Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rkEYIKeiqE0mwIjutAAgwcgQAzE.roa
File: rkEYIKeiqE0mwIjutAAgwcgQAzE.roa (raw, json)
Hash identifier: 4FlVtqyX6i2r0DgrvR4y/f9jfRm0mWkqCzaBzVsrn00=
Subject key identifier: AE:41:18:20:A7:A2:A8:4D:26:C0:88:EE:B4:00:20:C1:C8:10:03:31
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 14C651B2
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rkEYIKeiqE0mwIjutAAgwcgQAzE.roa
Signing time: Sat 01 Jan 2022 05:55:46 +0000
ROA not before: Sat 01 Jan 2022 05:55:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12513
IP address blocks: 82.153.128.0/18 maxlen: 18
194.46.80.0/20 maxlen: 20
109.176.0.0/16 maxlen: 16
212.104.128.0/19 maxlen: 19
194.46.32.0/19 maxlen: 19
91.84.0.0/15 maxlen: 15
82.153.240.0/21 maxlen: 21
194.46.64.0/19 maxlen: 19
81.168.0.0/17 maxlen: 17
81.5.128.0/18 maxlen: 18
82.152.0.0/16 maxlen: 16
82.153.192.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
213.152.32.0/19 maxlen: 19
212.108.88.0/22 maxlen: 22
82.153.0.0/17 maxlen: 17
82.153.0.0/16 maxlen: 16
82.153.224.0/20 maxlen: 20
2a02:c2c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 348541362 (0x14c651b2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 1 05:55:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ae411820a7a2a84d26c088eeb40020c1c8100331
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:13:6b:46:31:42:73:87:2f:7b:33:91:e5:fe:
88:30:8b:05:b2:88:a8:ad:73:29:c5:7b:50:22:a8:
42:ff:ab:d0:c6:93:39:1d:07:a8:01:0f:b1:8a:4a:
51:9c:88:32:35:c8:33:77:80:bd:45:04:36:2d:ce:
73:48:b6:ba:94:5e:96:ba:ef:49:25:72:11:6e:d0:
92:fb:97:e8:02:04:55:a4:00:b5:1d:8c:25:4b:0a:
a3:08:c0:4d:ce:b2:c5:08:2c:41:26:0a:47:bc:5c:
4d:a0:9e:aa:3b:87:a6:29:84:af:05:dc:d6:2a:0c:
3e:e0:09:e6:5f:cb:cb:25:bb:51:7c:02:94:fc:b1:
a7:e2:2a:cc:0c:5d:23:3c:e4:b1:c6:3e:83:71:8f:
0a:d4:cb:b3:7a:f8:c0:33:87:cb:ae:b6:b7:20:0f:
85:a3:1f:a9:69:0b:cb:8e:18:3b:29:96:9d:da:b5:
2c:b9:ed:9c:6b:79:70:20:71:77:4a:f2:8c:64:23:
47:3b:ee:bb:cb:00:85:c9:b1:d7:73:26:15:12:38:
e3:2e:fd:fb:e9:71:f9:eb:94:c0:bb:f4:f1:c7:d7:
5e:f2:41:4d:49:0d:b8:95:0f:f2:6e:ca:30:8b:14:
07:57:68:46:b9:69:59:a2:be:12:21:55:de:38:88:
9a:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:41:18:20:A7:A2:A8:4D:26:C0:88:EE:B4:00:20:C1:C8:10:03:31
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rkEYIKeiqE0mwIjutAAgwcgQAzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.128.0/18
81.168.0.0/17
82.152.0.0/15
91.84.0.0/15
109.176.0.0/16
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
213.152.32.0/19
IPv6:
2a02:c2c0::/29
Signature Algorithm: sha256WithRSAEncryption
