Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/nvvKHvPy1qFLGbM_OAt7xoZGfuA.roa
File: nvvKHvPy1qFLGbM_OAt7xoZGfuA.roa (raw, json)
Hash identifier: ciemTwO1JoKwryx9bOGgcYeK1p2HwTF9VwmgDvhdGe4=
Subject key identifier: 9E:FB:CA:1E:F3:F2:D6:A1:4B:19:B3:3F:38:0B:7B:C6:86:46:7E:E0
Certificate issuer: /CN=f28e0b758be73a1ddbfb517ee8b5e4f863a21f9e
Certificate serial: 01856CF83A0865E8ACF3AB90F7DC4837DCC2
Authority key identifier: F2:8E:0B:75:8B:E7:3A:1D:DB:FB:51:7E:E8:B5:E4:F8:63:A2:1F:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8o4LdYvnOh3b-1F-6LXk-GOiH54.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/nvvKHvPy1qFLGbM_OAt7xoZGfuA.roa
Signing time: Sun 01 Jan 2023 10:54:45 +0000
ROA not before: Sun 01 Jan 2023 10:54:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203393
IP address blocks: 185.238.29.0/24 maxlen: 24
185.136.84.0/24 maxlen: 24
185.136.85.0/24 maxlen: 24
185.136.87.0/24 maxlen: 24
185.136.86.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:f8:3a:08:65:e8:ac:f3:ab:90:f7:dc:48:37:dc:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f28e0b758be73a1ddbfb517ee8b5e4f863a21f9e
Validity
Not Before: Jan 1 10:54:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9efbca1ef3f2d6a14b19b33f380b7bc686467ee0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:2a:a7:95:58:be:8c:cd:6c:b7:3c:ed:d6:16:
ba:b6:64:ed:3f:08:86:c9:aa:2f:d5:6b:5e:54:7a:
da:20:02:98:d8:7e:ba:58:dd:f0:8b:68:f5:03:47:
6d:e9:30:c1:47:fd:23:f3:22:38:51:f7:06:ad:cd:
3b:ca:48:b9:28:99:37:a4:be:31:54:ac:db:c3:07:
3b:74:c5:e3:77:15:5c:7b:c4:9c:a8:64:68:aa:00:
c5:97:06:0f:7f:29:39:10:53:86:02:d7:e0:77:0a:
be:af:ac:55:fc:b5:d9:94:75:aa:14:8b:32:68:f0:
09:2d:e5:07:21:e8:80:d4:86:cd:c3:79:62:ee:63:
07:70:c1:f2:75:3f:31:1b:0f:f7:f0:cd:98:02:f2:
1c:28:25:23:75:35:b4:56:28:2f:f2:d7:c1:f4:c2:
a7:48:d0:35:e1:0e:2c:c4:85:19:92:43:ab:16:2f:
e5:c7:bb:5a:a9:39:d5:12:43:18:5e:31:f5:ee:e5:
fc:03:f7:a5:fe:da:21:06:f2:31:7d:95:0b:36:72:
0b:55:9a:9e:ae:9d:67:29:56:dc:55:94:d2:16:04:
1e:5e:63:56:c0:2a:b5:f2:a7:af:2f:cc:ef:b4:a7:
eb:50:bd:a2:d9:b4:62:1f:5f:11:80:34:21:9a:39:
95:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:FB:CA:1E:F3:F2:D6:A1:4B:19:B3:3F:38:0B:7B:C6:86:46:7E:E0
X509v3 Authority Key Identifier:
keyid:F2:8E:0B:75:8B:E7:3A:1D:DB:FB:51:7E:E8:B5:E4:F8:63:A2:1F:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8o4LdYvnOh3b-1F-6LXk-GOiH54.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/nvvKHvPy1qFLGbM_OAt7xoZGfuA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/08128a-690a-4f08-8865-69e3d0866ef6/1/8o4LdYvnOh3b-1F-6LXk-GOiH54.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.136.84.0/22
