Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/V3HWOLD0pKVy5Wnf6AszvxqjYS8.roa
File: V3HWOLD0pKVy5Wnf6AszvxqjYS8.roa (raw, json)
Hash identifier: qHNuZTOZ1Pea3X1vgYsa6mgSihecQZ+iwKMGMme0ou8=
Subject key identifier: 57:71:D6:38:B0:F4:A4:A5:72:E5:69:DF:E8:0B:33:BF:1A:A3:61:2F
Certificate issuer: /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial: 0185708C9110F00F7042C88FA21DB5D20CA6
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/V3HWOLD0pKVy5Wnf6AszvxqjYS8.roa
Signing time: Mon 02 Jan 2023 03:35:38 +0000
ROA not before: Mon 02 Jan 2023 03:35:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3491
IP address blocks: 213.248.118.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:8c:91:10:f0:0f:70:42:c8:8f:a2:1d:b5:d2:0c:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Validity
Not Before: Jan 2 03:35:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5771d638b0f4a4a572e569dfe80b33bf1aa3612f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:9b:ac:fa:a5:01:49:55:c0:8e:12:66:a0:8b:
70:ac:b0:cd:f9:ad:87:43:c6:b6:f6:4b:42:8f:92:
c3:f2:64:de:e8:82:91:f6:eb:46:a6:0a:25:54:3a:
b8:19:b9:fa:e5:97:35:79:97:14:0f:b4:57:62:82:
42:3b:5b:08:68:38:51:af:65:4b:89:e5:c8:71:c3:
79:f3:3f:c4:22:d7:ca:5b:6e:0b:ef:53:d3:5e:c4:
cb:1e:6d:ce:8b:c5:d7:4a:2d:80:bb:f5:4c:ce:61:
dc:07:67:1d:5a:d5:24:37:ee:5d:82:b8:44:5f:8d:
c9:e0:b1:7f:43:38:06:25:50:b2:d1:b5:79:da:5c:
3b:46:9d:3e:fc:9a:3e:38:2b:b3:ae:1b:8b:14:6c:
31:fe:d5:0b:9b:5e:ef:0e:d9:d8:b2:bb:f9:22:c5:
ba:48:da:41:43:19:c5:5c:2d:9c:22:be:f0:8f:53:
e6:f1:f7:63:8d:10:e4:3f:68:cf:31:f4:34:1c:78:
31:03:3e:15:93:e1:55:15:3f:20:77:e9:20:eb:a0:
6b:46:7c:ff:d1:04:f8:6c:bc:6c:b8:97:73:53:1b:
0f:aa:8a:ac:58:b9:29:a7:88:a4:5c:f9:fd:bb:59:
5b:db:f2:b3:19:78:fd:88:aa:3e:59:88:60:07:e2:
70:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:71:D6:38:B0:F4:A4:A5:72:E5:69:DF:E8:0B:33:BF:1A:A3:61:2F
X509v3 Authority Key Identifier:
keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/V3HWOLD0pKVy5Wnf6AszvxqjYS8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.248.118.0/23
Signature Algorithm: sha256WithRSAEncryption
0b:77:be:49:b6:b3:fb:c6:43:40:ab:ae:f6:78:08:61:c0:b4:
90:7b:c8:e2:4f:cc:09:5a:24:8e:2c:cb:f1:03:11:9e:18:37:
d0:2d:c7:d8:cf:03:af:77:59:56:4b:f1:8a:72:47:b6:2e:12:
25:b7:76:16:01:48:17:9f:f9:81:14:cb:b9:6b:9d:72:43:03:
92:42:0f:77:e1:47:71:cf:75:84:e6:2b:76:0c:14:15:c0:00:
14:d0:27:7b:f3:a2:b8:4e:7f:f3:c5:a1:c0:4d:13:8c:dc:f5:
57:76:6e:a0:bd:70:2d:bd:3e:19:0d:f0:43:7f:0f:f3:d3:f0:
b8:02:0d:cf:4f:5e:22:36:25:0a:1f:df:bb:4a:28:a9:c1:b9:
bb:79:bc:b4:0f:ba:65:70:34:5e:eb:6b:04:2c:05:75:e3:33:
59:1e:5c:66:ba:5e:82:75:b3:8d:21:fc:33:9b:82:3e:0f:20:
18:75:fc:09:dd:0b:05:6f:0e:cd:84:81:5a:63:37:68:81:8a:
fc:2c:f4:3f:89:d1:c6:91:c7:f7:72:7e:2e:50:2b:55:cc:1f:
41:8b:9c:c2:61:17:71:e1:9a:b1:b0:ea:81:b7:13:aa:ea:ed:
05:3c:ec:e5:22:d9:6c:71:d0:12:e9:55:0a:ed:76:e7:1a:50:
bd:83:d4:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwjJEQ8A9wQsiPoh210gymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjMwMTAyMDMzNTM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzcxZDYzOGIwZjRhNGE1NzJlNTY5ZGZlODBiMzNiZjFhYTM2MTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJus+qUBSVXAjhJmoItwrLDN+a2H
Q8a29ktCj5LD8mTe6IKR9utGpgolVDq4Gbn65Zc1eZcUD7RXYoJCO1sIaDhRr2VL
ieXIccN58z/EItfKW24L71PTXsTLHm3Oi8XXSi2Au/VMzmHcB2cdWtUkN+5dgrhE
X43J4LF/QzgGJVCy0bV52lw7Rp0+/Jo+OCuzrhuLFGwx/tULm17vDtnYsrv5IsW6
SNpBQxnFXC2cIr7wj1Pm8fdjjRDkP2jPMfQ0HHgxAz4Vk+FVFT8gd+kg66BrRnz/
0QT4bLxsuJdzUxsPqoqsWLkpp4ikXPn9u1lb2/KzGXj9iKo+WYhgB+Jw6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdx1jiw9KSlcuVp3+gLM78ao2EvMB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvVjNIV09MRDBwS1Z5NVduZjZBc3p2eHFqWVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1fh2MA0G
CSqGSIb3DQEBCwUAA4IBAQALd75JtrP7xkNAq672eAhhwLSQe8jiT8wJWiSOLMvx
AxGeGDfQLcfYzwOvd1lWS/GKcke2LhIlt3YWAUgXn/mBFMu5a51yQwOSQg934Udx
z3WE5it2DBQVwAAU0Cd786K4Tn/zxaHATROM3PVXdm6gvXAtvT4ZDfBDfw/z0/C4
Ag3PT14iNiUKH9+7Siipwbm7eby0D7plcDRe62sELAV14zNZHlxmul6CdbONIfwz
m4I+DyAYdfwJ3QsFbw7NhIFaYzdogYr8LPQ/idHGkcf3cn4uUCtVzB9Bi5zCYRdx
4ZqxsOqBtxOq6u0FPOzlItlscdAS6VUK7XbnGlC9g9Ry
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:04 2023 by rpki-client on console.sobornost.net