Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/CLw3sFM8ehNxzyZfWNgPRduN9Os.roa
File: CLw3sFM8ehNxzyZfWNgPRduN9Os.roa (raw, json)
Hash identifier: JgayS0Sj+8fXYakLYdPWQfF6Vw/rXlWs42Z84yQ8K9E=
Subject key identifier: 08:BC:37:B0:53:3C:7A:13:71:CF:26:5F:58:D8:0F:45:DB:8D:F4:EB
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 018611F58A2D1FF4DA4A072AA1617FDF8FA1
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/CLw3sFM8ehNxzyZfWNgPRduN9Os.roa
Signing time: Thu 02 Feb 2023 11:49:09 +0000
ROA not before: Thu 02 Feb 2023 11:49:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41789
IP address blocks: 45.82.14.0/23 maxlen: 23
185.244.48.0/24 maxlen: 24
185.244.51.0/24 maxlen: 24
193.111.250.0/24 maxlen: 24
185.250.44.0/23 maxlen: 23
185.250.46.0/23 maxlen: 23
193.39.168.0/24 maxlen: 24
193.39.171.0/24 maxlen: 24
194.187.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:11:f5:8a:2d:1f:f4:da:4a:07:2a:a1:61:7f:df:8f:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Feb 2 11:49:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=08bc37b0533c7a1371cf265f58d80f45db8df4eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:da:82:d4:20:e1:6d:91:58:71:a7:7d:bb:44:
84:43:7a:37:f1:fd:9d:ad:09:c3:e7:d4:43:12:25:
e1:26:a0:e7:ae:78:f3:d9:24:8d:82:0c:06:c9:6d:
c7:20:1d:3b:16:48:2f:8a:43:4f:e0:57:41:e9:ef:
fd:43:0f:78:0c:9c:38:d2:fd:81:69:43:b0:51:23:
3a:0f:68:30:7f:ad:31:34:fb:a0:ad:d9:58:d0:74:
95:97:51:ab:74:36:61:19:06:50:96:05:be:ef:3c:
06:52:9f:b6:a7:53:96:76:36:1c:75:d6:fd:0d:02:
49:d7:74:67:f4:b4:cc:a4:b6:05:af:cc:70:af:4c:
78:55:d9:58:a5:82:2c:70:28:e4:39:d1:37:12:5b:
30:18:3b:91:5c:a8:92:73:04:69:e2:a5:c7:63:32:
a8:54:50:44:12:e8:6c:7d:06:98:d6:aa:4a:96:07:
69:40:c0:c8:f5:43:75:80:44:22:c4:4a:07:12:43:
b4:13:ef:b4:47:c3:67:05:ff:62:cd:de:5f:e9:a6:
1b:b9:cc:79:94:09:96:af:1e:1a:64:d5:cd:5c:28:
0e:a1:e5:f1:5e:92:cc:d5:fd:1a:b0:2a:99:62:ca:
ca:16:6c:32:cf:8e:29:b3:7c:51:ea:af:be:ca:89:
58:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:BC:37:B0:53:3C:7A:13:71:CF:26:5F:58:D8:0F:45:DB:8D:F4:EB
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/CLw3sFM8ehNxzyZfWNgPRduN9Os.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.82.14.0/23
185.244.48.0/24
185.244.51.0/24
185.250.44.0/22
193.39.168.0/24
193.39.171.0/24
193.111.250.0/24
194.187.120.0/24
Signature Algorithm: sha256WithRSAEncryption
b0:bc:a9:b4:73:14:76:30:d1:39:06:7f:7f:cb:fc:2a:af:f5:
bf:f1:99:a9:20:6e:30:e5:64:1e:26:7c:e1:d0:52:1d:99:8d:
83:e7:a3:70:aa:0d:89:24:8a:59:90:d4:d0:ac:01:8c:82:e8:
bc:84:01:4a:8a:43:06:92:a1:1f:07:d8:c1:a0:9e:e2:4d:ce:
f2:8c:c1:26:11:4d:d1:63:a8:11:c3:de:99:e8:18:a9:92:a1:
bd:9c:67:c9:c2:4a:2b:5f:6e:bb:29:91:11:8d:2b:2b:ae:b0:
14:5f:73:5f:84:68:87:00:28:86:f0:1f:84:30:8e:f8:21:68:
b1:ae:99:8f:c5:25:7e:4b:de:ad:da:77:02:fa:21:5b:39:c7:
f6:eb:b8:6c:f4:2f:85:4f:2e:29:3d:cf:ad:e2:b9:df:2d:cf:
29:0e:de:0f:fd:31:c7:b1:68:2b:54:36:ee:67:bf:59:0a:f7:
52:a3:6c:00:78:4f:dc:80:45:b2:fd:89:ea:3f:c9:39:ae:19:
8c:49:f8:d3:99:70:43:c8:9f:d2:a9:06:ec:a6:06:4d:14:2d:
b6:84:0c:cf:4b:af:c0:f8:c3:48:5b:40:33:d9:10:54:4d:1e:
a2:07:3e:b7:e5:38:ab:5e:af:98:a0:ab:5c:7b:5c:ea:66:46:
69:f0:5b:4b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYYR9YotH/TaSgcqoWF/34+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjMwMjAyMTE0OTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGJjMzdiMDUzM2M3YTEzNzFjZjI2NWY1OGQ4MGY0NWRiOGRmNGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitqC1CDhbZFYcad9u0SEQ3o38f2d
rQnD59RDEiXhJqDnrnjz2SSNggwGyW3HIB07FkgvikNP4FdB6e/9Qw94DJw40v2B
aUOwUSM6D2gwf60xNPugrdlY0HSVl1GrdDZhGQZQlgW+7zwGUp+2p1OWdjYcddb9
DQJJ13Rn9LTMpLYFr8xwr0x4VdlYpYIscCjkOdE3ElswGDuRXKiScwRp4qXHYzKo
VFBEEuhsfQaY1qpKlgdpQMDI9UN1gEQixEoHEkO0E++0R8NnBf9izd5f6aYbucx5
lAmWrx4aZNXNXCgOoeXxXpLM1f0asCqZYsrKFmwyz44ps3xR6q++yolY+QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAi8N7BTPHoTcc8mX1jYD0XbjfTrMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvQ0x3M3NGTThlaE54enlaZldOZ1BSZHVOOU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBLVIOAwQA
ufQwAwQAufQzAwQCufosAwQAwSeoAwQAwSerAwQAwW/6AwQAwrt4MA0GCSqGSIb3
DQEBCwUAA4IBAQCwvKm0cxR2MNE5Bn9/y/wqr/W/8ZmpIG4w5WQeJnzh0FIdmY2D
56Nwqg2JJIpZkNTQrAGMgui8hAFKikMGkqEfB9jBoJ7iTc7yjMEmEU3RY6gRw96Z
6BipkqG9nGfJwkorX267KZERjSsrrrAUX3NfhGiHACiG8B+EMI74IWixrpmPxSV+
S96t2ncC+iFbOcf267hs9C+FTy4pPc+t4rnfLc8pDt4P/THHsWgrVDbuZ79ZCvdS
o2wAeE/cgEWy/YnqP8k5rhmMSfjTmXBDyJ/SqQbspgZNFC22hAzPS6/A+MNIW0Az
2RBUTR6iBz635TirXq+YoKtce1zqZkZp8FtL
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:38 2023 by rpki-client on console.sobornost.net