Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/25EphgRbEr4RbNnVP8eOYLYhNvg.roa
File: 25EphgRbEr4RbNnVP8eOYLYhNvg.roa (raw, json)
Hash identifier: aUyxOoEH9Pnlyf4E94W5kpnnMIeHEG3zs0oELJEt1m4=
Subject key identifier: DB:91:29:86:04:5B:12:BE:11:6C:D9:D5:3F:C7:8E:60:B6:21:36:F8
Certificate issuer: /CN=58dd42ab3460279709c134b570f76e34e4d95b91
Certificate serial: 03C4A4B7
Authority key identifier: 58:DD:42:AB:34:60:27:97:09:C1:34:B5:70:F7:6E:34:E4:D9:5B:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WN1CqzRgJ5cJwTS1cPduNOTZW5E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/25EphgRbEr4RbNnVP8eOYLYhNvg.roa
Signing time: Sat 01 Jan 2022 03:57:52 +0000
ROA not before: Sat 01 Jan 2022 03:57:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29152
IP address blocks: 185.89.68.0/22 maxlen: 22
94.126.112.0/21 maxlen: 21
195.80.152.0/24 maxlen: 24
195.80.158.0/24 maxlen: 24
195.80.154.0/24 maxlen: 24
195.80.157.0/24 maxlen: 24
195.80.153.0/24 maxlen: 24
195.80.156.0/24 maxlen: 24
195.80.159.0/24 maxlen: 24
195.80.155.0/24 maxlen: 24
2a00:1b11:115::/48 maxlen: 48
2a00:1b11:116::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 63218871 (0x3c4a4b7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58dd42ab3460279709c134b570f76e34e4d95b91
Validity
Not Before: Jan 1 03:57:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=db912986045b12be116cd9d53fc78e60b62136f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:32:5a:db:08:4c:a7:f4:99:56:c5:2e:4a:9d:
f3:21:ad:b9:2f:6b:87:da:6d:b1:17:a5:26:ca:8e:
ba:52:43:7a:e5:91:5c:da:56:a9:aa:1c:8e:ec:46:
6f:86:ec:61:7b:f8:3e:75:d4:a7:c0:35:5f:76:52:
bd:b8:3b:34:0c:28:2c:d1:c9:a1:3c:75:24:12:02:
bb:76:dc:1d:4d:ae:0c:69:17:bf:5e:e5:19:a1:ad:
55:65:ab:c1:fe:94:b3:cb:ea:ef:62:f6:99:a3:40:
b0:d5:71:c3:1b:d6:ba:51:89:66:5d:2d:f2:bc:d5:
a6:5a:3c:98:46:c5:79:0a:ac:90:7a:2e:8e:ad:20:
9d:b9:6e:d5:6e:ee:10:f8:a0:0c:20:67:7c:82:e2:
ab:4c:fe:74:4c:e4:1c:26:ab:3c:f4:4b:75:19:c8:
f6:d7:d9:f6:6b:b2:95:ac:81:ee:5f:7b:1a:6d:2b:
94:7e:e9:4d:54:c7:18:63:fd:5f:35:17:97:49:09:
9d:11:ee:b4:ce:9b:ba:a7:d0:2a:8b:40:9d:41:1b:
f0:7f:d2:c8:87:25:d8:cb:fb:98:f7:30:e4:b1:bd:
d4:3c:7b:fa:ca:da:d8:46:e4:26:0c:a7:45:12:4e:
10:18:5f:ba:eb:9a:ce:73:27:39:e6:62:6d:2a:97:
45:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:91:29:86:04:5B:12:BE:11:6C:D9:D5:3F:C7:8E:60:B6:21:36:F8
X509v3 Authority Key Identifier:
keyid:58:DD:42:AB:34:60:27:97:09:C1:34:B5:70:F7:6E:34:E4:D9:5B:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WN1CqzRgJ5cJwTS1cPduNOTZW5E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/25EphgRbEr4RbNnVP8eOYLYhNvg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/WN1CqzRgJ5cJwTS1cPduNOTZW5E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.126.112.0/21
