d3:8e:7c:60:22:7c:08:7a:ca:05:
6c:77:99:d6:8b:5b:1c:bd:0a:ed:79:d5:74:84:2d:
14:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:A6:A5:55:D6:8A:C6:92:E0:0F:93:95:F7:CB:94:F7:99:87:17:66
X509v3 Authority Key Identifier:
keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/waalVdaKxpLgD5OV98uU95mHF2Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.20.0.0-194.21.63.255
194.21.128.0/18
195.62.224.0/19
Signature Algorithm: sha256WithRSAEncryption
08:1a:3a:28:23:06:49:0b:b6:4c:34:ab:8a:e9:f7:0d:db:2d:
60:b0:38:b6:d1:bb:b2:ed:a5:79:d7:3d:93:20:30:51:b7:dc:
ff:83:6b:5d:d1:5b:41:a2:d0:97:30:8c:59:45:ec:93:95:2f:
2c:5c:f3:d9:22:9e:36:fd:f6:3f:0e:09:35:1b:49:f2:db:ea:
a7:f0:6d:f0:0c:49:8d:46:ba:69:4a:83:88:b1:9d:79:8a:88:
47:99:de:44:7e:8b:90:e5:9b:ab:03:c2:9c:9c:65:8b:88:7b:
6a:34:ce:3b:b0:4f:61:d3:42:4e:95:68:50:94:a4:fa:7b:dd:
07:9d:18:df:08:4a:15:48:1d:97:65:d4:64:3c:0f:9f:82:37:
77:62:98:07:c6:18:0f:29:7c:8f:29:d6:4e:2d:47:ac:1f:41:
1c:4e:52:f2:32:b5:04:7c:aa:a3:53:39:e3:1f:34:3b:97:aa:
fa:fa:b7:dd:c6:3f:ac:63:19:a0:97:90:65:21:30:9f:70:3e:
f6:eb:1b:52:c3:f6:94:3c:28:ba:1b:10:fc:c7:c9:cf:e7:60:
a0:09:6d:0b:9d:21:7f:68:2f:84:00:2f:ed:0c:5f:8a:b7:2e:
51:15:66:b4:db:06:ec:97:a8:cc:72:49:42:b1:c2:ad:12:7a:
7c:0c:dc:ab
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYVwuYe5BpljbrQiauq9kDpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjMwMTAyMDQyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWE2YTU1NWQ2OGFjNjkyZTAwZjkzOTVmN2NiOTRmNzk5ODcxNzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mZKzTvlbwTAdKIFAAQqBR6Vc97D
Dd1Onth+VZO7zhkgol/IfInPkkkzZbldzQMB4Os/FbIREctN2rkrN8yalc/bbRg4
CivQzHM9Pes4gxQpQfeoPNG4wVvlM7K2xRyaOB2MZBl8NcG4MGzo36vJK43c7J2e
+F1I4w3Gw3UGzJwXOJiPMtcOk2O8E1fn39+BGzJU2xr7ZrhmI+mCdOgrYO9li9Yl
T/+6Ow0YZ0X7VQcue2vTcySDpu0TdXkm85sBH7X3TUE1qYjh11zR9xh8VpierZ3n
WH1EordCkGoBqr1a6Od/BdOOfGAifAh6ygVsd5nWi1scvQrtedV0hC0UwQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFMGmpVXWisaS4A+TlffLlPeZhxdmMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvd2FhbFZkYUt4cExnRDVPVjk4dVU5NW1IRjJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZMAsDAwLCFAME
BsIVAAMEBsIVgAMEBcM+4DANBgkqhkiG9w0BAQsFAAOCAQEACBo6KCMGSQu2TDSr
iun3DdstYLA4ttG7su2ledc9kyAwUbfc/4NrXdFbQaLQlzCMWUXsk5UvLFzz2SKe
Nv32Pw4JNRtJ8tvqp/Bt8AxJjUa6aUqDiLGdeYqIR5neRH6LkOWbqwPCnJxli4h7
ajTOO7BPYdNCTpVoUJSk+nvdB50Y3whKFUgdl2XUZDwPn4I3d2KYB8YYDyl8jynW
Ti1HrB9BHE5S8jK1BHyqo1M54x80O5eq+vq33cY/rGMZoJeQZSEwn3A+9usbUsP2
lDwouhsQ/MfJz+dgoAltC50hf2gvhAAv7QxfircuURVmtNsG7JeozHJJQrHCrRJ6
fAzcqw==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:37 2023 by rpki-client on console.sobornost.net