Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/W_nAj1aAr-wJHvm_nQ0YZ5nN2RI.roa
File: W_nAj1aAr-wJHvm_nQ0YZ5nN2RI.roa (raw, json)
Hash identifier: YhySNDcLOVKBFqfSbFDLfFQvXK0Z9E8wAYPjX0GeDfo=
Subject key identifier: 5B:F9:C0:8F:56:80:AF:EC:09:1E:F9:BF:9D:0D:18:67:99:CD:D9:12
Certificate issuer: /CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Certificate serial: 018A3BE5C4C885AD0AA865A73CB674128797
Authority key identifier: 85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/W_nAj1aAr-wJHvm_nQ0YZ5nN2RI.roa
Signing time: Mon 28 Aug 2023 11:27:08 +0000
ROA not before: Mon 28 Aug 2023 11:27:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204119
IP address blocks: 84.38.64.0/20 maxlen: 20
84.38.64.0/21 maxlen: 21
195.42.114.0/23 maxlen: 23
84.38.76.0/22 maxlen: 22
2a00:5080::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:3b:e5:c4:c8:85:ad:0a:a8:65:a7:3c:b6:74:12:87:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=85c3525d68b61116564e16e1dd4e56cb035c9c85
Validity
Not Before: Aug 28 11:27:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5bf9c08f5680afec091ef9bf9d0d186799cdd912
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:e5:c3:b6:26:63:45:0a:ce:59:f7:9a:25:a8:
e7:3b:a4:a5:40:1f:66:cf:fe:bf:28:26:ba:ce:e8:
d2:c7:eb:ea:e9:99:a8:ed:e8:96:ba:82:96:58:71:
06:dd:fa:a3:85:14:7d:ed:7f:e9:73:42:81:a3:c3:
05:e6:1b:56:94:a9:fe:25:04:85:69:17:39:bf:39:
cc:04:36:af:d4:25:a3:12:fd:55:1d:86:75:fd:de:
09:76:9b:92:c2:5a:2d:cd:92:18:e8:75:f7:c4:7d:
27:52:73:bd:19:1e:d5:02:66:f1:b6:6e:9c:18:1b:
12:99:e1:2d:6d:b0:6d:35:d1:9c:97:91:e6:c1:3a:
4e:eb:d1:35:5b:2e:41:58:f3:f2:12:f1:f0:88:a7:
f9:2c:26:09:83:32:80:e3:75:2d:65:6f:1f:b9:55:
f5:2e:96:12:d9:40:4a:93:95:d5:29:c0:b6:47:69:
e1:0d:82:2f:bc:21:bd:cf:d4:3a:ca:9f:a2:01:a3:
1f:90:4e:cb:21:76:0e:3e:96:0d:8e:f3:ec:38:4f:
39:52:8b:70:11:8d:58:21:6e:1c:aa:ca:96:d8:15:
38:48:e8:0d:a7:2a:28:04:59:66:9e:73:54:2a:4d:
d3:56:4e:e7:e4:41:00:17:cf:44:ff:5d:34:fb:6a:
bc:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:F9:C0:8F:56:80:AF:EC:09:1E:F9:BF:9D:0D:18:67:99:CD:D9:12
X509v3 Authority Key Identifier:
keyid:85:C3:52:5D:68:B6:11:16:56:4E:16:E1:DD:4E:56:CB:03:5C:9C:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hcNSXWi2ERZWThbh3U5WywNcnIU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/W_nAj1aAr-wJHvm_nQ0YZ5nN2RI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/9fbec1-ebd2-41ba-83d9-694dbfaddb8f/1/hcNSXWi2ERZWThbh3U5WywNcnIU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.38.64.0/20