185.89.68.0/22
195.80.152.0/21
IPv6:
2a00:1b11:115::-2a00:1b11:116:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
8e:b7:dc:92:58:d8:2d:dd:7b:8e:53:10:d2:9a:95:b2:52:c3:
2e:53:be:97:c2:63:9b:23:87:88:61:aa:58:5e:08:80:97:d5:
fb:45:9d:a0:bd:e2:f6:9a:5a:11:4e:99:1e:b8:62:ad:94:90:
57:3b:64:2c:cb:1b:89:dd:c9:b3:65:83:d4:ee:52:a3:9c:ed:
15:2f:0d:61:2d:aa:5b:87:d1:96:3b:91:47:7e:46:0d:99:52:
d8:9d:6b:47:3f:41:a9:92:51:5f:a4:32:8e:89:52:f3:84:12:
88:36:3a:89:79:5b:9d:cd:3b:e8:df:5b:55:4d:10:46:f7:6c:
75:2a:97:6e:58:a2:ec:e8:db:8a:79:fa:f3:86:6d:36:ce:e0:
43:91:fe:05:4b:43:e1:46:a0:ee:9e:85:d5:26:ee:a2:37:b0:
74:e2:e8:9c:c1:b1:7a:d6:2b:06:39:be:ee:5d:5a:a8:2c:75:
e9:ee:2c:03:00:d2:e3:b5:6b:44:82:68:db:90:26:90:af:ac:
48:38:5c:cf:36:4f:f7:ae:51:c6:8d:9a:11:8e:af:35:ec:c7:
17:d6:10:0b:c1:cb:87:8b:3a:de:9b:6c:38:c3:03:36:ba:ea:
51:87:cb:a9:cf:3e:9b:40:8d:b3:fb:02:7c:aa:5f:c5:94:e9:
f8:ac:75:90
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIEA8SktzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
OGRkNDJhYjM0NjAyNzk3MDljMTM0YjU3MGY3NmUzNGU0ZDk1YjkxMB4XDTIyMDEw
MTAzNTc1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGI5MTI5ODYwNDVi
MTJiZTExNmNkOWQ1M2ZjNzhlNjBiNjIxMzZmODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJQyWtsITKf0mVbFLkqd8yGtuS9rh9ptsRelJsqOulJDeuWR
XNpWqaocjuxGb4bsYXv4PnXUp8A1X3ZSvbg7NAwoLNHJoTx1JBICu3bcHU2uDGkX
v17lGaGtVWWrwf6Us8vq72L2maNAsNVxwxvWulGJZl0t8rzVplo8mEbFeQqskHou
jq0gnblu1W7uEPigDCBnfILiq0z+dEzkHCarPPRLdRnI9tfZ9muylayB7l97Gm0r
lH7pTVTHGGP9XzUXl0kJnRHutM6buqfQKotAnUEb8H/SyIcl2Mv7mPcw5LG91Dx7
+sra2EbkJgynRRJOEBhfuuuaznMnOeZibSqXRdECAwEAAaOCAjEwggItMB0GA1Ud
DgQWBBTbkSmGBFsSvhFs2dU/x45gtiE2+DAfBgNVHSMEGDAWgBRY3UKrNGAnlwnB
NLVw92405NlbkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1dOMUNxelJnSjVjSndUUzFjUGR1Tk9UWlc1RS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjQvNDBiOGY2LTY4NWQtNGU4Ni05N2Q4LTZlMzEzNDdkMDRkOS8x
LzI1RXBoZ1JiRXI0UmJOblZQOGVPWUxZaE52Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjQv
NDBiOGY2LTY4NWQtNGU4Ni05N2Q4LTZlMzEzNDdkMDRkOS8xL1dOMUNxelJnSjVj
SndUUzFjUGR1Tk9UWlc1RS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBH
BggrBgEFBQcBBwEB/wQ4MDYwGAQCAAEwEgMEA15+cAMEArlZRAMEA8NQmDAaBAIA
AjAUMBIDBwAqABsRARUDBwAqABsRARYwDQYJKoZIhvcNAQELBQADggEBAI633JJY
2C3de45TENKalbJSwy5TvpfCY5sjh4hhqlheCICX1ftFnaC94vaaWhFOmR64Yq2U
kFc7ZCzLG4ndybNlg9TuUqOc7RUvDWEtqluH0ZY7kUd+Rg2ZUtida0c/QamSUV+k
Mo6JUvOEEog2Ool5W53NO+jfW1VNEEb3bHUql25Youzo24p5+vOGbTbO4EOR/gVL
Q+FGoO6ehdUm7qI3sHTi6JzBsXrWKwY5vu5dWqgsdenuLAMA0uO1a0SCaNuQJpCv
rEg4XM82T/euUcaNmhGOrzXsxxfWEAvBy4eLOt6bbDjDAza66lGHy6nPPptAjbP7
AnyqX8WU6fisdZA=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:05 2023 by rpki-client on console.sobornost.net