Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/c547b8-99ab-42f1-a6cc-bc665bb21686/1/e1G55CgR3QN6LV3eFOYTTItnaTI.roa
File: e1G55CgR3QN6LV3eFOYTTItnaTI.roa (raw, json)
Hash identifier: rSlAfycZ7iwlVIUZDzEF8hEQL+7/+q5etub51fR0o50=
Subject key identifier: 7B:51:B9:E4:28:11:DD:03:7A:2D:5D:DE:14:E6:13:4C:8B:67:69:32
Certificate issuer: /CN=eb554c44046c36439a919738942f31fa756b6911
Certificate serial: 01857371543CCED265DBA901AC19B7137FB7
Authority key identifier: EB:55:4C:44:04:6C:36:43:9A:91:97:38:94:2F:31:FA:75:6B:69:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/61VMRARsNkOakZc4lC8x-nVraRE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6e/c547b8-99ab-42f1-a6cc-bc665bb21686/1/e1G55CgR3QN6LV3eFOYTTItnaTI.roa
Signing time: Mon 02 Jan 2023 17:04:45 +0000
ROA not before: Mon 02 Jan 2023 17:04:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15682
IP address blocks: 185.84.244.0/22 maxlen: 22
212.74.224.0/21 maxlen: 21
212.74.224.0/19 maxlen: 19
212.74.232.0/21 maxlen: 21
212.74.240.0/21 maxlen: 21
212.74.248.0/21 maxlen: 21
2a01:5f40::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:71:54:3c:ce:d2:65:db:a9:01:ac:19:b7:13:7f:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eb554c44046c36439a919738942f31fa756b6911
Validity
Not Before: Jan 2 17:04:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7b51b9e42811dd037a2d5dde14e6134c8b676932
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:47:3d:a1:1e:a0:ae:50:03:13:c4:19:3f:2e:
ea:b5:1d:35:2f:37:2d:cc:2d:a4:c5:b4:1c:cc:07:
c2:9d:86:6a:73:c6:2b:94:26:23:a8:b2:5d:17:5e:
fa:3c:0c:7d:78:68:ce:12:5c:74:94:09:b7:dd:c6:
68:9f:21:a0:2d:fb:42:a5:f9:7e:c1:4d:96:bf:2e:
2f:d2:4d:47:07:37:16:db:d9:08:cf:ad:4e:57:b1:
84:71:18:89:9c:75:76:7c:d0:4a:43:8d:fd:5f:02:
9f:31:63:1d:92:c4:13:2a:0a:18:ca:c4:a4:d7:cb:
b6:c8:02:a2:c2:d3:0e:d9:37:ac:a5:a2:eb:c0:20:
b4:ce:ad:34:12:0b:12:53:e9:ce:7a:93:27:51:84:
88:6a:ae:3d:14:db:60:5d:21:ed:9d:dd:a1:be:29:
d5:40:34:93:10:cd:f8:19:89:4d:72:41:9b:61:04:
69:6d:a9:cb:ee:a6:01:0d:a9:5d:c8:42:4c:3d:ff:
e5:0c:22:cd:65:a2:ca:cf:08:51:4c:28:2a:ea:fc:
5c:9d:06:1d:98:f1:73:0a:e4:1e:6a:d9:b8:e5:14:
69:63:5e:de:76:c6:94:b1:25:87:06:32:3d:a7:ee:
bb:5b:90:a1:71:f4:49:2e:7c:13:b6:5b:c7:2f:30:
84:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:51:B9:E4:28:11:DD:03:7A:2D:5D:DE:14:E6:13:4C:8B:67:69:32
X509v3 Authority Key Identifier:
keyid:EB:55:4C:44:04:6C:36:43:9A:91:97:38:94:2F:31:FA:75:6B:69:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/61VMRARsNkOakZc4lC8x-nVraRE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c547b8-99ab-42f1-a6cc-bc665bb21686/1/e1G55CgR3QN6LV3eFOYTTItnaTI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c547b8-99ab-42f1-a6cc-bc665bb21686/1/61VMRARsNkOakZc4lC8x-nVraRE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.84.244.0/22