195.42.114.0/23
IPv6:
2a00:5080::/32
Signature Algorithm: sha256WithRSAEncryption
7d:39:70:96:54:4d:2c:c2:b6:b1:b7:af:a3:7e:e8:14:31:92:
7f:b6:2a:f8:a7:59:55:76:78:15:8c:41:29:22:fc:89:05:41:
50:0b:16:7f:37:09:ea:9a:41:44:d8:56:27:87:49:bb:81:17:
09:d7:a2:31:0e:83:96:49:f2:9e:ca:2b:21:78:9b:8b:89:26:
57:df:16:53:e9:41:89:83:ae:ea:4d:d1:c8:9b:0d:9b:c6:93:
e9:5e:b8:57:ae:b8:d6:ec:c0:d3:a4:81:ac:c8:f5:a7:20:b4:
c1:b8:3b:cb:38:87:20:73:29:bb:25:bb:06:47:a8:f5:bf:7e:
1a:a7:4b:9d:79:a1:ea:7e:1b:77:1e:cd:a6:27:36:d0:1e:12:
ba:f5:e8:07:78:5d:9f:5f:25:06:b9:13:9a:4f:28:dd:e8:29:
5f:0d:b5:65:64:52:45:2d:01:58:aa:dc:96:0e:3f:ba:39:a6:
3b:b8:f7:ae:12:b2:4e:a5:03:26:20:da:e4:7d:71:e9:2c:53:
40:b0:fb:dd:4d:bf:6d:1f:17:26:c6:29:a4:ae:93:46:7d:bb:
29:ed:65:20:d5:25:74:da:6a:7a:ea:e7:09:f5:90:2d:0f:3c:
3f:d3:7e:13:b0:5f:63:59:5c:65:c4:14:39:58:26:64:d9:fa:
a6:19:d6:21
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYo75cTIha0KqGWnPLZ0EoeXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YzM1MjVkNjhiNjExMTY1NjRlMTZlMWRkNGU1NmNiMDM1
YzljODUwHhcNMjMwODI4MTEyNzA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmY5YzA4ZjU2ODBhZmVjMDkxZWY5YmY5ZDBkMTg2Nzk5Y2RkOTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOXDtiZjRQrOWfeaJajnO6SlQB9m
z/6/KCa6zujSx+vq6Zmo7eiWuoKWWHEG3fqjhRR97X/pc0KBo8MF5htWlKn+JQSF
aRc5vznMBDav1CWjEv1VHYZ1/d4JdpuSwlotzZIY6HX3xH0nUnO9GR7VAmbxtm6c
GBsSmeEtbbBtNdGcl5HmwTpO69E1Wy5BWPPyEvHwiKf5LCYJgzKA43UtZW8fuVX1
LpYS2UBKk5XVKcC2R2nhDYIvvCG9z9Q6yp+iAaMfkE7LIXYOPpYNjvPsOE85Uotw
EY1YIW4cqsqW2BU4SOgNpyooBFlmnnNUKk3TVk7n5EEAF89E/100+2q8aQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFv5wI9WgK/sCR75v50NGGeZzdkSMB8GA1UdIwQY
MBaAFIXDUl1othEWVk4W4d1OVssDXJyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDkt
Njk0ZGJmYWRkYjhmLzEvV19uQWoxYUFyLXdKSHZtX25RMFlaNW5OMlJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi85ZmJlYzEtZWJkMi00MWJhLTgzZDktNjk0ZGJmYWRkYjhm
LzEvaGNOU1hXaTJFUlpXVGhiaDNVNVd5d05jbklVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEVCZAAwQB
wypyMA0EAgACMAcDBQAqAFCAMA0GCSqGSIb3DQEBCwUAA4IBAQB9OXCWVE0swrax
t6+jfugUMZJ/tir4p1lVdngVjEEpIvyJBUFQCxZ/NwnqmkFE2FYnh0m7gRcJ16Ix
DoOWSfKeyisheJuLiSZX3xZT6UGJg67qTdHImw2bxpPpXrhXrrjW7MDTpIGsyPWn
ILTBuDvLOIcgcym7JbsGR6j1v34ap0udeaHqfht3Hs2mJzbQHhK69egHeF2fXyUG
uROaTyjd6ClfDbVlZFJFLQFYqtyWDj+6OaY7uPeuErJOpQMmINrkfXHpLFNAsPvd
Tb9tHxcmximkrpNGfbsp7WUg1SV02mp66ucJ9ZAtDzw/034TsF9jWVxlxBQ5WCZk
2fqmGdYh
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:19 2023 by rpki-client on console.sobornost.net