1a:8d:64:8c:93:2d:ed:60:0a:43:5c:07:c2:6a:1b:d0:33:fa:
92:dd:c2:22:9e:63:14:50:5e:f6:7a:6c:5c:b5:e0:95:3d:d1:
0d:e9:1f:a6:65:cf:20:ee:f0:aa:2a:28:c3:85:7f:78:1f:8a:
c0:82:47:5c:59:4d:eb:d9:b0:0b:47:d7:f9:db:b9:cc:4d:7a:
88:74:f5:7c:82:95:fd:93:b3:e9:cb:5a:b1:a5:54:57:b2:99:
88:23:69:1d:f5:b5:06:2c:77:5e:bf:af:cf:d2:dd:cd:00:13:
ed:dc:0c:7a:a2:ca:70:8e:fd:43:87:0b:fa:47:66:a5:db:14:
e0:53:13:e9:ae:d3:c7:a9:e6:47:64:fb:47:32:82:cc:fb:6e:
0f:2d:46:01:d7:ec:19:5d:6f:08:66:c9:7c:23:08:cb:18:cc:
55:c5:1f:88:6a:5d:7d:ad:bd:86:36:06:e4:6c:09:61:8a:47:
a4:5f:ac:20:df:9b:79:f7:af:45:7a:df:fd:ab:c7:d3:55:0f:
bd:71:c0:a5:29:33:0e:77:04:5c:8b:aa:28:62:76:d2:41:67:
58:2c:68:48:1c:7b:67:05:c1:b4:c6:d7:c3:d7:27:a8:79:24:
19:c0:5b:a9:55:51:1a:57:75:9b:56:56:00:45:38:d3:bc:f9:
fd:89:e1:4c
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIEFMZRsjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZGQzNTM5MzM2NzRhNTYwOGY2ZDFlZTJkYWI0ZjY0YzhiZmY4ZjM5MB4XDTIyMDEw
MTA1NTU0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWU0MTE4MjBhN2Ey
YTg0ZDI2YzA4OGVlYjQwMDIwYzFjODEwMDMzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKoTa0YxQnOHL3szkeX+iDCLBbKIqK1zKcV7UCKoQv+r0MaT
OR0HqAEPsYpKUZyIMjXIM3eAvUUENi3Oc0i2upRelrrvSSVyEW7QkvuX6AIEVaQA
tR2MJUsKowjATc6yxQgsQSYKR7xcTaCeqjuHpimErwXc1ioMPuAJ5l/LyyW7UXwC
lPyxp+IqzAxdIzzkscY+g3GPCtTLs3r4wDOHy662tyAPhaMfqWkLy44YOymWndq1
LLntnGt5cCBxd0ryjGQjRzvuu8sAhcmx13MmFRI44y79++lx+euUwLv08cfXXvJB
TUkNuJUP8m7KMIsUB1doRrlpWaK+EiFV3jiImmcCAwEAAaOCAlUwggJRMB0GA1Ud
DgQWBBSuQRggp6KoTSbAiO60ACDByBADMTAfBgNVHSMEGDAWgBSt01OTNnSlYI9t
HuLatPZMi/+POTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3JkTlRrelowcFdDUGJSN2kyclQyVEl2X2p6ay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2MvNDhiNDA3LTZkOTQtNDlhZS1hM2Q4LTcyYzgzMTI4NzYxYi8x
L3JrRVlJS2VpcUUwbXdJanV0QUFnd2NnUUF6RS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Mv
NDhiNDA3LTZkOTQtNDlhZS1hM2Q4LTcyYzgzMTI4NzYxYi8xL3JkTlRrelowcFdD
UGJSN2kyclQyVEl2X2p6ay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBr
BggrBgEFBQcBBwEB/wRcMFowSQQCAAEwQwMEBlEFgAMEB1GoAAMDAVKYAwMBW1QD
AwBtsDAMAwQFwi4gAwQFwi5AAwQF1GiAMAwDBATUbFADBALUbFgDBAXVmCAwDQQC
AAIwBwMFAyoCwsAwDQYJKoZIhvcNAQELBQADggEBABqNZIyTLe1gCkNcB8JqG9Az
+pLdwiKeYxRQXvZ6bFy14JU90Q3pH6ZlzyDu8KoqKMOFf3gfisCCR1xZTevZsAtH
1/nbucxNeoh09XyClf2Ts+nLWrGlVFeymYgjaR31tQYsd16/r8/S3c0AE+3cDHqi
ynCO/UOHC/pHZqXbFOBTE+mu08ep5kdk+0cygsz7bg8tRgHX7BldbwhmyXwjCMsY
zFXFH4hqXX2tvYY2BuRsCWGKR6RfrCDfm3n3r0V63/2rx9NVD71xwKUpMw53BFyL
qihidtJBZ1gsaEgce2cFwbTG18PXJ6h5JBnAW6lVURpXdZtWVgBFONO8+f2J4Uw=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:24 2023 by rpki-client on console.sobornost.net