Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CiYVFcXem37XmuZFENlBQkAXGuk.roa
File: CiYVFcXem37XmuZFENlBQkAXGuk.roa (raw, json)
Hash identifier: cQgyWuUvOokNgeLQIT02GZvVHWJI0BB8pQbPYjnhOTg=
Subject key identifier: 0A:26:15:15:C5:DE:9B:7E:D7:9A:E6:45:10:D9:41:42:40:17:1A:E9
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 0184C2D5C7B8CC9738CAC589795B0C6181E7
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CiYVFcXem37XmuZFENlBQkAXGuk.roa
Signing time: Tue 29 Nov 2022 10:01:40 +0000
ROA not before: Tue 29 Nov 2022 10:01:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202228
IP address blocks: 94.240.52.0/24 maxlen: 24
94.240.53.0/24 maxlen: 24
94.240.54.0/24 maxlen: 24
94.240.55.0/24 maxlen: 24
94.240.60.0/24 maxlen: 24
94.240.61.0/24 maxlen: 24
91.106.26.0/23 maxlen: 23
91.106.26.0/24 maxlen: 24
91.106.27.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:c2:d5:c7:b8:cc:97:38:ca:c5:89:79:5b:0c:61:81:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Nov 29 10:01:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0a261515c5de9b7ed79ae64510d9414240171ae9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:59:a8:ab:76:3b:99:52:3e:99:c9:a4:97:b4:
82:ab:46:2e:5e:4f:45:4b:4c:84:2f:9a:88:b8:5f:
71:44:7b:ee:20:37:16:12:17:9d:a4:d1:5d:97:1f:
84:93:9d:4d:5b:b9:2a:a5:c2:e6:0d:ed:51:9d:d0:
e6:b9:60:8f:86:cf:d8:43:49:13:0f:cc:56:f4:12:
f6:99:5b:15:45:52:e5:40:be:93:22:58:ba:3a:45:
21:7c:31:7a:72:79:80:09:6f:66:50:08:6b:b9:43:
87:7f:5c:41:d4:0e:27:b2:9d:5e:e9:7e:50:e4:e5:
dd:9b:a6:1b:f3:ee:f6:b7:ee:ad:b7:5a:9e:64:37:
e7:68:38:02:5b:51:bb:11:f3:fc:1d:f9:27:6b:7a:
56:68:31:20:08:4e:80:9c:1c:6a:40:9a:ae:86:96:
fd:4b:52:c4:55:75:65:03:87:7b:45:15:a7:90:0a:
2e:37:67:3d:5c:09:91:22:af:ee:69:c5:75:88:7c:
41:12:42:6a:47:02:ab:09:57:a1:7c:2b:34:93:67:
29:89:1c:0c:be:99:2f:f2:8e:81:4d:c2:ba:d1:36:
00:f9:b4:ce:6d:b6:3b:c3:a1:99:78:2c:4c:49:c6:
7c:81:1c:8a:3e:ee:40:af:36:02:c5:79:49:d3:ae:
4b:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:26:15:15:C5:DE:9B:7E:D7:9A:E6:45:10:D9:41:42:40:17:1A:E9
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/CiYVFcXem37XmuZFENlBQkAXGuk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.26.0/23
94.240.52.0/22
94.240.60.0/23
Signature Algorithm: sha256WithRSAEncryption
94:77:73:b0:61:df:01:05:6d:7d:99:03:35:c2:c6:ad:2c:b6:
a3:99:29:c2:c4:a7:08:19:99:84:56:69:98:95:7e:30:9f:0d:
2d:9f:27:99:a9:f2:a6:7e:e4:fb:9d:a1:1e:97:25:c1:16:9d:
d7:84:33:1d:6e:cb:db:aa:c0:b4:98:06:df:22:c2:14:a9:58:
41:42:af:9f:33:09:cd:c6:20:18:be:fa:53:37:32:49:60:15:
47:05:c7:e1:37:80:66:68:de:76:0a:36:6b:4d:27:1d:43:f6:
81:0a:b5:26:88:b9:ef:10:b5:a9:6d:ac:9e:38:cd:df:73:0d:
86:69:34:b6:ad:76:af:a6:1a:09:08:cb:03:18:bb:27:fc:dd:
5f:8c:42:e0:6d:f4:ee:c7:52:d1:d7:0f:17:45:7f:43:6c:ff:
e1:34:a4:e4:be:6d:cb:f3:75:99:84:87:30:2f:65:c3:77:96:
05:a5:48:35:cd:f4:41:df:11:88:4a:e5:98:0a:19:30:e4:af:
55:d5:1b:4b:ba:94:f2:7a:d4:d5:17:a3:c7:5a:da:c5:ac:f3:
be:8c:a3:61:b8:96:e7:df:ad:41:16:35:71:c6:02:c7:07:cf:
89:ce:6d:02:fb:eb:00:d5:43:95:b2:d1:6c:47:d3:f6:56:c7:
27:9e:a9:cf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYTC1ce4zJc4ysWJeVsMYYHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjIxMTI5MTAwMTQwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTI2MTUxNWM1ZGU5YjdlZDc5YWU2NDUxMGQ5NDE0MjQwMTcxYWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylmoq3Y7mVI+mcmkl7SCq0YuXk9F
S0yEL5qIuF9xRHvuIDcWEhedpNFdlx+Ek51NW7kqpcLmDe1RndDmuWCPhs/YQ0kT
D8xW9BL2mVsVRVLlQL6TIli6OkUhfDF6cnmACW9mUAhruUOHf1xB1A4nsp1e6X5Q
5OXdm6Yb8+72t+6tt1qeZDfnaDgCW1G7EfP8Hfkna3pWaDEgCE6AnBxqQJquhpb9
S1LEVXVlA4d7RRWnkAouN2c9XAmRIq/uacV1iHxBEkJqRwKrCVehfCs0k2cpiRwM
vpkv8o6BTcK60TYA+bTObbY7w6GZeCxMScZ8gRyKPu5ArzYCxXlJ065LgwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAomFRXF3pt+15rmRRDZQUJAFxrpMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvQ2lZVkZjWGVtMzdYbXVaRkVObEJRa0FYR3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW2oaAwQC
XvA0AwQBXvA8MA0GCSqGSIb3DQEBCwUAA4IBAQCUd3OwYd8BBW19mQM1wsatLLaj
mSnCxKcIGZmEVmmYlX4wnw0tnyeZqfKmfuT7naEelyXBFp3XhDMdbsvbqsC0mAbf
IsIUqVhBQq+fMwnNxiAYvvpTNzJJYBVHBcfhN4BmaN52CjZrTScdQ/aBCrUmiLnv
ELWpbayeOM3fcw2GaTS2rXavphoJCMsDGLsn/N1fjELgbfTux1LR1w8XRX9DbP/h
NKTkvm3L83WZhIcwL2XDd5YFpUg1zfRB3xGISuWYChkw5K9V1RtLupTyetTVF6PH
WtrFrPO+jKNhuJbn361BFjVxxgLHB8+Jzm0C++sA1UOVstFsR9P2VscnnqnP
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:13 2023 by rpki-client on console.sobornost.net