Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/O_47uL52dtDdD0FZj83E4f7IZcs.roa
File: O_47uL52dtDdD0FZj83E4f7IZcs.roa (raw, json)
Hash identifier: gYRtePuYsuAiIvhVx94XSVGkhbLa/TqVTYrm8nYX64Y=
Subject key identifier: 3B:FE:3B:B8:BE:76:76:D0:DD:0F:41:59:8F:CD:C4:E1:FE:C8:65:CB
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 01856D386C4E268814450A906935EFD66F21
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/O_47uL52dtDdD0FZj83E4f7IZcs.roa
Signing time: Sun 01 Jan 2023 12:04:52 +0000
ROA not before: Sun 01 Jan 2023 12:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209372
IP address blocks: 78.136.196.0/22 maxlen: 24
78.136.202.0/23 maxlen: 24
88.204.40.0/23 maxlen: 24
78.136.200.0/23 maxlen: 24
88.204.44.0/23 maxlen: 24
88.204.42.0/23 maxlen: 24
78.136.204.0/24 maxlen: 24
88.204.46.0/23 maxlen: 24
78.136.252.0/23 maxlen: 24
78.136.248.0/23 maxlen: 24
78.136.250.0/23 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:38:6c:4e:26:88:14:45:0a:90:69:35:ef:d6:6f:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Jan 1 12:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3bfe3bb8be7676d0dd0f41598fcdc4e1fec865cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:83:73:b5:68:7d:77:87:c5:4e:d9:92:34:64:
61:51:b2:b5:12:26:5f:6c:39:b7:6a:16:89:f6:6e:
91:ca:d1:23:6d:46:b6:9b:3e:7d:34:fe:4b:7b:c8:
a1:15:e5:16:a0:d5:65:fe:8b:55:bd:68:31:01:d8:
1d:33:28:97:13:91:41:fa:97:2f:b2:25:76:2a:4e:
df:95:09:81:4d:cf:02:a5:62:95:43:26:03:00:94:
89:11:07:1e:e8:41:76:f8:94:8e:3f:9d:65:d4:94:
ff:28:03:95:99:6a:3c:91:74:00:02:fd:12:33:47:
cc:d7:11:1d:73:ef:b4:e6:e9:1c:ab:8a:92:bd:f5:
b0:35:72:91:0f:86:1c:10:36:10:77:09:22:cd:25:
5f:ae:db:54:fd:4d:2b:69:23:fe:ed:b3:64:c2:37:
a7:cb:8e:fb:47:64:46:9f:34:56:50:6c:17:48:eb:
82:44:d5:2b:85:82:a9:3e:af:26:d8:ed:fa:eb:03:
10:5d:43:a9:0f:a7:ec:48:0e:00:d2:3b:60:18:47:
0a:fc:1a:12:b8:f3:34:0b:2d:72:fb:40:7d:e9:e0:
bd:9d:90:75:07:cd:fb:88:20:16:05:8c:16:b9:48:
9b:9c:a5:cb:bd:87:98:2d:03:1c:a5:67:3c:f2:36:
e4:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:FE:3B:B8:BE:76:76:D0:DD:0F:41:59:8F:CD:C4:E1:FE:C8:65:CB
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/O_47uL52dtDdD0FZj83E4f7IZcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.196.0-78.136.204.255
78.136.248.0-78.136.254.255
88.204.40.0/21
Signature Algorithm: sha256WithRSAEncryption
49:22:7e:07:ec:4a:33:af:99:41:7b:a4:00:e4:ba:1b:1d:2a:
80:b9:ff:d1:13:7d:17:78:d2:0b:97:13:c2:1e:91:4c:10:91:
2a:1d:af:f7:00:92:68:6e:b9:83:7c:b1:35:91:dd:53:2f:bb:
60:e0:db:22:45:32:b8:9a:10:99:b6:8c:eb:ca:3c:23:b3:62:
bb:ea:f4:bf:ef:ff:85:c5:5d:09:4c:c0:50:06:1d:e3:e6:ba:
a7:e9:c8:4e:94:34:a3:a4:2c:ca:ba:04:07:da:28:ac:80:03:
3f:06:c5:47:b3:71:f9:66:f1:bf:a7:dd:54:25:99:f8:49:7b:
76:f0:ad:44:7b:b9:a8:d0:e4:08:e7:36:4f:aa:6f:8f:a8:dc:
cb:d0:27:f0:c1:16:15:dd:3a:13:0a:38:18:ec:24:fa:53:1d:
a2:b3:2e:3f:c5:b4:78:64:fc:0a:7d:be:6b:76:66:44:c0:5e:
94:a7:da:b6:b1:5f:0e:ea:06:54:a9:24:a5:33:e2:38:33:18:
ef:7e:93:af:0d:bd:86:f9:b3:69:c9:61:d8:0f:8d:1d:f2:ff:
ae:a3:27:43:20:f8:72:6b:2e:2e:fb:d1:60:07:14:07:13:19:
32:2f:9d:41:ac:e7:81:f2:ab:e0:10:20:6f:25:c2:c8:12:48:
75:a8:92:70
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVtOGxOJogURQqQaTXv1m8hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMwMTAxMTIwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmZlM2JiOGJlNzY3NmQwZGQwZjQxNTk4ZmNkYzRlMWZlYzg2NWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4NztWh9d4fFTtmSNGRhUbK1EiZf
bDm3ahaJ9m6RytEjbUa2mz59NP5Le8ihFeUWoNVl/otVvWgxAdgdMyiXE5FB+pcv
siV2Kk7flQmBTc8CpWKVQyYDAJSJEQce6EF2+JSOP51l1JT/KAOVmWo8kXQAAv0S
M0fM1xEdc++05ukcq4qSvfWwNXKRD4YcEDYQdwkizSVfrttU/U0raSP+7bNkwjen
y477R2RGnzRWUGwXSOuCRNUrhYKpPq8m2O366wMQXUOpD6fsSA4A0jtgGEcK/BoS
uPM0Cy1y+0B96eC9nZB1B837iCAWBYwWuUibnKXLvYeYLQMcpWc88jbkzwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFDv+O7i+dnbQ3Q9BWY/NxOH+yGXLMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvT180N3VMNTJkdERkRDBGWmo4M0U0ZjdJWmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAJOiMQD
BABOiMwwDAMEA06I+AMEAE6I/gMEA1jMKDANBgkqhkiG9w0BAQsFAAOCAQEASSJ+
B+xKM6+ZQXukAOS6Gx0qgLn/0RN9F3jSC5cTwh6RTBCRKh2v9wCSaG65g3yxNZHd
Uy+7YODbIkUyuJoQmbaM68o8I7Niu+r0v+//hcVdCUzAUAYd4+a6p+nITpQ0o6Qs
yroEB9oorIADPwbFR7Nx+Wbxv6fdVCWZ+El7dvCtRHu5qNDkCOc2T6pvj6jcy9An
8MEWFd06Ewo4GOwk+lMdorMuP8W0eGT8Cn2+a3ZmRMBelKfatrFfDuoGVKkkpTPi
ODMY736Trw29hvmzaclh2A+NHfL/rqMnQyD4cmsuLvvRYAcUBxMZMi+dQazngfKr
4BAgbyXCyBJIdaiScA==
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:56 2023 by rpki-client on console.sobornost.net