212.74.224.0/19
IPv6:
2a01:5f40::/32
Signature Algorithm: sha256WithRSAEncryption
80:4e:64:3f:c3:a6:a9:a7:a3:16:4c:a3:af:f2:46:e1:96:f9:
98:42:ee:ed:67:39:3f:2d:74:8c:b2:9a:cd:bd:33:92:df:3f:
60:f2:46:d3:d9:ff:8d:8e:34:85:b5:fd:77:02:50:86:bc:2e:
b4:3f:d3:c2:1a:85:f0:cb:30:58:ac:da:8a:a5:b0:2c:cd:51:
8c:c8:03:22:d7:54:8e:15:2b:7f:3f:1b:22:77:f3:af:47:be:
dd:d9:c4:d1:a5:02:3d:ba:41:79:19:03:d2:05:45:69:e8:52:
9f:bb:0e:ac:b5:8d:fc:8d:b7:8c:0a:fa:0c:ee:50:ca:9a:9d:
10:7c:68:62:3b:d5:ac:d1:3c:b0:c0:63:53:01:aa:36:57:cf:
c4:5e:aa:af:f3:e2:ea:26:72:99:10:3d:e3:ae:d3:81:2b:fa:
e4:c3:f4:26:ea:48:88:d3:c4:4d:1d:c4:e4:ab:e0:4a:01:74:
9a:b5:0a:94:20:09:83:c5:e6:a1:39:78:56:f8:c7:b8:e8:da:
69:79:c4:34:da:50:87:24:99:19:b3:3f:92:c7:95:48:4f:c5:
e8:c5:4d:9e:e5:0e:b1:0d:e5:92:f9:d9:16:43:7f:99:35:82:
92:19:d5:86:b1:4d:f2:41:6a:36:9b:18:f8:16:b6:50:91:99:
39:54:e2:09
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVzcVQ8ztJl26kBrBm3E3+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNTU0YzQ0MDQ2YzM2NDM5YTkxOTczODk0MmYzMWZhNzU2
YjY5MTEwHhcNMjMwMTAyMTcwNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjUxYjllNDI4MTFkZDAzN2EyZDVkZGUxNGU2MTM0YzhiNjc2OTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUc9oR6grlADE8QZPy7qtR01Lzct
zC2kxbQczAfCnYZqc8YrlCYjqLJdF176PAx9eGjOElx0lAm33cZonyGgLftCpfl+
wU2Wvy4v0k1HBzcW29kIz61OV7GEcRiJnHV2fNBKQ439XwKfMWMdksQTKgoYysSk
18u2yAKiwtMO2TespaLrwCC0zq00EgsSU+nOepMnUYSIaq49FNtgXSHtnd2hvinV
QDSTEM34GYlNckGbYQRpbanL7qYBDaldyEJMPf/lDCLNZaLKzwhRTCgq6vxcnQYd
mPFzCuQeatm45RRpY17edsaUsSWHBjI9p+67W5ChcfRJLnwTtlvHLzCEIwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHtRueQoEd0Dei1d3hTmE0yLZ2kyMB8GA1UdIwQY
MBaAFOtVTEQEbDZDmpGXOJQvMfp1a2kRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjFWTVJBUnNOa09ha1pjNGxDOHgtblZyYVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jNTQ3YjgtOTlhYi00MmYxLWE2Y2Mt
YmM2NjViYjIxNjg2LzEvZTFHNTVDZ1IzUU42TFYzZUZPWVRUSXRuYVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jNTQ3YjgtOTlhYi00MmYxLWE2Y2MtYmM2NjViYjIxNjg2
LzEvNjFWTVJBUnNOa09ha1pjNGxDOHgtblZyYVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuVT0AwQF
1ErgMA0EAgACMAcDBQAqAV9AMA0GCSqGSIb3DQEBCwUAA4IBAQCATmQ/w6app6MW
TKOv8kbhlvmYQu7tZzk/LXSMsprNvTOS3z9g8kbT2f+NjjSFtf13AlCGvC60P9PC
GoXwyzBYrNqKpbAszVGMyAMi11SOFSt/Pxsid/OvR77d2cTRpQI9ukF5GQPSBUVp
6FKfuw6stY38jbeMCvoM7lDKmp0QfGhiO9Ws0TywwGNTAao2V8/EXqqv8+LqJnKZ
ED3jrtOBK/rkw/Qm6kiI08RNHcTkq+BKAXSatQqUIAmDxeahOXhW+Me46NppecQ0
2lCHJJkZsz+Sx5VIT8XoxU2e5Q6xDeWS+dkWQ3+ZNYKSGdWGsU3yQWo2mxj4FrZQ
kZk5VOIJ
-----END CERTIFICATE-----
Generated at Thu Dec 28 11:22:05 2023 by rpki-client on console.sobornost.net