185.238.29.0/24
Signature Algorithm: sha256WithRSAEncryption
59:af:0d:80:84:a6:14:23:e3:1a:93:85:b6:b7:1a:d5:8c:38:
69:b8:2d:53:cd:14:cd:fc:50:9b:39:e2:aa:87:0f:86:0f:5f:
b7:0d:aa:d2:21:ce:54:f4:58:0f:e4:09:ec:5a:fc:2f:21:c4:
89:1d:6b:42:7d:f8:67:86:92:d7:c8:dc:68:7c:ad:cf:15:00:
84:33:f4:ec:fb:99:ca:91:ce:31:0a:08:0e:94:99:e4:18:d3:
a4:99:08:f6:79:78:38:4e:ae:83:56:ce:c0:f4:6f:07:d4:9c:
ed:0e:7a:2c:0f:dc:66:b0:95:cc:84:41:13:c8:27:7a:9f:9c:
f6:a7:50:03:1d:58:cf:8e:87:23:5e:cc:e6:5a:81:80:62:bb:
55:d7:fd:41:93:d4:25:4b:17:2c:7d:81:42:06:7b:f6:7d:21:
fe:2f:8b:1d:32:45:d0:91:71:d0:51:6a:98:62:4d:17:a2:44:
0a:70:50:51:b7:7c:24:a4:31:9d:39:89:81:cd:22:ba:b9:6b:
85:c6:a8:55:a8:a4:99:3d:66:9d:71:2d:6b:65:f7:d2:12:02:
34:7b:2e:28:41:45:88:3c:07:1b:5e:22:fb:06:d7:32:8c:8b:
a2:d5:c9:08:e7:74:de:7e:97:fd:d8:a3:98:bd:61:00:78:93:
99:69:3a:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVs+DoIZeis86uQ99xIN9zCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyOGUwYjc1OGJlNzNhMWRkYmZiNTE3ZWU4YjVlNGY4NjNh
MjFmOWUwHhcNMjMwMTAxMTA1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWZiY2ExZWYzZjJkNmExNGIxOWIzM2YzODBiN2JjNjg2NDY3ZWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCqnlVi+jM1stzzt1ha6tmTtPwiG
yaov1WteVHraIAKY2H66WN3wi2j1A0dt6TDBR/0j8yI4UfcGrc07yki5KJk3pL4x
VKzbwwc7dMXjdxVce8ScqGRoqgDFlwYPfyk5EFOGAtfgdwq+r6xV/LXZlHWqFIsy
aPAJLeUHIeiA1IbNw3li7mMHcMHydT8xGw/38M2YAvIcKCUjdTW0Vigv8tfB9MKn
SNA14Q4sxIUZkkOrFi/lx7taqTnVEkMYXjH17uX8A/el/tohBvIxfZULNnILVZqe
rp1nKVbcVZTSFgQeXmNWwCq18qevL8zvtKfrUL2i2bRiH18RgDQhmjmVGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ77yh7z8tahSxmzPzgLe8aGRn7gMB8GA1UdIwQY
MBaAFPKOC3WL5zod2/tRfui15Phjoh+eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG80TGRZdm5PaDNiLTFGLTZMWGstR09pSDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wODEyOGEtNjkwYS00ZjA4LTg4NjUt
NjllM2QwODY2ZWY2LzEvbnZ2S0h2UHkxcUZMR2JNX09BdDd4b1pHZnVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wODEyOGEtNjkwYS00ZjA4LTg4NjUtNjllM2QwODY2ZWY2
LzEvOG80TGRZdm5PaDNiLTFGLTZMWGstR09pSDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYhUAwQA
ue4dMA0GCSqGSIb3DQEBCwUAA4IBAQBZrw2AhKYUI+Mak4W2txrVjDhpuC1TzRTN
/FCbOeKqhw+GD1+3DarSIc5U9FgP5AnsWvwvIcSJHWtCffhnhpLXyNxofK3PFQCE
M/Ts+5nKkc4xCggOlJnkGNOkmQj2eXg4Tq6DVs7A9G8H1JztDnosD9xmsJXMhEET
yCd6n5z2p1ADHVjPjocjXszmWoGAYrtV1/1Bk9QlSxcsfYFCBnv2fSH+L4sdMkXQ
kXHQUWqYYk0XokQKcFBRt3wkpDGdOYmBzSK6uWuFxqhVqKSZPWadcS1rZffSEgI0
ey4oQUWIPAcbXiL7BtcyjIui1ckI53Tefpf92KOYvWEAeJOZaTrq
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:24 2023 by rpki-client on console.sobornost.net